[Resolvido!] Pc ficou lento do nada

[RAT_GTR 0]

Olá pessoal!

 

O Edvan, da área de Hardware, recomendou que postasse um log aqui antes de tomar quaisquer medidas posteriores.

Resumindo o problema, meu PC passou do nada a demorar uns 5 min. para abrir a área de trabalho, e fica extremamente lento por mais uns 5 minutos até a luz de uso do HD apagar (durante esse tempo fica acesa direto), depois disso consigo mexer no PC (ainda meio lento).

Bem, segue o log, se tiverem um tempinho e puderem ajudar ficaria muito agradecido.

===//===

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:40:35, on 27/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThissss\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_SD7.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1ca3f992fa42274) (gupdate1ca3f992fa42274) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe

 

--

End of file - 7304 bytes

 

Obrigado e abraço!

[DigRam 144]

Boa Noite! RAT_GTR

 

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[RAT_GTR 0]

Olá DigRam!

 

Segue o OTL.txt, não há nenhum extra.txt, porém.

 

OTL logfile created on: 28/12/2009 12:00:27 - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Home\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 53,71 Gb Total Space | 27,40 Gb Free Space | 51,01% Space Free | Partition Type: NTFS

Drive D: | 10,74 Gb Total Space | 2,91 Gb Free Space | 27,10% Space Free | Partition Type: NTFS

Drive E: | 10,07 Gb Total Space | 5,65 Gb Free Space | 56,14% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: NRLR-M04QJKA95R

Current User Name: Home

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)

PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (cmdAgent) -- C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (gupdate1ca3f992fa42274) Google Update Service (gupdate1ca3f992fa42274) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (NIHardwareService) -- C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (Applied Networking Inc.)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntmgr) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntmgr.sys (Avira GmbH)

DRV - (avgntdd) -- C:\WINDOWS\system32\drivers\avgntdd.sys (Avira GmbH)

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Ask.com (Virtus Designs)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 49

FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0

FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/28 10:09:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/16 17:54:56 | 00,000,000 | ---D | M]

 

[2009/08/16 19:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Extensions

[2009/12/27 18:10:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions

[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2009/12/11 19:20:10 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2009/08/16 19:17:12 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2009/11/05 20:17:01 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/11/28 20:11:25 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/12 11:45:50 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/10/28 18:36:35 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/11/24 20:40:42 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/11 19:20:21 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/08/16 19:21:45 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2009/10/28 18:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\anycolor.pavlos256@gmail.com

[2009/10/04 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\en-US@dictionaries.addons.mozilla.org

[2009/08/16 19:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions

[2009/08/16 19:17:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions

[2009/12/27 18:10:41 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2009/08/31 16:44:33 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009/07/30 20:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/07/30 20:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/07/30 20:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/07/30 20:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (325963 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 11154 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll File not found

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.76.224.13 201.76.224.14

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/16 17:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\AutoRun\command - "" = jmemox.exe

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\explore\Command - "" = jmemox.exe

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\open\Command - "" = jmemox.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/12/28 10:09:00 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2009/12/27 18:19:32 | 00,000,000 | ---D | C] -- C:\HijackThissss

[2009/12/26 16:26:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Western Digital Corporation

[2009/12/25 15:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Guitarra

[2009/12/25 14:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2009/12/23 21:39:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Lavalys

[2009/12/20 18:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Meus documentos\Native Instruments

[2009/12/20 18:42:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2009/12/20 18:40:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Digidesign

[2009/12/20 18:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments

[2009/12/20 18:39:45 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2009/12/20 18:38:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/12/20 18:38:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2009/12/20 18:38:19 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2009/12/20 18:38:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments

[2009/12/20 18:38:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments

[2009/12/20 18:33:09 | 00,000,000 | ---D | C] -- C:\guitarRig4

[2009/12/19 17:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Nova pasta

[2009/12/16 21:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity

[2009/12/16 21:35:36 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)

[2009/12/14 17:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\LogMeIn Hamachi

[2009/12/12 23:50:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Hamachi

[2009/12/12 23:49:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Hamachi

[2009/12/11 22:24:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\LogMeIn Hamachi

[2009/12/11 21:49:53 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Games

[2009/11/29 17:39:54 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Guitar Pro 5

[2009/11/28 19:49:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2009/09/27 16:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/09/27 15:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/08/25 13:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/08/23 16:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/08/17 21:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/08/16 17:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2007/01/01 00:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Temp

[2 C:\Documents and Settings\Home\Meus documentos\*.tmp files -> C:\Documents and Settings\Home\Meus documentos\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2009/12/28 12:02:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/28 10:09:22 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT

[2009/12/28 10:03:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2009/12/28 09:57:13 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/28 09:54:19 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/28 09:54:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/28 09:54:09 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/27 23:27:25 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini

[2009/12/27 18:27:48 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CCleaner.lnk

[2009/12/26 21:10:12 | 01,250,816 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc

[2009/12/25 14:21:18 | 00,007,268 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/12/25 10:04:40 | 04,323,720 | -H-- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\IconCache.db

[2009/12/24 18:28:07 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/12/23 21:39:50 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk

[2009/12/20 15:40:34 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/19 21:52:50 | 02,960,686 | ---- | M] () -- C:\sooolooo

[2009/12/19 21:52:48 | 00,743,744 | ---- | M] () -- C:\sooolooo2.mp3

[2009/12/19 21:41:14 | 02,118,190 | ---- | M] () -- C:\test2

[2009/12/19 21:41:14 | 01,559,086 | ---- | M] () -- C:\testeee

[2009/12/19 21:38:57 | 00,532,352 | ---- | M] () -- C:\aaaaaaaaaaaaa2.mp3

[2009/12/19 21:38:20 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2

[2009/12/19 21:32:04 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\testt

[2009/12/19 21:28:42 | 00,393,792 | ---- | M] () -- C:\aaaaaaaaaaaaa.mp3

[2009/12/19 20:46:20 | 00,466,688 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa

[2009/12/19 20:44:41 | 00,465,536 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\rec

[2009/12/19 18:54:15 | 00,011,006 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg

[2009/12/16 21:36:07 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2009/12/12 23:49:53 | 00,015,440 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys

[2009/12/12 23:49:53 | 00,000,672 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk

[2009/12/12 23:21:40 | 00,001,989 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Age of Empires II.lnk

[2009/12/12 17:07:33 | 00,021,432 | ---- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/12/12 08:42:51 | 01,420,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/11 17:48:15 | 07,968,768 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet2.doc

[2009/12/11 16:39:56 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet.doc

[2009/12/09 10:31:39 | 00,344,380 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/12/09 10:31:39 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/09 10:31:39 | 00,048,628 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/12/09 10:31:39 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/09 10:31:38 | 00,752,074 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/09 09:31:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/08 15:36:32 | 00,000,759 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\ASIO4ALL v2 Off-Line Settings.lnk

[2009/12/02 19:22:41 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll

[2009/12/02 19:22:34 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys

[2 C:\Documents and Settings\Home\Meus documentos\*.tmp files -> C:\Documents and Settings\Home\Meus documentos\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2009/12/26 20:48:22 | 01,250,816 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc

[2009/12/25 14:19:55 | 00,007,268 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/12/23 21:39:50 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk

[2009/12/19 21:52:44 | 00,743,744 | ---- | C] () -- C:\sooolooo2.mp3

[2009/12/19 21:51:53 | 02,960,686 | ---- | C] () -- C:\sooolooo

[2009/12/19 21:38:55 | 00,532,352 | ---- | C] () -- C:\aaaaaaaaaaaaa2.mp3

[2009/12/19 21:38:18 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2

[2009/12/19 21:32:02 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\testt

[2009/12/19 21:31:17 | 02,118,190 | ---- | C] () -- C:\test2

[2009/12/19 21:19:02 | 00,393,792 | ---- | C] () -- C:\aaaaaaaaaaaaa.mp3

[2009/12/19 21:16:47 | 01,559,086 | ---- | C] () -- C:\testeee

[2009/12/19 20:46:18 | 00,466,688 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa

[2009/12/19 20:44:39 | 00,465,536 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\rec

[2009/12/19 18:54:00 | 00,011,006 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg

[2009/12/16 21:36:07 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2009/12/12 23:49:53 | 00,000,672 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\hamachi.lnk

[2009/12/11 21:51:19 | 00,001,989 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Age of Empires II.lnk

[2009/12/11 17:46:27 | 07,968,768 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Leaflet2.doc

[2009/10/14 15:27:06 | 14,909,57360 | ---- | C] () -- C:\Arquivos de programas\ruina_de_morroc.zip

[2009/09/04 18:36:09 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/28 23:08:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/08/28 23:08:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/08/28 23:08:42 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/28 23:08:42 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/08/28 23:08:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/08/28 23:08:39 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/08/28 23:08:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/23 18:07:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/08/23 18:05:50 | 00,000,053 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini

[2009/08/17 18:24:35 | 00,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/16 21:59:16 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/16 18:12:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2002/03/25 18:02:14 | 00,014,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 

========== LOP Check ==========

 

[2009/09/05 22:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development

[2009/08/22 21:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/12/20 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments

[2009/11/12 18:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2009/08/17 16:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/12/20 18:39:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2009/12/20 18:42:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2009/12/20 18:38:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2009/12/20 18:38:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2009/09/05 22:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Advanced Chemistry Development

[2009/12/19 22:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity

[2009/08/18 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\GrabPro

[2009/12/22 23:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Orbit

[2009/12/20 18:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\uTorrent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9

< End of report >

===//===

 

Dei uma olhada no HOSTS para ver o que eram essas entradas estranhas, consta que foram inseridas pelo Spybot S&D, menos mal...

 

Abraço!

[DigRam 144]

Boa Tarde! RAT_GTR

 

Dei uma olhada no HOSTS para ver o que eram essas entradas estranhas, consta que foram inseridas pelo Spybot S&D, menos mal...

<!> É normal esse gerenciamento do Spybot,ao hosts,onde poderíamos incluir outros domínios nessa relação.

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:OTL

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\AutoRun\command - "" = jmemox.exe

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\explore\Command - "" = jmemox.exe

O33 - MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\Shell\open\Command - "" = jmemox.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files

C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\Documents and Settings\Home\Meus documentos\*.tmp

C:\WINDOWS\*.tmp

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

< >

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

< >

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt <--

°°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°°

<@> Execute o OTL Quick Scan,onde teremos um rápido escaneamento da ferramenta.

<@> Duplo-clique em: < >

<@> Clique em "Scan All Users" --> --> Aguarde!

<@> Copie e poste o relatório. ( OTL log )

 

Abraços!

[RAT_GTR 0]

Boa Noite DigRam!

 

Seguem os logs.

 

===//===

All processes killed

========== OTL ==========

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:0CE7F3C9 deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.

File jmemox.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.

File jmemox.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8731c65a-8dd0-11de-9ec5-001d7d863312}\ not found.

File jmemox.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

========== FILES ==========

C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Documents and Settings\Home\Meus documentos\~WRL1286.tmp moved successfully.

C:\Documents and Settings\Home\Meus documentos\~WRL1578.tmp moved successfully.

C:\WINDOWS\002445_.tmp moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Home

->Temp folder emptied: 4576509 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 93937077 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33616 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 153771 bytes

RecycleBin emptied: 1072690673 bytes

 

Total Files Cleaned = 1.117,00 mb

 

 

OTL by OldTimer - Version 3.1.20.1 log created on 12282009_192149

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

===//===

 

############################## | UsbFix V6.068 |

 

User : Home (Administradores) # NRLR-M04QJKA95R

Update on 28/12/2009 by Chiquitine29, C_XX & Chimay8

Start at: 19:43:05 | 28/12/2009

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

Intel® Pentium® 4 CPU 3.06GHz

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 2

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

FW : COMODO Firewall[ Enabled ]3.9

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 53,71 Go (27,25 Go free) # NTFS

D:\ -> Disco fixo local # 10,74 Go (2,92 Go free) [Disco Local] # NTFS

E:\ -> Disco fixo local # 10,07 Go (6,57 Go free) [Novo Volume] # NTFS

F:\ -> Disco removível

G:\ -> Disco removível

H:\ -> Disco removível

I:\ -> Disco removível

J:\ -> Disco CD-ROM

 

############################## | Processos activos |

 

C:\WINDOWS\System32\smss.exe 684

C:\WINDOWS\system32\csrss.exe 724

C:\WINDOWS\system32\winlogon.exe 748

C:\WINDOWS\system32\services.exe 792

C:\WINDOWS\system32\lsass.exe 804

C:\WINDOWS\system32\svchost.exe 980

C:\WINDOWS\system32\svchost.exe 1048

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe 1144

C:\WINDOWS\system32\svchost.exe 1172

C:\WINDOWS\System32\svchost.exe 1308

C:\WINDOWS\System32\svchost.exe 1476

C:\WINDOWS\system32\spoolsv.exe 1596

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe 1660

C:\WINDOWS\System32\svchost.exe 1760

C:\WINDOWS\system32\WgaTray.exe 1932

C:\Arquivos de programas\Google\Update\GoogleUpdate.exe 1952

C:\WINDOWS\Explorer.EXE 2000

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe 268

C:\Arquivos de programas\Java\jre6\bin\jqs.exe 400

C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe 504

C:\WINDOWS\System32\svchost.exe 1084

C:\WINDOWS\system32\wuauclt.exe 1268

C:\WINDOWS\system32\wbem\wmiprvse.exe 1416

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003

Supprimido ! D:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003

Supprimido ! D:\Recycler\S-1-5-21-1614895754-1801674531-839522115-1001

Supprimido ! D:\Recycler\S-1-5-21-1659004503-1482476501-839522115-1003

Supprimido ! D:\Recycler\S-1-5-21-56604596-3646181656-1509837818-1003

Supprimido ! E:\Recycler\S-1-5-21-1078081533-1303643608-839522115-1003

Supprimido ! E:\Recycler\S-1-5-21-56604596-3646181656-1509837818-1003

 

################## | Registro # Chaves infectieuses |

 

 

################## | Registro # Mountpoints2 |

 

 

################## | Listing |

 

[07/09/2009 13:53|--a------|89953] C:\07rato550.jpg

[13/09/2009 00:23|--a------|153194] C:\3d2647iq.jpg

[13/09/2009 00:23|--a------|152341] C:\3d2697zc.jpg

[04/10/2009 16:12|--a------|836796] C:\45434.gif

[19/12/2009 21:28|--a------|393792] C:\aaaaaaaaaaaaa.mp3

[19/12/2009 21:38|--a------|532352] C:\aaaaaaaaaaaaa2.mp3

[30/09/2009 18:02|--a------|25682] C:\ajudandoopapai.jpg

[16/08/2009 17:33|--a------|0] C:\AUTOEXEC.BAT

[13/09/2009 00:22|---------|581097] C:\Balance_Wallpaper_by_nxxos.jpg

[23/08/2009 15:43|-rahs----|211] C:\boot.ini

[28/10/2001 10:06|-rahs----|4952] C:\Bootfont.bin

[12/09/2009 00:54|--a------|2119256] C:\bunnyattack.gif

[31/08/2009 21:50|--a------|55] C:\celulares.txt

[16/08/2009 17:33|--a------|0] C:\CONFIG.SYS

[16/08/2009 18:07|--a------|58] C:\csb.log

[02/10/2009 22:43|--a------|65536] C:\epic-fail-manicure-set-fail.jpg

[09/09/2009 23:10|--a------|7284] C:\fake_smile_4110.jpg

[19/09/2009 23:33|--a------|58551] C:\figura1h.jpg

[19/09/2009 23:33|--a------|74515] C:\figura2v.jpg

[19/09/2009 23:33|--a------|47356] C:\figura3y.jpg

[19/09/2009 23:33|--a------|52923] C:\figura4.jpg

[19/09/2009 23:33|--a------|54713] C:\figura5t.jpg

[19/09/2009 23:33|--a------|50969] C:\figura6r.jpg

[19/09/2009 23:34|--a------|41080] C:\figura7e.jpg

[19/09/2009 23:34|--a------|35341] C:\figura8p.jpg

[19/09/2009 23:34|--a------|52283] C:\figura9.jpg

[04/12/2009 22:07|--a------|929] C:\fisica 1na.txt

[06/09/2009 22:43|--a------|66872] C:\gato.JPG

[03/09/2009 16:58|--a------|22363] C:\img.jpg

[01/01/2007 01:01|--a------|158616] C:\Img00028.jpg

[03/09/2009 17:19|--a------|455578] C:\Img00028alt c¢pia.jpg

[03/09/2009 17:19|--a------|9807923] C:\Img00028alt.psd

[03/09/2009 16:59|--a------|23381] C:\img2.jpg

[07/09/2009 11:56|--a------|23936] C:\img3.jpg

[07/09/2009 11:56|--a------|23958] C:\img4.jpg

[07/09/2009 11:57|--a------|24713] C:\img5.jpg

[25/09/2009 16:49|--a------|24859] C:\imgcrono.jpg

[02/10/2009 23:19|--a------|24576] C:\imprimir.doc

[16/08/2009 17:33|-rahs----|0] C:\IO.SYS

[13/09/2009 00:20|--a------|32031] C:\kevin-daniel-howling-wolves.jpg

[18/11/2009 10:57|--a------|1075] C:\medley 32.txt

[16/08/2009 17:33|-rahs----|0] C:\MSDOS.SYS

[13/09/2009 00:15|--a------|80383] C:\namib-desert-air-p-32.3.jpg

[13/09/2009 00:15|--a------|105814] C:\namib-desert-air-v-23.3.jpg

[23/08/2009 15:38|-rahs----|47564] C:\NTDETECT.COM

[23/08/2009 15:38|-rahs----|251168] C:\ntldr

[10/10/2009 21:31|--a------|81817] C:\OgAAAA64V9Ed_CVWFGmCJDQGpmvo1iREvjX6t1l_nhCZzG2putym0uJ0e1gb8gjhl3XEhjTGE5X4hKR9LMk86Je6my4Am1T1UNRlq7UwwCr4rz6GSpzC6O4DKL_L.jpg

[?|?|?] C:\pagefile.sys

[28/09/2009 15:42|--a------|316480] C:\Pangea_animation_03.gif

[11/10/2009 00:16|--a------|269] C:\rap.txt

[13/10/2009 18:09|--a------|283] C:\ratmus estoria.txt

[16/08/2009 18:07|--a------|347] C:\RHDSetup.log

[27/09/2009 16:46|--a------|1972280] C:\rota enem01-2.bmp

[27/09/2009 16:41|--a------|2359350] C:\rota enem01.bmp

[27/09/2009 16:49|--a------|1972280] C:\rota enem02-2.bmp

[27/09/2009 16:42|--a------|2359350] C:\rota enem02.bmp

[27/09/2009 16:51|--a------|1984568] C:\rota enem03-2.bmp

[27/09/2009 16:43|--a------|2359350] C:\rota enem03.bmp

[03/10/2009 14:12|--a------|1274] C:\saasassaasassaas.txt

[19/12/2009 21:52|--a------|2960686] C:\sooolooo

[19/12/2009 21:52|--a------|743744] C:\sooolooo2.mp3

[19/12/2009 21:41|--a------|2118190] C:\test2

[19/12/2009 21:41|--a------|1559086] C:\testeee

[13/09/2009 00:25|--a------|556562] C:\thecube1024x768lg4.jpg

[10/10/2009 23:04|--ahs----|188928] C:\Thumbs.db

[28/12/2009 19:48|--a------|6404] C:\UsbFix.txt

[09/09/2009 21:05|--a------|39] C:\ytyttyt.txt

[07/08/2009 23:22|--a------|13492] D:\100.gif

[12/07/2009 00:18|--a------|200017] D:\11469538.jpg

[12/06/2009 18:51|--a------|41823] D:\1222451-3380-atm14.jpg

[12/06/2009 18:52|--a------|50680] D:\1222462-9350-atm14.jpg

[12/06/2009 18:52|--a------|37570] D:\1222464-2000-atm14.jpg

[14/08/2009 16:10|--a------|4456] D:\1250206823.jpg

[29/08/2009 23:57|--a------|15888] D:\136017-10uyt0-erroxpsp2.jpg

[10/08/2009 20:02|--a------|626289] D:\160px-Chuck_Approves.gif

[07/08/2009 23:22|--a------|4843] D:\26.gif

[07/07/2009 21:51|--a------|22400] D:\2887060541_cc40fa6e93.jpg

[17/06/2009 22:33|--a------|2554] D:\57.gif

[07/08/2009 23:22|--a------|3158] D:\64.gif

[18/08/2009 22:17|--a------|112171] D:\800px-Starwars-tatooine.jpg

[24/08/2009 18:09|--a------|441653] D:\admmoduser.gif

[06/08/2009 14:49|--a------|2983929] D:\Baixe o manual aqui.pdf.htm

[19/07/2009 01:36|--a------|109139] D:\Bejeweled (128x160).jar

[07/08/2009 15:46|--a------|99582] D:\dwarf_male120x.gif

[03/08/2009 18:40|--a------|46978] D:\Esquema21c.gif

[25/06/2009 20:29|--a------|10756] D:\gargalhada2.gif

[30/08/2009 12:20|--a------|13971] D:\happy50.gif

[19/07/2009 19:47|--a------|41955] D:\House_de_m scara.jpg

[26/07/2009 16:57|--a------|66789] D:\Ibeat.jpg

[01/01/2007 01:02|--a------|139518] D:\Img00087.jpg

[01/01/2007 01:00|--a------|203295] D:\Img00440.jpg

[01/01/2007 01:00|--a------|203597] D:\Img00441.jpg

[01/01/2007 01:00|--a------|243006] D:\Img00442.jpg

[01/01/2007 01:00|--a------|243529] D:\Img00443.jpg

[01/01/2007 01:01|--a------|234943] D:\Img00444.jpg

[01/01/2007 01:01|--a------|234608] D:\Img00445.jpg

[25/06/2009 20:29|--a------|41101] D:\jerry_gargalhada.gif

[08/08/2009 22:15|--a------|4767] D:\kiko.jpg

[29/06/2009 22:26|--a------|1190512] D:\Neri seguro Regina.one

[08/08/2009 22:38|--a------|41444] D:\nogos1.jpg

[10/06/2009 20:45|--a------|131200] D:\odin-and-puppies.jpg

[28/06/2009 14:10|--a------|76436] D:\Odin.jpg

[03/08/2009 23:21|--a------|55579] D:\OgAAAABaOC7hoOZS6IbTjXyycWPHBGAp8n61UELQuqAS1nepU6eWLQmJiSNw1U6m9HfUisoNUJ2erd5cxV0j4s0rq2oAm1T1UOkE-SPHm4E1KQZBtAD62DRPBULO.jpg

[09/07/2009 19:14|--a------|30931] D:\OgAAADybGzaKjvkvKnuZQ3LLokZHI0ji6dbTICY9sVECtp6ejpQAlqOzq2BKFI_S41Gw9va41hhNQX-2SIr4gn1IZswAm1T1UD7YD43BxHkcfO0umB7nOMbhQd5J.jpg

[09/07/2009 19:24|--a------|113970] D:\OgAAAFncrba-esrPX5ZzkeD2m8QpjY51iTjvHzroPpdiEs22JCiIvw8PCTmc1twVwNA7QN9ToYY_8ksRTsBDTNEUAP0Am1T1UJtUdO-U77ndI6L15v1ej_bnkVfc.jpg

[09/07/2009 19:08|--a------|29409] D:\OgAAAHeLuanKxJHsfbFyFKSjPcx4G802JsECMS4a1pxRdjYN4_1WfvY_dO7H4kGRFnmkOaMf-OP66shXrV5cl4OqNaoAm1T1UNM89797mw0U1euEQD56liukHQ7B.jpg

[09/07/2009 19:14|--a------|39126] D:\OgAAAHnCwlc-vPwwa9rMPt2azWv6iPvOy6hNi9EaN47lrZDs9popEWXppTm0qqRQshzsAzbbg9ui7A164pDYMoLf2KwAm1T1UDjzn6IRE0Emh3jAbSS5cMCtyBqs.jpg

[30/08/2009 12:20|--a------|958] D:\ohyeah.gif

[09/07/2009 19:25|--a------|100198] D:\OQAAABAwuF1upgI0cY0VcBTRT_-iy3rbq7ZDpdEzuI-WyIuNVd33OXfqNMHtpW-H93kvn8xUe8U4NaiFswD42c2xuPgAm1T1UE4lzhU7CEhTGGlxXKBznmbgGb95.jpg

[09/07/2009 19:21|--a------|15492] D:\OQAAADzs7MzlGLqbAYdBGSrzfukwJh6h3GvWNQxT-dxKIOoG0UvLzhO1fHafoop_TumgtmB0PJ4LY3j3QwQQNGq0KMMAm1T1UB30CXR3nA2aE_D0lsv7ii0Bv1f_.jpg

[02/08/2009 00:28|--a------|351933] D:\Overtonesandundertones2.jpg

[30/06/2009 20:17|--a------|25170] D:\picard-facepalm.jpg

[28/06/2009 14:01|--a------|19756] D:\pirata_montilla_.jpg

[28/06/2009 13:59|--a------|123938] D:\pirate-skeleton.jpg

[04/08/2009 22:05|--a------|103371] D:\pirate-skeleton2.JPG

[11/07/2009 17:17|--a------|58044] D:\quadrinho_mecanica_006.jpg

[29/06/2009 23:05|--a------|8296] D:\ReadMe.b4u

[22/06/2009 17:31|--a------|66828] D:\Sheriff Badge (2)_2.jpg

[21/08/2009 18:02|--a------|75468] D:\spawn.gif

[03/08/2009 18:34|--a------|29202] D:\stand2hb1sc.gif

[03/08/2009 22:40|--a------|63646] D:\sthac-HSH-wiring.jpg

[02/08/2009 00:28|--a------|600947] D:\Table_of_Harmonics.jpg

[10/07/2009 14:15|--a------|200177] D:\Tesla_colorado.jpg

[27/12/2009 12:43|--ahs----|352768] D:\Thumbs.db

[26/10/2008 20:19|--a------|74972] D:\Vick.jpg

[03/08/2009 18:53|--a------|123485] D:\wdu_hsh5l11_01.jpg

[03/08/2009 18:53|--a------|136645] D:\wdu_hsh5l11_02.jpg

[03/08/2009 18:55|--a------|145888] D:\wdu_hsh5l11_03.jpg

[03/08/2009 18:52|--a------|110415] D:\wdu_hss5l11_01.jpg

[06/08/2009 22:30|--a------|24648] E:\Campo Harm“nico.gp5

[16/08/2009 16:08|--ahs----|357376] E:\Thumbs.db

 

################## | Vaccinação |

 

# C:\autorun.inf -> Folder criado por UsbFix.

# D:\autorun.inf -> Folder criado por UsbFix.

# E:\autorun.inf -> Folder criado por UsbFix.

 

################## | Crack > Keygen > Serial |

 

"C:\Arquivos de programas\Microsoft Games\Age of Empires II\CrackXP.exe"

27/11/1999 00:00 |Size 89088 |Crc32 7ad018b9 |Md5 a7d491c3b7d8aef934573b2679eb5909

 

"D:\Shared\PACK(ARES CRACK)\PACK(ARES CRACK)\crack\Ares.exe"

05/07/2009 03:39 |Size 3231744 |Crc32 45e20368 |Md5 2931f8782ef11bdf33c448e5ac5c90cf

 

"D:\Shared\PACK(ARES CRACK).zip"

-> Contain : PACK(ARES CRACK)\crack\Ares.exe

 

################## | Upload |

 

Favor enviar o arquivo : C:\DOCUME~1\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.068 ! |

===//===

OTL logfile created on: 28/12/2009 20:38:57 - Run 3

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Home\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 53,71 Gb Total Space | 27,19 Gb Free Space | 50,61% Space Free | Partition Type: NTFS

Drive D: | 10,74 Gb Total Space | 4,21 Gb Free Space | 39,21% Space Free | Partition Type: NTFS

Drive E: | 10,07 Gb Total Space | 6,64 Gb Free Space | 65,98% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: NRLR-M04QJKA95R

Current User Name: Home

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)

PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Home\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (cmdAgent) -- C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (gupdate1ca3f992fa42274) Google Update Service (gupdate1ca3f992fa42274) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (NIHardwareService) -- C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\S-1-5-21-1078081533-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Ask.com (Virtus Designs)"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.uol.com.br/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 49

FF - prefs.js..extensions.enabledItems: {fce36c1e-58d8-498a-b2a5-66ad1cedebbb}:0.76

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.2.9

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0

FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.5

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/28 10:09:28 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/16 17:54:56 | 00,000,000 | ---D | M]

 

[2009/08/16 19:10:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Extensions

[2009/12/28 18:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions

[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2009/12/11 19:20:10 | 00,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2009/08/16 19:17:12 | 00,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2009/11/03 19:41:05 | 00,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}

[2009/11/05 20:17:01 | 00,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/11/28 20:11:25 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/12 11:45:50 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/10/28 18:36:35 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009/11/24 20:40:42 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/11 19:20:21 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/08/16 19:21:45 | 00,000,000 | ---D | M] (CustomizeGoogle) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb}

[2009/10/28 18:36:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\anycolor.pavlos256@gmail.com

[2009/10/04 21:09:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\en-US@dictionaries.addons.mozilla.org

[2009/08/16 19:21:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions

[2009/08/16 19:17:13 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions

[2009/08/16 19:17:14 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Dados de aplicativos\Mozilla\Firefox\Profiles\vhwwunfo.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions

[2009/12/28 18:17:34 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2009/08/31 16:44:33 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009/07/30 20:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/07/30 20:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/07/30 20:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/07/30 20:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (325963 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 11154 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 128

O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 128

O7 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll File not found

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1078081533-1303643608-839522115-1003\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.76.224.13 201.76.224.14

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/16 17:33:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/12/28 19:48:06 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/12/28 19:48:06 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2009/12/28 19:48:07 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 14 Days ==========

 

[2009/12/28 19:48:06 | 00,000,000 | RHSD | C] -- C:\autorun.inf

[2009/12/28 19:34:52 | 00,000,000 | ---D | C] -- C:\UsbFix

[2009/12/28 19:21:49 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/28 10:09:00 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2009/12/27 18:19:32 | 00,000,000 | ---D | C] -- C:\HijackThissss

[2009/12/26 16:26:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Western Digital Corporation

[2009/12/25 15:45:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Guitarra

[2009/12/25 14:19:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy

[2009/12/23 21:39:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Lavalys

[2009/12/20 18:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Meus documentos\Native Instruments

[2009/12/20 18:42:07 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2009/12/20 18:40:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Digidesign

[2009/12/20 18:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments

[2009/12/20 18:39:45 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2009/12/20 18:38:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2009/12/20 18:38:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2009/12/20 18:38:19 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2009/12/20 18:38:13 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Native Instruments

[2009/12/20 18:38:12 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Native Instruments

[2009/12/20 18:33:09 | 00,000,000 | ---D | C] -- C:\guitarRig4

[2009/12/19 17:57:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Desktop\Nova pasta

[2009/12/16 21:36:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity

[2009/12/16 21:35:36 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)

[2009/12/14 17:49:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\LogMeIn Hamachi

[2009/09/27 16:56:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/09/27 15:37:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/08/25 13:30:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/08/23 16:22:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/08/17 21:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/08/16 17:33:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2007/01/01 00:33:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Temp

 

========== Files - Modified Within 14 Days ==========

 

[2009/12/28 20:31:28 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/28 20:28:58 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/28 20:28:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/28 20:28:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/28 19:52:56 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Home\NTUSER.DAT

[2009/12/28 19:52:56 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Home\ntuser.ini

[2009/12/28 19:48:39 | 00,005,001 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip

[2009/12/28 19:33:57 | 01,668,006 | ---- | M] () -- C:\Arquivos de programas\UsbFix.exe

[2009/12/28 19:02:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/28 10:03:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Home\Desktop\OTL.exe

[2009/12/27 18:27:48 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\CCleaner.lnk

[2009/12/26 21:10:12 | 01,250,816 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc

[2009/12/25 14:21:18 | 00,007,268 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/12/25 10:04:40 | 04,323,720 | -H-- | M] () -- C:\Documents and Settings\Home\Configurações locais\Dados de aplicativos\IconCache.db

[2009/12/24 18:28:07 | 00,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/12/23 21:39:50 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk

[2009/12/19 21:52:50 | 02,960,686 | ---- | M] () -- C:\sooolooo

[2009/12/19 21:52:48 | 00,743,744 | ---- | M] () -- C:\sooolooo2.mp3

[2009/12/19 21:41:14 | 02,118,190 | ---- | M] () -- C:\test2

[2009/12/19 21:41:14 | 01,559,086 | ---- | M] () -- C:\testeee

[2009/12/19 21:38:57 | 00,532,352 | ---- | M] () -- C:\aaaaaaaaaaaaa2.mp3

[2009/12/19 21:38:20 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2

[2009/12/19 21:32:04 | 00,532,352 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\testt

[2009/12/19 21:28:42 | 00,393,792 | ---- | M] () -- C:\aaaaaaaaaaaaa.mp3

[2009/12/19 20:46:20 | 00,466,688 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa

[2009/12/19 20:44:41 | 00,465,536 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\rec

[2009/12/19 18:54:15 | 00,011,006 | ---- | M] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg

[2009/12/16 21:36:07 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk

 

========== Files Created - No Company Name ==========

 

[2009/12/28 19:48:39 | 00,005,001 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\UsbFix_Upload_Me_NRLR-M04QJKA95R.zip

[2009/12/28 19:37:45 | 01,668,006 | ---- | C] () -- C:\Arquivos de programas\UsbFix.exe

[2009/12/26 20:48:22 | 01,250,816 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\Seqüências.doc

[2009/12/25 14:19:55 | 00,007,268 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

[2009/12/23 21:39:50 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\EVEREST Ultimate Edition.lnk

[2009/12/19 21:52:44 | 00,743,744 | ---- | C] () -- C:\sooolooo2.mp3

[2009/12/19 21:51:53 | 02,960,686 | ---- | C] () -- C:\sooolooo

[2009/12/19 21:38:55 | 00,532,352 | ---- | C] () -- C:\aaaaaaaaaaaaa2.mp3

[2009/12/19 21:38:18 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaa2

[2009/12/19 21:32:02 | 00,532,352 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\testt

[2009/12/19 21:31:17 | 02,118,190 | ---- | C] () -- C:\test2

[2009/12/19 21:19:02 | 00,393,792 | ---- | C] () -- C:\aaaaaaaaaaaaa.mp3

[2009/12/19 21:16:47 | 01,559,086 | ---- | C] () -- C:\testeee

[2009/12/19 20:46:18 | 00,466,688 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\aaaaaaaaaaaaa

[2009/12/19 20:44:39 | 00,465,536 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\rec

[2009/12/19 18:54:00 | 00,011,006 | ---- | C] () -- C:\Documents and Settings\Home\Meus documentos\cc_20091219_185359.reg

[2009/12/16 21:36:07 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\Audacity 1.3 Beta (Unicode).lnk

[2009/10/14 15:27:06 | 14,909,57360 | ---- | C] () -- C:\Arquivos de programas\ruina_de_morroc.zip

[2009/09/04 18:36:09 | 00,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/28 23:08:44 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/08/28 23:08:44 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/08/28 23:08:42 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/08/28 23:08:42 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/08/28 23:08:41 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/08/28 23:08:39 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/08/28 23:08:39 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/23 18:07:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/08/23 18:05:50 | 00,000,053 | ---- | C] () -- C:\WINDOWS\EPCX5600.ini

[2009/08/17 18:24:35 | 00,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/16 18:12:13 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2009/01/05 16:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2002/03/25 18:02:14 | 00,014,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1997/06/13 22:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

 

========== LOP Check ==========

 

[2009/09/05 22:14:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Advanced Chemistry Development

[2009/08/22 21:42:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/12/20 18:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Native Instruments

[2009/11/12 18:45:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2009/08/17 16:47:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2009/12/20 18:39:45 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}

[2009/12/20 18:42:07 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D69A48BF-7653-4AA8-94BC-5847522A4573}

[2009/12/20 18:38:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}

[2009/12/20 18:38:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}

[2009/09/05 22:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Advanced Chemistry Development

[2009/12/19 22:08:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Audacity

[2009/08/18 22:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\GrabPro

[2009/12/22 23:28:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\Orbit

[2009/12/20 18:45:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Home\Dados de aplicativos\uTorrent

 

========== Purity Check ==========

 

 

< End of report >

===//===

 

Obrigado e abraço!

[DigRam 144]

Boa Noite! RAT_GTR

 

O10 - Broken Internet access because of LSP provider 'c:\arquivos de programas\bonjour\mdnsnsp.dll' missing

<!> A remoção desta entrada,é providencial e não pode ser fixada pelo HijackThis.

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < lspfix >

<@> Salve-o no Desktop!

<@> Feche o seu navegador e todos os programas!

<@> Execute o LSP-Fix!

<@> Marque a caixa "I know what I'm doing".

<@> Procure referências ao ficheiro: mdnsnsp.dll

<@> Mova essa referência da caixa "Keep",para a "Remove".

<@> Clique em Finish,para concluir!

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

<!> Poste: HijackThis atualizado.

 

Abraços!

[RAT_GTR 0]

Bom Dia DigRam!

 

Feito!

Segue o log do HT.

===//===

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:24, on 29/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\HijackThissss\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_S88.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON Stylus CX5600 Series (cópia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE /FU "C:\WINDOWS\TEMP\E_SD7.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1ca3f992fa42274) (gupdate1ca3f992fa42274) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe

 

--

End of file - 7205 bytes

===//===

 

Obrigado, abraço!

[DigRam 144]

Boa Tarde! RAT_GTR

 

<!> Seu log está limpo! Caso queira uma rápida investigação online,sugiro: BitDefender QuickScan

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<@> Abra o OTL.exe --> Clique em --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<@> Faça uma análise em: < BitDefender_QuickScan >

<@> Na página,clique em "Permitir" para que seja instalado o complemento ao Firefox. <-- Caso utilize esse navegador!

<@> Após instalar o complemento,clique em "Iniciar Análise".

<@> Marque: "I ACCEPT" --> OK

<@> Se houver algum alerta,clique em "Interromper script" para que tenha início o scan.

<@> Concluindo,clique em "Ver registro".

<@> Poste o relatório: Report 2009-xx-yy _*_.txt

 

Abraços!

[RAT_GTR 0]

Olá DigRam!

 

Scan realmente rápido hein! :natal_laugh:

Segue o log.

===//===

BitDefender QuickScan Beta 32-bit v0.9.8.4

------------------------------------------

 

Data da análise: Tue Dec 29 14:33:11 2009

ID da máquina: 400C3E0E

 

 

 

Não foram encontradas infecções.

----------------------------------

 

 

Processos

---------

<não assinado> NIHardwareService 1956 C:\Arquivos de programas\Arquivos comuns\Native Instruments\Hardware\NIHardwareService.exe

<não assinado> Antivirus System Tray Tool 2908 C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<não assinado> Antivirus On-Access Service 1804 C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

<não assinado> Antivirus Scheduler 1640 C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

<não assinado> System settings protector 3440 C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

<verificado> COMODO Internet Security 3192 C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

<verificado> COMODO Internet Security 1160 C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

<verificado> Java Quick Starter Service 1876 C:\Arquivos de programas\Java\jre6\bin\jqs.exe

<verificado> Java Platform SE binary 2924 C:\Arquivos de programas\Java\jre6\bin\jusched.exe

<verificado> Firefox 4028 C:\Arquivos de programas\Mozilla Firefox\firefox.exe

<verificado> Windows Explorer 904 C:\WINDOWS\Explorer.EXE

<verificado> Realtek HD Audio Control Panel 2864 C:\WINDOWS\RTHDCPL.EXE

<verificado> Application Layer Gateway Service 1908 C:\WINDOWS\System32\alg.exe

<verificado> Client Server Runtime Process 720 C:\WINDOWS\system32\csrss.exe

<verificado> CTF Loader 3280 C:\WINDOWS\system32\ctfmon.exe

<verificado> hkcmd Module 2472 C:\WINDOWS\System32\hkcmd.exe

<verificado> persistence Module 2484 C:\WINDOWS\System32\igfxpers.exe

<verificado> igfxTray Module 2464 C:\WINDOWS\System32\igfxtray.exe

<verificado> LSA Shell (Export Version) 800 C:\WINDOWS\system32\lsass.exe

<verificado> Aplicativo de serviços e controle 788 C:\WINDOWS\system32\services.exe

<verificado> Gerenciador de Sessão do Windows NT 680 C:\WINDOWS\System32\smss.exe

<verificado> Spooler SubSystem App 1596 C:\WINDOWS\system32\spoolsv.exe

<verificado> Generic Host Process for Win32 Services 392 C:\WINDOWS\System32\svchost.exe

<verificado> Generic Host Process for Win32 Services 964 C:\WINDOWS\system32\svchost.exe

<verificado> Generic Host Process for Win32 Services 1044 C:\WINDOWS\system32\svchost.exe

<verificado> Generic Host Process for Win32 Services 1200 C:\WINDOWS\system32\svchost.exe

<verificado> Generic Host Process for Win32 Services 1288 C:\WINDOWS\System32\svchost.exe

<verificado> Generic Host Process for Win32 Services 1472 C:\WINDOWS\System32\svchost.exe

<verificado> Generic Host Process for Win32 Services 1748 C:\WINDOWS\System32\svchost.exe

<verificado> Aplicativo de logon do Windows NT 744 C:\WINDOWS\system32\winlogon.exe

<verificado> Windows Security Center Notification App 652 C:\WINDOWS\system32\wscntfy.exe

<verificado> Windows Update 2604 C:\WINDOWS\system32\wuauclt.exe

 

 

Atividade da Rede

-----------------

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 91.199.104.31

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - a96-7-244-20.deploy.akamaitechnologies.com

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - bf-in-f102.1e100.net

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 12.120.78.110

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - bf-in-f102.1e100.net

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - dc2.122.2o7.net

Processo firefox.exe (4028) conectado à porta 80 (HTTP) - 12.120.11.223

 

Processo svchost.exe (1044) escuta na porta: 135 (RPC)

 

 

Autoruns e arquivos críticos

----------------------------

<não assinado> Antivirus System Tray Tool C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

<não assinado> Microsoft Office 2000 component C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

<não assinado> System settings protector C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

 

<verificado> Adobe Acrobat SpeedLauncher C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe

<verificado> Adobe Reader and Acrobat Manager C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

<verificado> COMODO Internet Security C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

<verificado> Google Installer C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

<verificado> Java Platform SE binary C:\Arquivos de programas\Java\jre6\bin\jusched.exe

<verificado> Realtek HD Audio Control Panel C:\WINDOWS\RTHDCPL.EXE

<verificado> Realtek Voice Manager C:\WINDOWS\SkyTel.EXE

<verificado> Biblioteca da interface de usuário do navegador do C:\WINDOWS\system32\browseui.dll

<verificado> Crypto API32 C:\WINDOWS\system32\crypt32.dll

<verificado> Crypto Network Related API C:\WINDOWS\system32\cryptnet.dll

<verificado> Agente de rede off-line C:\WINDOWS\system32\cscdll.dll

<verificado> CTF Loader C:\WINDOWS\system32\ctfmon.exe

<verificado> COMODO Internet Security C:\WINDOWS\system32\guard32.dll

<verificado> hkcmd Module C:\WINDOWS\System32\hkcmd.exe

<verificado> igfxdev Module C:\WINDOWS\system32\igfxdev.dll

<verificado> persistence Module C:\WINDOWS\System32\igfxpers.exe

<verificado> igfxTray Module C:\WINDOWS\System32\igfxtray.exe

<verificado> Interface de logon do Windows C:\WINDOWS\system32\logonui.exe

<verificado> DLL de notificação do serviço de logon secundário C:\WINDOWS\system32\sclgntfy.dll

<verificado> DLL comum do Shell do Windows C:\WINDOWS\system32\shell32.dll

<verificado> EPSON Status Monitor 3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAL.EXE

<verificado> Objeto de serviço do shell de Systray C:\WINDOWS\system32\stobject.dll

<verificado> Aplicativo de logon Userinit c:\windows\system32\userinit.exe

<verificado> Web Site Monitor C:\WINDOWS\system32\webcheck.dll

<verificado> Notificações do Programa de Vantagens do Windows O C:\WINDOWS\system32\WgaLogon.dll

<verificado> DLL comum para receber notificações do Winlogon C:\WINDOWS\system32\wlnotify.dll

 

 

Plugins do navegador

--------------------

<não assinado> GEPlugin C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

<não assinado> Java Quick Starter binary c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

<não assinado> 6.0.12.69 C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

<não assinado> 6.0.12.69 C:\Arquivos de programas\Mozilla Firefox\plugins\nprpjplug.dll

<não assinado> bdoscandel.exe C:\WINDOWS\bdoscandel.exe

<não assinado> ipsupd.dll C:\WINDOWS\Downloaded Program Files\ipsupd.dll

<não assinado> BitDefender Online Scanner C:\WINDOWS\Downloaded Program Files\oscan82.ocx

<não assinado> Adobe Shockwave for Director Netscape plug-in, ver C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

 

<verificado> Adobe PDF Helper for Internet Explorer c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\acroiehelpershim.dll

<verificado> WindowsLiveLogin.dll c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\windowslivelogin.dll

<verificado> Google Update C:\Arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

<verificado> Adobe PDF Plug-In For Firefox and Netscape C:\Arquivos de programas\Internet Explorer\plugins\nppdf32.dll

<verificado> Java Platform SE binary c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

<verificado> RealPlayer LiveConnect-Enabled Plug-In C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

<verificado> Windows Messenger C:\Arquivos de programas\Messenger\msmsgs.exe

<verificado> 3.0.40818.0 c:\Arquivos de programas\Microsoft Silverlight\3.0.40818.0\npctrl.dll

<verificado> getplusplusadobe16249 C:\Arquivos de programas\Mozilla Firefox\plugins\np_gp.dll

<verificado> NPRuntime Script Plug-in Library for Java Depl C:\Arquivos de programas\Mozilla Firefox\plugins\npdeploytk.dll

<verificado> Default Plug-in C:\Arquivos de programas\Mozilla Firefox\plugins\npnul32.dll

<verificado> Pando Web Installer C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

<verificado> Adobe PDF Plug-In For Firefox and Netscape C:\Arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll

<verificado> RealPlayer LiveConnect-Enabled Plug-In C:\Arquivos de programas\Mozilla Firefox\plugins\nppl3260.dll

<verificado> SBSD IE Protection c:\arquivos de programas\spybot - search & destroy\sdhelper.dll

<verificado> Adobe® Flash® Player ActiveX Installer C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

<verificado> Zone.com Stats Client for MSN Messenger C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll

<verificado> Internet Explorer C:\WINDOWS\system32\ieframe.dll

<verificado> NPSWF32.dll C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll

<verificado> Fornecedor de serviços do Microsoft Windows Socket C:\WINDOWS\system32\mswsock.dll

<verificado> Microsoft Windows Rsvp 1.0 Service Provider C:\WINDOWS\system32\rsvpsp.dll

<verificado> LDAP RnR Provider DLL C:\WINDOWS\system32\winrnr.dll

 

 

Arquivos desaparecidos

----------------------

Arquivos não encontrados:

referenciado em: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"

 

 

Análise

-------

 

Nenhum arquivo carregado.

 

Fim da Análise - a comunicação levou 8 seg

Tráfego Total - 0.05 MB enviados, 2.64 KB receb

Analisados 950 arquivos e módulos - 133 segundos

===//===

 

Obrigado, abraço!

[DigRam 144]

Boa Tarde! RAT_GTR

 

<!> Computador limpo! :natal_happy:

<!> Bom trabalho! :bye:

 

Abraços!

[RAT_GTR 0]

Boa Tarde DigRam!

 

Apesar de estar tudo OK nessa parte, os problemas continuam, o que me faz crer que será algo um pouco mais dispendioso e demorado, de qualquer maneira voltarei na área de hardware para informar sobre isso e ver se o pessoal tem mais alguma sugestão.

 

Agradeço muito pela ajuda!

Obrigado e abraço!

[DigRam 144]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.