Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

danmex

[Resolvido!] Pc ta lento, e reiniciando sozinho

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

danmex    0

danmex
Postado

Boa Tarde DigRAM

 

<!> Desinstale: < CyE Registry Writer >

 

não consegui encontrar esse arquivo pra poder desisntalar, por favor se possivel me diga ond ele está, pra poder desinstalar!

 

"<@> Baixe: < O18fix.zip >

<@> Descompacte-o para o desktop. ( O18fix.reg )

<@> Execute o arquivo o18fix.reg,com um duplo clique.

<@> Confirme a inserção ao registro --> Reinicie o computador!"

 

tbm nao consegui baixar esse arquivo, deu erro na pagina, algo parecido com NOT FOUND 404

 

:(

 

aqui vai o log que você pediu

 

OTL logfile created on: 20/11/2009 15:02:15 - Run 4

OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\and\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1022,48 Mb Total Physical Memory | 623,39 Mb Available Physical Memory | 60,97% Memory free

2,40 Gb Paging File | 2,10 Gb Available in Paging File | 87,40% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 14,65 Gb Total Space | 4,82 Gb Free Space | 32,88% Space Free | Partition Type: NTFS

Drive D: | 134,39 Gb Total Space | 69,85 Gb Free Space | 51,98% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: CASA

Current User Name: and

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\and\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (RalinkRegistryWriter) -- C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe ()

SRV - (Irmon) -- C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

SRV - (WMPNetworkSvc) -- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s

IE - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"

FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="

 

 

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff [2009/10/01 07:41:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/11/17 03:07:56 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/11/17 03:07:56 | 00,000,000 | ---D | M]

 

[2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions

[2009/09/18 20:06:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/10/16 17:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\extensions

[2009/10/16 03:24:46 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\and\Dados de aplicativos\Mozilla\Firefox\Profiles\9ohuzfd1.default\searchplugins\winamp-search.xml

[2009/11/18 16:12:36 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2009/11/08 10:15:40 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/01 07:41:17 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

[2009/10/01 07:42:13 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/11/08 10:15:33 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\browserdirprovider.dll

[2009/11/08 10:15:33 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\Mozilla Firefox\components\brwsrcmp.dll

[2009/07/31 16:23:11 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

[2009/11/08 10:15:35 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 20:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/08/03 16:07:42 | 00,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

[2009/11/09 16:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

[2009/11/09 16:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

[2009/10/16 16:45:44 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/10/16 16:45:44 | 00,002,371 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\google.xml

[2009/10/16 16:45:44 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/10/16 16:45:44 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/10/16 16:45:44 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [msnmsgr] C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001..\Run: [skype] C:\Arquivos de programas\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\RunOnce: [nltide_3] C:\WINDOWS\System32\advpack.dll (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\PalTalk.lnk = C:\Arquivos de programas\Paltalk Messenger\paltalk.exe File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\TL-WN321G Wireless Utility.lnk = C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\TWCU.exe ()

O4 - Startup: C:\Documents and Settings\and\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk = C:\Arquivos de programas\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1409082233-1637723038-1177238915-1001_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe File not found

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/14 23:34:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/09/24 13:44:33 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

 

========== Files/Folders - Created Within 14 Days ==========

 

[2009/11/20 15:00:44 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ERUNT

[2009/11/20 14:54:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\and\Recent

[2009/11/19 01:49:12 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/11/19 01:47:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Desktop\FixPolicies

[2009/11/18 15:17:17 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe

[2009/11/18 12:35:12 | 00,000,000 | ---D | C] -- C:\FindyKill

[2009/11/18 11:29:04 | 04,129,799 | ---- | C] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe

[2009/11/18 00:17:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss

[2009/11/18 00:15:51 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CCleaner

[2009/11/17 23:57:58 | 22,897,440 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe

[2009/11/17 13:29:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Skype

[2009/11/17 13:29:25 | 00,000,000 | R--D | C] -- C:\Arquivos de programas\Skype

[2009/11/17 03:07:53 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/11/17 03:07:50 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm

[2009/11/17 03:07:49 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll

[2009/11/17 03:07:49 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm

[2009/11/17 03:07:48 | 00,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll

[2009/11/17 03:07:47 | 00,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll

[2009/11/17 03:07:42 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack

[2009/11/14 19:28:50 | 00,148,496 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\22393460.sys

[2009/11/14 19:28:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Virus Removal Tool

[2009/11/14 19:20:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\regsvc.dll~

[2009/11/12 03:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\and\Dados de aplicativos\teamspeak2

[2009/11/12 03:48:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Teamspeak2_RC2

[2009/11/12 02:54:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft

[2009/11/12 02:54:06 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live

[2009/11/11 14:45:33 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Robster Productions

[2009/11/10 13:48:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\msmq

[2009/11/10 13:48:13 | 00,000,000 | ---D | C] -- C:\Inetpub

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2009/11/20 15:01:00 | 00,000,807 | ---- | M] () -- C:\Documents and Settings\and\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk

[2009/11/20 14:58:11 | 00,794,112 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Komedian.exe

[2009/11/20 14:56:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/11/20 14:56:06 | 00,043,209 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2009/11/20 14:56:04 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/11/20 14:56:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/11/20 14:56:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/11/20 14:54:56 | 02,587,736 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/11/20 14:54:55 | 22,209,7440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/11/20 14:54:49 | 10,485,760 | -H-- | M] () -- C:\Documents and Settings\and\NTUSER.DAT

[2009/11/20 14:54:49 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\and\ntuser.ini

[2009/11/20 14:53:22 | 00,000,610 | ---- | M] () -- C:\Documents and Settings\and\Desktop\UnHookExec.inf

[2009/11/19 22:44:56 | 00,556,638 | -H-- | M] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\IconCache.db

[2009/11/19 01:45:42 | 00,169,398 | ---- | M] () -- C:\Documents and Settings\and\Desktop\FixPolicies.exe

[2009/11/19 01:43:53 | 00,000,359 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Temp.bat

[2009/11/18 15:17:17 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\and\Desktop\OTL.exe

[2009/11/18 13:05:55 | 00,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk

[2009/11/18 12:34:10 | 01,065,740 | ---- | M] () -- C:\Arquivos de programas\FindyKill.exe

[2009/11/18 12:33:23 | 00,000,022 | ---- | M] () -- C:\Arquivos de programas\stinger.opt

[2009/11/18 11:29:20 | 04,129,799 | ---- | M] (McAfee Inc.) -- C:\Arquivos de programas\stinger.exe

[2009/11/18 00:15:52 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk

[2009/11/17 23:30:35 | 22,897,440 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\and\Desktop\drweb-cureit.exe

[2009/11/17 14:06:37 | 00,455,680 | ---- | M] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe

[2009/11/17 13:30:03 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/11/16 23:46:25 | 00,099,883 | ---- | M] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg

[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/11/13 21:45:19 | 00,000,241 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/11/13 21:45:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/11/13 21:34:32 | 03,559,628 | R--- | M] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe

[2009/11/12 23:50:54 | 00,011,736 | R--- | M] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad

[2009/11/12 23:48:03 | 00,104,499 | ---- | M] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg

[2009/11/12 22:47:35 | 00,000,786 | ---- | M] () -- C:\Documents and Settings\and\Desktop\sXe Injected.lnk

[2009/11/12 02:44:27 | 00,000,941 | ---- | M] () -- C:\Documents and Settings\and\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2009/11/11 22:54:41 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Counter-Strike 1.6 Non-steam (v23).lnk

[2009/11/11 22:54:32 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\and\Desktop\Counter-Strike.lnk

[2009/11/11 13:18:30 | 00,117,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/11/09 16:00:00 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll

[2009/11/09 16:00:00 | 00,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/09 16:00:00 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[13 C:\Documents and Settings\and\*.tmp files -> C:\Documents and Settings\and\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2009/11/20 15:01:00 | 00,000,807 | ---- | C] () -- C:\Documents and Settings\and\Menu Iniciar\Programas\Inicializar\ERUNT AutoBackup.lnk

[2009/11/20 14:58:10 | 00,794,112 | ---- | C] () -- C:\Documents and Settings\and\Desktop\Komedian.exe

[2009/11/20 14:53:22 | 00,000,610 | ---- | C] () -- C:\Documents and Settings\and\Desktop\UnHookExec.inf

[2009/11/19 01:45:36 | 00,169,398 | ---- | C] () -- C:\Documents and Settings\and\Desktop\FixPolicies.exe

[2009/11/19 01:43:53 | 00,000,359 | ---- | C] () -- C:\Documents and Settings\and\Desktop\Temp.bat

[2009/11/18 12:33:29 | 01,065,740 | ---- | C] () -- C:\Arquivos de programas\FindyKill.exe

[2009/11/18 12:33:23 | 00,000,022 | ---- | C] () -- C:\Arquivos de programas\stinger.opt

[2009/11/18 12:33:19 | 00,000,680 | ---- | C] () -- C:\Arquivos de programas\stinger.txt

[2009/11/18 00:15:52 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\and\Desktop\CCleaner.lnk

[2009/11/17 14:06:28 | 00,455,680 | ---- | C] () -- C:\Documents and Settings\and\Desktop\ToolsCleaner2.exe

[2009/11/17 13:30:03 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2009/11/17 03:07:52 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/17 03:07:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/11/17 03:07:50 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml

[2009/11/17 03:07:49 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/11/17 03:07:49 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/11/17 03:07:48 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/11/17 03:07:45 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/11/17 03:07:45 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/11/13 21:34:01 | 03,559,628 | R--- | C] () -- C:\Documents and Settings\and\Desktop\ComboFix.exe

[2009/11/12 23:48:02 | 00,104,499 | ---- | C] () -- C:\Documents and Settings\and\Desktop\PRIIII.jpg

[2009/11/12 22:35:45 | 00,099,883 | ---- | C] () -- C:\Documents and Settings\and\Desktop\feliz!!.jpg

[2009/11/12 22:34:44 | 00,011,736 | R--- | C] () -- C:\Documents and Settings\and\Desktop\tempdecal.wad

[2009/09/18 19:32:02 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ezsid.dat

[2009/09/18 19:29:34 | 00,002,296 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini

[2009/09/18 19:29:12 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini

[2009/09/18 13:41:09 | 00,028,242 | ---- | C] () -- C:\WINDOWS\System32\regsvc.dll.zip

[2009/09/15 04:45:15 | 00,556,638 | -H-- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\IconCache.db

[2009/09/15 01:50:11 | 00,017,384 | ---- | C] () -- C:\Documents and Settings\and\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/09/15 01:25:24 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\CamLib.Dll

[2009/09/14 23:51:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\and\Dados de aplicativos\desktop.ini

[2009/09/14 23:43:08 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/14 20:26:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/14 16:10:15 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/07/14 16:10:15 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/07/14 16:10:14 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/07/14 16:10:14 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2009/07/14 16:10:13 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/07/14 16:10:13 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2009/07/14 16:10:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2009/04/17 19:21:12 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2008/04/14 05:00:00 | 00,000,528 | ---- | C] () -- C:\WINDOWS\win.ini

[2008/04/14 05:00:00 | 00,000,241 | ---- | C] () -- C:\WINDOWS\system.ini

 

========== LOP Check ==========

 

[2009/09/15 04:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avg7

[2009/09/16 23:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/11/13 21:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

[2009/11/13 21:26:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/10/26 14:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TP-LINK Driver

[2009/11/17 03:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Broad Intelligence

[2009/10/21 04:03:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\and\Dados de aplicativos\Octoshape

[2008/04/14 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/11/20 14:56:04 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2009/11/20 14:56:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

 

========== Purity Check ==========

 

 

< End of report >

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! danmex

 

não consegui encontrar esse arquivo pra poder desisntalar, por favor se possivel me diga ond ele está, pra poder desinstalar!

<!> É um programa que gerencia o Registro. E,o arquivo abaixo,pertence ao mesmo...verifique!

<!> C:\Arquivos de programas\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe <--

<><><><><><><><><><><>

<@> Hospedei O18Fix.zip,no MediaFire,pode baixá-lo!

<@> < O18Fix.zip >

<><><><><><><><><><><>

<@> Faça o download do TuneUp Utilities 2009.

<@> Para baixar,digite o seu E-Mail e clique em Start download.

<@> Salve o executável,TU2009TrialEN.exe,em Arquivos de Programas.

<@> O programa é Trial! Mas...haverá tempo,para a otimização do computador.

<@> Procure desfragmentar o Disco e Registro.

<@> Posteriormente,voçê descobrirá que este utilitário executa muitas funções,que são úteis ao computador.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Bom dia DigRam

 

ja fiz tudo como você pediu!

eh agora? meu pc está limpo?

 

ja posso desinstalar os outros programas que você pediu pra mim baixar?

 

obs: eu uso um programa parecido com o TuneUp utilities

eu uso o CCleaner, eles são parecidos? mas eu rodei o TuneUp como você pediu =)

 

meu pc aparentemente está bom!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! danmex

 

ja fiz tudo como você pediu!

eh agora? meu pc está limpo?

<!> Já de há muito,ele estava limpo! Onde boa parte dos procedimentos,foram realizados para estabelecer condições equilibradas ao funcionamento do computador. ( Certificações,protocolos,hosts,políticas corretas,etc... )

 

ja posso desinstalar os outros programas que você pediu pra mim baixar?

<!> Sim! Lhe passarei alguns métodos de remoção. Mas...por enquanto,mantenha o HijackThis para uma última avaliação.

 

obs: eu uso um programa parecido com o TuneUp utilities

eu uso o CCleaner, eles são parecidos? mas eu rodei o TuneUp como você pediu =)

<!> TuneUp Utilities é mais completo,promovendo reparos,otimizações e correções.

<><><><><><><><><><><>

<@> Abra o OTL.exe --> Clique em CleanUp.jpg --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

<><><><><><><><><><><>

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /u --> Clique OK.

 

< cfunins.jpg >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<><><><><><><><><><><>

<@> Para desinstalar o HijackThis,faça o seguinte:

<@> Abra o HijackThis --> Clique: "Open the Misc Tools section".

<@> Estando no menu "Misc Tools",role a coluna e clique em "Uninstall HijackThis & exit".

<><><><><><><><><><><>

<@> Abra a pasta Virus Removal Tool,que encontra-se no desktop.

<@> Duplo-clique sobre o arquivo: unins000.exe <--

<@> Clique em OK duas vezes.

<@> O computador será reiniciado.

<><><><><><><><><><><>

<@> Baixe: < imagemus0.jpg > (...par A.Rothstein & dj Quiou )

<@> Salve-o no desktop!

<@> Feche programas que estejam abertos,e execute a ferramenta.

<@> Clique no botão Recherche,para iniciar o scan. <-- Aguarde!

<@> Terminando,teremos relacionados os itens que serão removidos.

<@> Clique no botão Supression para remover os itens encontrados.

<@> Clique,à seguir,em Quitter.

<@> Poste o relatório: ( C:\TCleaner.txt ) <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Boa Tarde DigRam

 

aqui vai os logs que você pediu!

desde já agradeço a toda a atenção e paciencia =)

 

tcleaner.txt

 

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

 

--> Recherche:

 

C:\FindyKill.txt: trouvé !

C:\FindyKill: trouvé !

 

---------------------------------

--> Suppression:

 

C:\FindyKill.txt: supprimé !

C:\FindyKill: supprimé !

 

 

hijackthis.log

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:18:33, on 21/11/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Arquivos de programas\ERUNT\AUTOBACK.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de programas\Paltalk Messenger\Paltalk.exe (file missing)

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{300EDF33-DB30-43FA-AC3E-CF080FC6BB5F}: NameServer = 200.165.132.154

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Arquivos de programas\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

 

--

End of file - 7332 bytes

 

Abraços

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! danmex

 

<!> Abra o HijackThis e dê Fix nesta entrada: O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

 

<@> Clique direito em "Meu Computador" --> Propriedades --> Avançado.

<@> Na seção "Inicialização e Recuperação", clique em "Configurações".

<@> Mais abaixo,na seção "Gravando Informações de Depuração",marque: Nenhum --> OK

<!> Seu relatório está limpo! :thumbsup:

<!> Bom trabalho!

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

danmex    0

danmex
Postado

Boa Tarde DigRAm!

 

mais uma vez muito obrigado!

segunda vez que consigo limpar meu pc sem formatar!

hehehehehee

 

você e toda sua equipe estão de parabens!

Bom trabalho =)

 

o topico foi resolvido

 

Abraços =)

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito