[Resolvido!] IE abre e fecha rapidamente

[gilbertoros 0]

Olá

estava tudo normal, quando entro em algum site que não me recordo, meu firewal comodo, me informa que processos estão querendo se implantar em meu sistema e se eu não havia feito nada eu deveria bloquear, foi o que eu fiz.

depois de algum tempo notei que não conseguia mais abri abas no IE 8, e quando fechei ele, quando tento abri-lo, ele simplesmente abre muito rapidamente e fecha.

O Mozila esta funcionando normalmente, e ja desinstalei o IE 8 e instalei de novo, funciona por algum tempo mas quando reinicio a maquina o problema volta.

Será virus?

Segue o log hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 19:58:53, on 27/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\My Lockbox\mylbx.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [RemoteControl9] "C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [smartDefrag] "C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [mylbx] C:\Arquivos de programas\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252193064828

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA30E960-20B3-4F84-8593-1B2150AB47EA}: NameServer = 201.21.192.116

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

 

--

End of file - 7543 bytes

[DigRam 144]

Boa Noite! gilbertoros

 

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<!> Link-4 --> < como usar o combofix >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

 

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na solicitação: "Negação de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<><><><><><><><><><><><>

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[gilbertoros 0]

Ok

Fiz os procedimentos, só me esqueci que tinha que instalar console de recuperação.

Devo fazer tudo de novo?

O IE 8 continua não funcionando, tento abril-lo e ele fecha rapidamente.

Segue os logs:

 

ComboFix 09-12-27.01 - zé 28/12/2009 3:26.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.186 [GMT -2:00]

Executando de: c:\documents and settings\zé\Desktop\ComboFix.exe

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

 

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

ADS - drivers: deleted 12 bytes in 1 streams.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-28 to 2009-12-28 ))))))))))))))))))))))))))))

.

 

2009-12-28 01:42 . 2009-12-28 03:22 -------- d-----w- C:\C.DVDRip.Dual.Audio-www.therebels.biz-Pabinho

2009-12-27 22:12 . 2009-12-27 22:12 133839 ----a-w- c:\windows\cscmon.bin

2009-12-27 21:58 . 2009-12-27 21:58 388096 ----a-r- c:\documents and settings\zé\Dados de aplicativos\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2009-12-27 07:05 . 2009-12-27 07:07 -------- dc-h--w- c:\windows\ie8

2009-12-27 00:57 . 2009-12-27 00:57 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\Apple Computer

2009-12-27 00:36 . 2009-12-27 00:37 -------- d-----w- c:\arquivos de programas\QuickTime

2009-12-27 00:36 . 2009-12-27 00:36 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple Computer

2009-12-27 00:35 . 2009-12-27 00:35 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Apple

2009-12-27 00:34 . 2009-12-27 00:34 -------- d-----w- c:\arquivos de programas\Apple Software Update

2009-12-27 00:34 . 2009-12-27 00:34 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Apple

2009-12-25 00:32 . 2009-12-25 00:32 -------- d-----w- c:\arquivos de programas\Windows Defender

2009-12-25 00:00 . 2009-12-25 00:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Comodo

2009-12-25 00:00 . 2009-12-25 19:54 171552 ----a-w- c:\windows\system32\guard32.dll

2009-12-25 00:00 . 2009-12-25 19:54 87104 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-12-25 00:00 . 2009-12-25 19:53 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-12-25 00:00 . 2009-12-25 19:53 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-12-24 04:34 . 2009-12-24 04:34 -------- d-----w- C:\My Lockbox

2009-12-24 04:33 . 2009-12-24 04:33 -------- d-----w- c:\arquivos de programas\My Lockbox

2009-12-24 04:16 . 2009-05-03 14:22 73392 ----a-w- c:\windows\system32\fsproflt.exe

2009-12-24 04:16 . 2008-06-05 21:37 43792 ----a-w- c:\windows\system32\drivers\FSPFltd.sys

2009-12-24 03:25 . 2009-12-24 23:11 -------- d-----r- c:\documents and settings\zé\My Private Folder

2009-12-24 03:23 . 2009-12-24 03:23 -------- d-----w- c:\arquivos de programas\Microsoft Private Folder 1.0

2009-12-23 21:07 . 2009-12-23 21:07 40960 ----a-r- c:\documents and settings\zé\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\Rambooster.exe1_ADE3CACCEC31480C83A0587EE60CE8DF_1.exe

2009-12-23 21:07 . 2009-12-23 21:07 40960 ----a-r- c:\documents and settings\zé\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\NewShortcut2_ADE3CACCEC31480C83A0587EE60CE8DF.exe

2009-12-23 21:07 . 2009-12-23 21:07 10134 ----a-r- c:\documents and settings\zé\Dados de aplicativos\Microsoft\Installer\{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}\ARPPRODUCTICON.exe

2009-12-23 21:07 . 2009-12-23 21:07 -------- d-----w- c:\arquivos de programas\RamBooster 2.0

2009-12-22 20:03 . 2009-12-22 20:03 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\Spam Monitor

2009-12-22 17:42 . 2009-12-25 01:13 -------- d-----w- C:\maicon

2009-12-22 04:34 . 2009-12-22 04:34 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\PCToolsFirewallPlus

2009-12-22 04:34 . 2009-12-22 04:34 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\Spam Monitor

2009-12-22 04:18 . 2009-12-25 00:23 -------- d-----w- c:\arquivos de programas\Arquivos comuns\PC Tools

2009-12-22 04:18 . 2009-12-24 23:28 -------- d-----w- c:\arquivos de programas\PC Tools Internet Security

2009-12-18 23:51 . 2009-12-18 23:51 -------- d-----w- c:\documents and settings\zé\DoctorWeb

2009-12-18 03:12 . 2009-12-18 03:12 -------- d-----w- c:\arquivos de programas\TrendMicro

2009-12-18 00:01 . 2009-12-18 01:26 -------- d-----w- C:\2012 (2009) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro

2009-12-17 21:52 . 2009-12-17 22:04 -------- d-----w- c:\arquivos de programas\Marcos Velasco Security

2009-12-16 21:45 . 2009-12-16 21:45 -------- d-----w- c:\documents and settings\Conta convidado\Dados de aplicativos\CyberLink

2009-12-16 04:19 . 2009-12-16 04:19 8 ----a-w- c:\windows\crpf.bin

2009-12-16 04:19 . 2009-12-16 04:19 4 ----a-w- c:\windows\crpf_sdum.bin

2009-12-15 20:16 . 2009-11-02 22:42 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-12-13 22:25 . 2009-12-13 22:25 -------- d-----r- C:\Sandbox

2009-12-13 22:23 . 2009-12-16 23:32 -------- d-----w- c:\arquivos de programas\Sandboxie

2009-12-12 08:29 . 2009-12-12 08:29 428985 ----a-w- c:\windows\cscmondump.bin

2009-12-12 06:31 . 2009-12-12 06:31 -------- d--h--w- c:\windows\PIF

2009-12-11 22:11 . 2009-10-19 08:47 13824 ----a-w- c:\windows\system32\cnat.exe

2009-12-11 22:11 . 2009-10-27 17:46 132424 ----a-w- c:\windows\system32\drivers\CFRMD.sys

2009-12-11 22:11 . 2009-12-24 23:59 -------- d-----w- c:\arquivos de programas\COMODO

2009-12-11 20:21 . 2009-12-11 20:22 -------- d-----w- c:\arquivos de programas\Open Subtitle Editor

2009-12-06 20:35 . 2009-12-06 20:35 4844296 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-12-02 01:26 . 2009-12-02 02:01 -------- d-----w- C:\prob

2009-11-29 21:29 . 2009-12-26 20:55 -------- d-----w- C:\LinhaDefensiva

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-28 05:38 . 2009-11-02 02:10 149014560 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-12-28 05:06 . 2009-11-02 02:10 1744544 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-12-28 03:59 . 2009-09-06 04:11 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\dvdcss

2009-12-28 03:57 . 2009-09-09 19:50 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\Vso

2009-12-27 06:22 . 2009-09-06 07:18 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\uTorrent

2009-12-25 00:23 . 2009-11-16 01:55 -------- d-----w- c:\arquivos de programas\Spyware Doctor

2009-12-25 00:22 . 2009-11-16 20:52 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Tools

2009-12-25 00:22 . 2009-09-19 20:51 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp

2009-12-23 21:28 . 2009-11-15 22:24 -------- d-----w- c:\arquivos de programas\WYSIWYG Web Builder 6

2009-12-23 20:45 . 2009-09-06 02:28 -------- d-----w- c:\arquivos de programas\CyberLink DVD Solution

2009-12-23 20:45 . 2009-09-05 06:04 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-23 19:54 . 2001-10-28 15:07 82988 ----a-w- c:\windows\system32\perfc016.dat

2009-12-23 19:54 . 2001-10-28 15:07 477230 ----a-w- c:\windows\system32\perfh016.dat

2009-12-22 20:03 . 2009-11-19 20:04 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\PCToolsFirewallPlus

2009-12-20 05:53 . 2009-10-02 03:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NOS

2009-12-20 05:52 . 2009-10-02 03:42 -------- d-----w- c:\arquivos de programas\NOS

2009-12-19 03:29 . 2009-09-05 19:12 -------- d-----w- c:\arquivos de programas\eMule

2009-12-11 21:27 . 2009-10-31 20:25 -------- d-----w- c:\arquivos de programas\CCleaner

2009-12-11 20:10 . 2009-10-03 20:27 -------- d-----w- c:\arquivos de programas\URUSoft

2009-12-09 17:03 . 2009-09-06 02:11 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GbPlugin

2009-12-09 17:03 . 2009-09-06 02:11 -------- d-----w- c:\arquivos de programas\GbPlugin

2009-12-08 00:40 . 2009-09-06 01:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-12-07 17:30 . 2009-09-06 02:12 30752 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2009-12-06 20:35 . 2009-11-12 23:44 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-12-03 18:14 . 2009-11-12 23:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-03 18:13 . 2009-11-12 23:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 15:58 . 2004-08-04 03:45 471552 ----a-w- c:\windows\AppPatch\aclayers.dll

2009-11-19 20:13 . 2009-09-14 03:46 -------- d-----w- c:\arquivos de programas\Windows Live

2009-11-19 20:12 . 2009-11-19 20:12 -------- d-----w- c:\arquivos de programas\Microsoft SQL Server Compact Edition

2009-11-19 20:10 . 2009-11-19 20:10 -------- d-----w- c:\arquivos de programas\Microsoft

2009-11-19 20:10 . 2009-11-19 20:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2009-11-19 20:04 . 2009-11-19 20:04 -------- d-----w- c:\documents and settings\LocalService\Dados de aplicativos\PCToolsSpamMonitorPlus

2009-11-19 20:02 . 2009-11-19 20:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live

2009-11-16 21:01 . 2009-11-16 21:01 -------- d-----w- c:\documents and settings\zé\Dados de aplicativos\PCToolsSpamMonitorPlus

2009-11-16 20:57 . 2009-10-19 04:22 -------- d-----w- c:\arquivos de programas\CheckPoint

2009-11-16 20:35 . 2009-10-19 04:22 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-11-15 22:27 . 2009-11-15 22:28 737280 ----a-w- c:\windows\iun6002.exe

2009-11-15 20:44 . 2009-11-04 00:04 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-11-15 20:44 . 2009-11-15 20:44 -------- d-----w- c:\arquivos de programas\Java

2009-11-15 19:41 . 2009-11-15 19:41 79488 ----a-w- c:\documents and settings\zé\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-12 19:24 . 2009-09-13 01:54 -------- d-----w- c:\arquivos de programas\WinClamAVShield

2009-11-08 04:56 . 2009-11-08 04:56 -------- d-----w- c:\arquivos de programas\MSBuild

2009-11-08 04:56 . 2009-11-08 04:56 -------- d-----w- c:\arquivos de programas\Reference Assemblies

2009-11-04 23:06 . 2009-11-04 23:06 -------- d-----w- c:\arquivos de programas\desktopTrader pro

2009-10-31 23:57 . 2009-09-06 03:08 -------- d-----w- c:\arquivos de programas\MPC HomeCinema

2009-10-31 20:17 . 2009-10-30 01:36 -------- d-----w- c:\arquivos de programas\WinScraper

2009-10-31 01:00 . 2009-10-24 22:29 -------- d-----w- c:\documents and settings\Conta convidado\Dados de aplicativos\Spyware Terminator

2009-10-29 13:08 . 2009-10-29 13:08 -------- d-----w- c:\documents and settings\Conta convidado\Dados de aplicativos\Malwarebytes

2009-10-29 07:42 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-27 11:53 . 2009-10-27 11:53 8192 ----a-w- c:\windows\system32\CSC.exe

2009-10-21 05:39 . 2004-08-04 03:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 03:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 02:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 10:34 . 2004-08-04 03:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 03:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 03:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-02 03:10 . 2009-10-02 03:10 0 ----a-w- c:\windows\nsreg.dat

2005-04-01 01:17 . 2009-09-06 02:28 40960 ----a-w- c:\arquivos de programas\Uninstall_CDS.exe

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" [2006-03-01 90112]

"RamBooster"="c:\arquivos de programas\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]

"ATICCC"="c:\arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]

"avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RemoteControl9"="c:\arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]

"BDRegion"="c:\arquivos de programas\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]

"SmartDefrag"="c:\arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2009-07-02 2453264]

"RemoteControl"="c:\arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-11-15 149280]

"mylbx"="c:\arquivos de programas\My Lockbox\mylbx.exe" [2009-08-20 1075888]

"COMODO Internet Security"="c:\arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" [2009-12-25 1800464]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:20 15360 ------w- c:\windows\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 18:40 155648 ----a-w- c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]

2008-10-13 23:41 50472 ------w- c:\arquivos de programas\CyberLink\PowerDVD9\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-11-11 01:08 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 21:20 866584 ----a-w- c:\arquivos de programas\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54662:TCP"= 54662:TCP:Emule tcp

"54672:UDP"= 54672:UDP:emule udp

 

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [11/12/2009 20:11 132424]

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [24/12/2009 02:16 43792]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/9/2009 03:05 28544]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [24/12/2009 22:00 133064]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [24/12/2009 22:00 25160]

R1 is-62GJNdrv;is-62GJNdrv;c:\windows\system32\drivers\14832250.sys [2/11/2009 00:10 148496]

R1 is-P60FPdrv;is-P60FPdrv;c:\windows\system32\drivers\72099101.sys [8/11/2009 21:40 148496]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/19 17:53];c:\arquivos de programas\CyberLink\PowerDVD9\000.fcl [28/2/2009 20:40 87536]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [12/9/2009 23:35 108289]

R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [24/12/2009 02:16 73392]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [6/9/2009 00:11 54048]

R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/4/2006 08:22 70912]

R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [5/9/2009 07:23 14976]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [6/9/2009 00:12 30752]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]

S3 TfNetMon;TfNetMon; [x]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {AA30E960-20B3-4F84-8593-1B2150AB47EA} = 201.21.192.116

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\zé\Dados de aplicativos\Mozilla\Firefox\Profiles\j1uhx1y0.default\

FF - component: c:\documents and settings\zé\Dados de aplicativos\Mozilla\Firefox\Profiles\j1uhx1y0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-28 03:37

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\arquivos de programas\CyberLink\PowerDVD9\000.fcl"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(612)

c:\windows\system32\guard32.dll

c:\windows\system32\Ati2evxx.dll

 

- - - - - - - > 'lsass.exe'(668)

c:\windows\system32\guard32.dll

 

- - - - - - - > 'explorer.exe'(3576)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Microsoft Private Folder 1.0\ShellExt.dll

c:\windows\system32\PFLib.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Tempo para conclusão: 2009-12-28 03:40:43

ComboFix-quarantined-files.txt 2009-12-28 05:40

ComboFix2.txt 2009-12-22 03:08

 

Pré-execução: 17 pasta(s) 181.299.142.656 bytes disponíveis

Pós execução: 18 pasta(s) 181.526.810.624 bytes disponíveis

 

- - End Of File - - 0D8D02C1F44438D1E358EB1BCF1CE825

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 03:48:45, on 28/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\My Lockbox\mylbx.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [RemoteControl9] "C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [smartDefrag] "C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [mylbx] C:\Arquivos de programas\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252193064828

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA30E960-20B3-4F84-8593-1B2150AB47EA}: NameServer = 201.21.192.116

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

 

--

End of file - 7532 bytes

[DigRam 144]

Bom Dia! gilbertoros

 

Fiz os procedimentos, só me esqueci que tinha que instalar console de recuperação.

Devo fazer tudo de novo?

<!> Não!

 

O IE 8 continua não funcionando, tento abril-lo e ele fecha rapidamente.

<!> ComboFix nada detectou,em sua máquina,que cause esse sintoma.

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < >

 

<@> < Link - 2 >

 

<@> < Link - 3 >

 

<@> Atualize o programa!

<@> Escolha o escaneamento Completo!

<@> Desabilite programas de proteção,ao executar o malwarebytes.

<@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme!

<@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

<@> Para maiores detalhes: < Link >

<@> Poste: mbam-log-2009-xx-xx (00-00-00).txt

 

Abraços!

[gilbertoros 0]

Boa noite

Já estou 8 horas e 20 minutos rodando o malwarebytes e nada de terminar, sendo que meus escan completo levam em torno de 2 hora e meia.

Ele detectou 1 infecção, mas não sei se vou conseguir ternminar esse scan, esta muito lento.

Porque essa lentidão no scan?

 

abs

[DigRam 144]

Boa noite

Já estou 8 horas e 20 minutos rodando o malwarebytes e nada de terminar, sendo que meus escan completo levam em torno de 2 hora e meia.

Ele detectou 1 infecção, mas não sei se vou conseguir ternminar esse scan, esta muito lento.

Porque essa lentidão no scan?

 

abs

///////////////\\\\\\\\\\\\\\\\

Opa! gilbertoros

 

<!> Pare a verificação e faça o scan rápido. ( Poste o relatório! )

 

Abraços!

[gilbertoros 0]

Olá

o scan rapido levou apenas 6 minutos, que estranho ?

Quero aqui explicar que iniciei o scan do malwarebytes, antes de ler o tópico, pois como já fui orientado anteriormente, é de prache faze-lo, por ser muito bom ,claro!

Mas no scan rapido não detectou nada!

Segue o log :

Malwarebytes' Anti-Malware 1.42

Versão do banco de dados: 3446

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

28/12/2009 23:41:08

mbam-log-2009-12-28 (23-41-08).txt

 

Tipo de Verificação: Rápida

Objetos verificados: 134125

Tempo decorrido: 6 minute(s), 21 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

[DigRam 144]

Bom Noite! gilbertoros

 

<@> Faça um escaneamento,online,em: < Eset Nod32 >

<@> Utilize o navegador Internet Explorer.

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log )

 

Abraços!

[gilbertoros 0]

Ok DigRam

Fiz o saca com o eset,ele achou um vírus, segue o log:

 

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=c1db3caa90141542853082bba77cc859

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2009-12-29 08:18:03

# local_time=2009-12-29 06:18:03 (-0300, Horário brasileiro de verão)

# country="Brazil"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1797 16775165 100 100 0 37572983 0 0

# compatibility_mode=2562 16774142 0 3 284405 284405 0 0

# compatibility_mode=3073 16777213 80 89 0 0 0 0

# compatibility_mode=6143 16777215 0 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=171729

# found=1

# cleaned=1

# scan_time=6567

F:\System Volume Information\_restore{AC0D6F27-54DD-49DA-84E6-790A572A9E60}\RP13\A0003413.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

esets_scanner_update returned -1 esets_gle=53251

[DigRam 144]

Boa Noite! gilbertoros

 

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

°°°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

 

 

<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:

 

<!> [] LOP check e [] Purity check

 

<@> Clique em: < > --> Aguarde!

<@> Poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[gilbertoros 0]

Ok

Desinstalei o combofix, porem não sei o que é OTL.exe, onde esta isto?

 

abraço

[DigRam 144]

Ok

Desinstalei o combofix, porem não sei o que é OTL.exe, onde esta isto?

 

abraço

°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°

Opa! gilbertoros

 

<!> Houve um erro na afixagem do procedimento com o OTL. Já foi feita a correção!

 

Abraços1

[gilbertoros 0]

Ok, obrigado DigRam !

segue os logs:

 

OTL logfile created on: 29/12/2009 21:21:39 - Run 2

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\zé\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,00 Mb Total Physical Memory | 95,00 Mb Available Physical Memory | 19,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 46,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 234,64 Gb Total Space | 168,71 Gb Free Space | 71,90% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 13,06 Gb Free Space | 66,83% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 37,41 Gb Total Space | 19,43 Gb Free Space | 51,93% Space Free | Partition Type: NTFS

Drive G: | 17,57 Gb Total Space | 12,48 Gb Free Space | 71,04% Space Free | Partition Type: NTFS

Drive H: | 231,12 Gb Total Space | 107,76 Gb Free Space | 46,63% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: zé-87B52E

Current User Name: zé

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\zé\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\My Lockbox\mylbx.exe (FSPro Labs)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\WINDOWS\system32\fsproflt.exe (FSPro Labs)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Arquivos de programas\CyberLink\Shared Files\brs.exe (cyberlink)

PRC - C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe ()

PRC - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Arquivos de programas\ASUS\Cool & Quiet\cool&quiet.exe ()

PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

PRC - C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\zé\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\guard32.dll (COMODO)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (cmdAgent) -- C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (fsproflt) -- C:\WINDOWS\system32\fsproflt.exe (FSPro Labs)

SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (prfldsvc) -- C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe ()

SRV - (Ati HotKey Poller) -- C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

SRV - (ATI Smart) -- C:\WINDOWS\system32\ati2sgag.exe ()

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)

DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)

DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (CFRMD) -- C:\WINDOWS\system32\drivers\cfrmd.sys (COMODO Security Solutions Inc.)

DRV - (pcouffin) -- C:\WINDOWS\system32\drivers\pcouffin.sys (VSO Software)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Arquivos de programas\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (is-P60FPdrv) -- C:\WINDOWS\system32\drivers\72099101.sys (Kaspersky Lab)

DRV - (is-62GJNdrv) -- C:\WINDOWS\system32\drivers\14832250.sys (Kaspersky Lab)

DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)

DRV - (FSProFilter) -- C:\WINDOWS\System32\Drivers\FSPFltd.sys (FSPro Labs)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Prvflder) -- C:\WINDOWS\system32\drivers\prvflder.sys (Windows ® 2000 DDK provider)

DRV - (AsIO) -- C:\WINDOWS\system32\drivers\AsIO.sys ()

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-1123561945-838170752-725345543-1003\S-1-5-21-1123561945-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/26 22:37:23 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/26 22:37:22 | 00,000,000 | ---D | M]

 

[2009/10/24 20:10:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\Mozilla\Extensions

[2009/12/28 23:34:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\Mozilla\Firefox\Profiles\j1uhx1y0.default\extensions

[2009/11/15 19:14:42 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\zé\Dados de aplicativos\Mozilla\Firefox\Profiles\j1uhx1y0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2009/12/28 23:34:26 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2009/12/26 18:48:56 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/12/26 18:48:56 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/12/26 18:48:56 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/12/26 18:48:56 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: (774 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKLM..\Run: [ATICCC] C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [bDRegion] C:\Arquivos de programas\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [COMODO Internet Security] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4 - HKLM..\Run: [mylbx] C:\Arquivos de programas\My Lockbox\mylbx.exe (FSPro Labs)

O4 - HKLM..\Run: [RemoteControl] C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [smartDefrag] C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1123561945-838170752-725345543-1003..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-1123561945-838170752-725345543-1003..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe (J.Pajula)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1123561945-838170752-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252193064828 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/05 03:50:36 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2009/05/09 00:46:11 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2009/12/29 19:43:46 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\zé\Desktop\OTL.exe

[2009/12/29 19:14:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/12/29 00:46:00 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\ESET

[2009/12/27 23:42:20 | 00,000,000 | ---D | C] -- C:\C.DVDRip.Dual.Audio-www.therebels.biz-Pabinho

[2009/12/27 05:05:14 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll

[2009/12/27 05:05:14 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll

[2009/12/26 22:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\Dados de aplicativos\Apple Computer

[2009/12/26 22:36:14 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\QuickTime

[2009/12/26 22:36:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

[2009/12/26 22:35:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Apple

[2009/12/26 22:35:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\Apple

[2009/12/26 22:34:52 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Apple Software Update

[2009/12/26 22:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

[2009/12/26 22:34:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\Apple Computer

[2009/12/24 22:32:22 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Defender

[2009/12/24 22:00:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Comodo

[2009/12/24 22:00:01 | 00,171,552 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll

[2009/12/24 22:00:01 | 00,133,064 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys

[2009/12/24 22:00:01 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys

[2009/12/24 22:00:01 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys

[2009/12/24 02:34:14 | 00,000,000 | ---D | C] -- C:\My Lockbox

[2009/12/24 02:33:32 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\My Lockbox

[2009/12/24 02:16:15 | 00,073,392 | ---- | C] (FSPro Labs) -- C:\WINDOWS\System32\fsproflt.exe

[2009/12/24 02:16:08 | 00,043,792 | ---- | C] (FSPro Labs) -- C:\WINDOWS\System32\drivers\FSPFltd.sys

[2009/12/24 01:25:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\zé\My Private Folder

[2009/12/24 01:23:03 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Private Folder 1.0

[2009/12/23 19:07:57 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\RamBooster 2.0

[2009/12/22 18:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\PCToolsFirewallPlus

[2009/12/22 18:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Spam Monitor

[2009/12/22 15:42:45 | 00,000,000 | ---D | C] -- C:\maicon

[2009/12/22 02:34:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\Dados de aplicativos\PCToolsFirewallPlus

[2009/12/22 02:34:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\Dados de aplicativos\Spam Monitor

[2009/12/22 02:18:50 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\PC Tools

[2009/12/22 02:18:41 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\PC Tools Internet Security

[2009/12/20 17:16:00 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2009/12/18 21:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\zé\DoctorWeb

[2009/12/18 21:44:49 | 25,611,800 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\zé\Desktop\cureit.exe

[2009/12/18 01:13:39 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\zé\Recent

[2009/12/18 01:12:43 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TrendMicro

[2009/12/17 22:01:44 | 00,000,000 | ---D | C] -- C:\2012 (2009) DVDRip XviD-MAXSPEED www.torentz.3xforum.ro

[2009/12/17 19:52:04 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Marcos Velasco Security

[2009/12/15 21:15:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/12/15 18:16:05 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2009/12/13 20:25:14 | 00,000,000 | R--D | C] -- C:\Sandbox

[2009/12/13 20:23:15 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Sandboxie

[2009/12/12 04:31:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/12/11 20:11:48 | 00,013,824 | ---- | C] (COMODO Security Solutions Inc.) -- C:\WINDOWS\System32\cnat.exe

[2009/12/11 20:11:40 | 00,132,424 | ---- | C] (COMODO Security Solutions Inc.) -- C:\WINDOWS\System32\drivers\CFRMD.sys

[2009/12/11 20:11:20 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\COMODO

[2009/12/11 18:21:59 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Open Subtitle Editor

[2009/12/01 23:26:27 | 00,000,000 | ---D | C] -- C:\prob

[2009/11/19 18:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\PCToolsSpamMonitorPlus

[2009/11/16 18:25:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/16 18:25:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Threat Expert

[2009/09/11 01:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Ashampoo Antivirus

[2009/09/09 17:50:47 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\zé\Dados de aplicativos\pcouffin.sys

[2009/09/07 02:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

[2009/09/05 23:27:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/09/05 03:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2009/12/29 20:12:37 | 00,000,482 | ---- | M] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job

[2009/12/29 20:12:32 | 00,133,813 | ---- | M] () -- C:\WINDOWS\cscmon.bin

[2009/12/29 19:43:57 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\zé\Desktop\OTL.exe

[2009/12/29 17:15:27 | 00,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/12/29 17:15:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/29 17:12:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/29 17:11:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/29 16:44:29 | 57,884,2656 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2009/12/29 16:44:29 | 01,762,160 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2009/12/29 00:37:12 | 06,291,456 | ---- | M] () -- C:\Documents and Settings\zé\NTUSER.DAT

[2009/12/29 00:37:12 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\zé\ntuser.ini

[2009/12/29 00:37:05 | 14,640,650 | -H-- | M] () -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\IconCache.db

[2009/12/28 22:03:35 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\Launch Rambooster 2.0.lnk

[2009/12/28 03:48:24 | 00,002,503 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\HiJackThis.lnk

[2009/12/28 03:38:01 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/12/28 01:57:25 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\zé\Dados de aplicativos\vso_ts_preview.xml

[2009/12/27 23:32:09 | 00,000,109 | ---- | M] () -- C:\Documents and Settings\zé\default.pls

[2009/12/27 23:32:08 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/27 23:30:37 | 00,236,544 | ---- | M] () -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/27 22:00:07 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009/12/27 21:35:21 | 00,091,572 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\PERLMAN%20PDF.pdf

[2009/12/27 19:36:37 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2009/12/27 04:26:36 | 00,043,528 | ---- | M] () -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/12/27 04:24:37 | 00,196,960 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/12/26 22:36:46 | 00,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/12/25 17:54:04 | 00,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll

[2009/12/25 17:54:01 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys

[2009/12/25 17:53:59 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys

[2009/12/25 17:53:58 | 00,133,064 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys

[2009/12/24 22:04:17 | 00,000,848 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2009/12/24 02:33:35 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\My Lockbox.lnk

[2009/12/23 17:54:13 | 00,477,230 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/12/23 17:54:13 | 00,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/23 17:54:13 | 00,082,988 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/12/23 17:54:13 | 00,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/23 17:54:12 | 01,085,158 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/23 01:07:40 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\zé\NTUSER.DAT.new.bak

[2009/12/21 23:39:38 | 00,114,390 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\passo-a-passo_acesso_fotos-1.pdf

[2009/12/18 21:45:06 | 25,611,800 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\zé\Desktop\cureit.exe

[2009/12/17 20:04:11 | 00,001,037 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MV RegCompact 1.3.lnk

[2009/12/17 19:52:07 | 00,001,013 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk

[2009/12/16 02:19:50 | 00,000,008 | ---- | M] () -- C:\WINDOWS\crpf.bin

[2009/12/16 02:19:50 | 00,000,004 | ---- | M] () -- C:\WINDOWS\crpf_sdum.bin

[2009/12/12 06:29:19 | 00,428,985 | ---- | M] () -- C:\WINDOWS\cscmondump.bin

[2009/12/11 20:23:42 | 00,000,609 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\Atalho para Iniciar-BankerFix.lnk

[2009/12/11 20:11:28 | 00,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk

[2009/12/11 19:27:33 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\CCleaner.lnk

[2009/12/11 18:10:29 | 00,001,885 | ---- | M] () -- C:\Documents and Settings\zé\Desktop\Subtitle Workshop.lnk

[2009/12/07 22:40:45 | 00,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2009/12/07 15:30:22 | 00,030,752 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2009/12/27 21:35:20 | 00,091,572 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\PERLMAN%20PDF.pdf

[2009/12/27 20:12:29 | 00,133,813 | ---- | C] () -- C:\WINDOWS\cscmon.bin

[2009/12/26 22:36:46 | 00,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2009/12/24 22:35:49 | 00,000,346 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2009/12/24 22:04:17 | 00,000,848 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk

[2009/12/24 02:33:35 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\My Lockbox.lnk

[2009/12/23 19:07:57 | 00,002,497 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\Launch Rambooster 2.0.lnk

[2009/12/23 17:53:15 | 00,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2009/12/21 23:39:36 | 00,114,390 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\passo-a-passo_acesso_fotos-1.pdf

[2009/12/18 01:12:44 | 00,002,503 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\HiJackThis.lnk

[2009/12/17 20:04:11 | 00,001,037 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MV RegCompact 1.3.lnk

[2009/12/17 19:52:07 | 00,001,013 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MV RegClean 5.9.lnk

[2009/12/16 02:19:50 | 00,000,008 | ---- | C] () -- C:\WINDOWS\crpf.bin

[2009/12/16 02:19:50 | 00,000,004 | ---- | C] () -- C:\WINDOWS\crpf_sdum.bin

[2009/12/12 06:29:16 | 00,428,985 | ---- | C] () -- C:\WINDOWS\cscmondump.bin

[2009/12/11 20:23:42 | 00,000,609 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\Atalho para Iniciar-BankerFix.lnk

[2009/12/11 20:11:51 | 00,000,482 | ---- | C] () -- C:\WINDOWS\tasks\COMODO System Cleaner Update.job

[2009/12/11 20:11:28 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO System - Cleaner.lnk

[2009/12/11 19:27:32 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\CCleaner.lnk

[2009/12/11 18:10:29 | 00,001,885 | ---- | C] () -- C:\Documents and Settings\zé\Desktop\Subtitle Workshop.lnk

[2009/11/29 19:03:09 | 00,000,257 | ---- | C] () -- C:\WINDOWS\logthis.ini

[2009/10/26 20:55:18 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009/09/10 21:28:37 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/09/09 17:51:00 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\zé\Dados de aplicativos\vso_ts_preview.xml

[2009/09/09 17:50:51 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\zé\Dados de aplicativos\pcouffin.log

[2009/09/09 17:50:47 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\zé\Dados de aplicativos\pcouffin.cat

[2009/09/09 17:50:47 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\zé\Dados de aplicativos\pcouffin.inf

[2009/09/06 00:57:51 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/09/06 00:28:42 | 00,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe

[2009/09/05 07:23:29 | 00,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS

[2009/09/05 07:23:16 | 00,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI

[2009/09/05 05:07:52 | 00,236,544 | ---- | C] () -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/05 04:32:49 | 00,000,141 | ---- | C] () -- C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\fusioncache.dat

[2009/09/05 04:06:27 | 00,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll

[2009/09/05 04:06:27 | 00,005,685 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys

[2009/09/05 04:06:25 | 00,005,120 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys

[2009/09/05 04:06:25 | 00,003,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys

[2009/09/05 04:04:31 | 00,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009/09/05 04:04:26 | 00,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini

[2009/09/05 04:03:27 | 00,005,177 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2009/09/05 04:03:25 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2009/09/05 04:03:22 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2004/06/06 13:53:42 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004/06/05 13:56:16 | 00,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2003/04/07 09:30:02 | 00,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/05/15 21:38:40 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

[2002/05/04 11:19:00 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll

[2002/04/21 16:30:14 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/04/01 20:16:30 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2002/04/01 20:16:14 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/04/01 20:15:40 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2001/06/22 09:06:02 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\MPEG2DEC.dll

[2000/07/22 13:49:46 | 00,431,104 | ---- | C] () -- C:\WINDOWS\System32\VFCodec.dll

 

========== LOP Check ==========

 

[2009/10/21 00:48:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Spyware Terminator

[2009/12/09 15:03:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/12/24 22:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp

[2009/09/09 19:24:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2009/10/24 20:29:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Conta convidado\Dados de aplicativos\CheckPoint

[2009/10/24 20:29:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Conta convidado\Dados de aplicativos\IObit

[2009/10/30 23:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Conta convidado\Dados de aplicativos\Spyware Terminator

[2009/10/19 14:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Dados de aplicativos\CheckPoint

[2009/09/25 15:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Dados de aplicativos\IObit

[2009/09/29 18:34:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Dados de aplicativos\PCToolsFirewallPlus

[2009/09/18 22:03:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Convidado\Dados de aplicativos\Spyware Terminator

[2009/10/19 02:24:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\CheckPoint

[2009/09/06 00:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\InterTrust

[2009/10/02 02:34:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\IObit

[2009/12/22 02:34:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\PCToolsFirewallPlus

[2009/11/16 19:01:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\PCToolsSpamMonitorPlus

[2009/09/06 19:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\RadLight Company

[2009/12/22 02:34:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\Spam Monitor

[2009/12/27 04:22:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\uTorrent

[2009/12/28 01:57:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\zé\Dados de aplicativos\Vso

[2009/12/22 18:03:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\PCToolsFirewallPlus

[2009/11/19 18:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\PCToolsSpamMonitorPlus

[2009/12/22 18:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Spam Monitor

[2009/12/29 17:15:27 | 00,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2009/12/27 22:00:07 | 00,000,422 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 8 bytes -> C:\WINDOWS\System32\drivers:IncompleteBoot.cnt

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:DFC5A2B2

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:430C6D84

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:1CA73D29

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:A8ADE5D8

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:C31F31E6

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:5160F090

< End of report >

 

OTL Extras logfile created on: 29/12/2009 20:56:51 - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\zé\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,00 Mb Total Physical Memory | 167,00 Mb Available Physical Memory | 33,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 50,00% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 234,64 Gb Total Space | 168,72 Gb Free Space | 71,91% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 13,06 Gb Free Space | 66,83% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 37,41 Gb Total Space | 19,43 Gb Free Space | 51,93% Space Free | Partition Type: NTFS

Drive G: | 17,57 Gb Total Space | 12,48 Gb Free Space | 71,04% Space Free | Partition Type: NTFS

Drive H: | 231,12 Gb Total Space | 107,76 Gb Free Space | 46,63% Space Free | Partition Type: NTFS

I: Drive not present or media not loaded

 

Computer Name: zé-87B52E

Current User Name: zé

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1123561945-838170752-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"54662:TCP" = 54662:TCP:*:Enabled:Emule tcp

"54672:UDP" = 54672:UDP:*:Enabled:emule udp

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\RadLight Company\RadLight 4.0\rlkernel.exe" = C:\Arquivos de programas\RadLight Company\RadLight 4.0\rlkernel.exe:*:Enabled:Kernel Executable -- (RadLight)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet

"{1CBCC734-E92F-C744-D86C-3699D5351033}" = Nero 7 Demo

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{449480D4-67ED-4104-A8C0-21E08B08D592}" = Windows Live Mail

"{45A2FB35-F690-4C4C-A7C4-C597F62BED6C}" = ATI Catalyst Control Center

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0

"{64C13A35-B44C-47E5-88DC-0916FCE1E7C1}" = Sophos Free Encryption 2.40.1

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B3208C6-D2DE-4FE8-9DAB-B58AA32F8135}_is1" = Open Subtitle Editor 0.1.2

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.0

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{ED19FDBF-21F0-48EC-92AB-818BB1A600DB}" = COMODO System-Cleaner

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal

"All ATI Software" = ATI - Utilitário de desinstalação de software

"ATI Display Driver" = ATI Display Driver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner

"COMODO Internet Security" = COMODO Internet Security

"desktopTrader pro" = desktopTrader pro 1.0

"DVD Decrypter" = DVD Decrypter (Remove Only)

"eMule" = eMule

"ESET Online Scanner" = ESET Online Scanner v3

"ffdshow" = ffdshow (remove only)

"GOM Player" = GOM Player

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV RegClean 5.9_is1" = MV RegClean 5.9

"MV RegCompact 1.3_is1" = MV RegCompact 1.3

"My Lockbox_is1" = My Lockbox 1.4 for Windows 2000/XP

"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)

"NitroPC" = NitroPC

"RatingsMigration" = Windows Media Player 9 Series Power Toy - Ratings Migration

"RealAlt_is1" = Real Alternative 2.0.0 Lite

"Smart Defrag_is1" = Smart Defrag 1.20

"SubtitleWorkshop" = Subtitle Workshop 2.51

"Tweak UI 2.10" = Tweak UI

"TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy

"uTorrent" = µTorrent

"VLC media player" = VideoLAN VLC media player 0.8.6

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XviD_is1" = XviD MPEG-4 Video Codec

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 29/12/2009 15:15:13 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 15:15:13 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 16:50:17 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 16:50:17 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 16:56:13 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 16:56:13 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 18:27:14 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 18:27:14 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 18:44:21 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

Error - 29/12/2009 18:44:21 | Computer Name = zé-87B52E | Source = Userenv | ID = 1041

Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

 

[ System Events ]

Error - 29/12/2009 02:20:34 | Computer Name = zé-87B52E | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: TfFsMon TfSysMon

 

Error - 29/12/2009 07:35:19 | Computer Name = zé-87B52E | Source = BROWSER | ID = 8032

Description = O serviço localizador não pôde recuperar a lista de backup muitas

vezes no transporte \Device\NetBT_Tcpip_{AA30E960-20B3-4F84-8593-1B2150AB47EA}. O

localizador reserva está finalizando.

 

Error - 29/12/2009 14:35:07 | Computer Name = zé-87B52E | Source = Srv | ID = 2020

Description = O servidor não pôde alocar a memória paginável do sistema porque esta

estava vazia.

 

Error - 29/12/2009 14:36:07 | Computer Name = zé-87B52E | Source = Srv | ID = 2020

Description = O servidor não pôde alocar a memória paginável do sistema porque esta

estava vazia.

 

Error - 29/12/2009 14:37:07 | Computer Name = zé-87B52E | Source = Srv | ID = 2020

Description = O servidor não pôde alocar a memória paginável do sistema porque esta

estava vazia.

 

Error - 29/12/2009 14:41:07 | Computer Name = zé-87B52E | Source = Srv | ID = 2020

Description = O servidor não pôde alocar a memória paginável do sistema porque esta

estava vazia.

 

Error - 29/12/2009 14:43:43 | Computer Name = zé-87B52E | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume4'. O monitoramento do volume

foi interrompido.

 

Error - 29/12/2009 14:44:03 | Computer Name = zé-87B52E | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: TfFsMon TfSysMon

 

Error - 29/12/2009 15:12:12 | Computer Name = zé-87B52E | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume4'. O monitoramento do volume

foi interrompido.

 

Error - 29/12/2009 15:12:32 | Computer Name = zé-87B52E | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: TfFsMon TfSysMon

 

 

< End of report >

[DigRam 144]

Boa Noite! gilbertoros

 

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:files

C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKU\S-1-5-21-1123561945-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:DFC5A2B2

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:430C6D84

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:1CA73D29

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:A8ADE5D8

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:C31F31E6

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\Temp:5160F090

 

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[gilbertoros 0]

Ok DigRam !

Segue os logs :

All processes killed

========== FILES ==========

File\Folder C:\Documents and Settings\zé\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_USERS\S-1-5-21-1123561945-838170752-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.

Registry value HKEY_USERS\S-1-5-21-1123561945-838170752-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.

Registry value HKEY_USERS\S-1-5-21-1123561945-838170752-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\002683_.tmp deleted successfully.

C:\WINDOWS\SET1.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET5.tmp deleted successfully.

C:\WINDOWS\SET9.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:DFC5A2B2 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:430C6D84 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:1CA73D29 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:A8ADE5D8 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:C31F31E6 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\Temp:5160F090 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 3327807 bytes

 

User: All Users

 

User: Conta convidado

->Temp folder emptied: 73841 bytes

->Temporary Internet Files folder emptied: 2095053 bytes

->FireFox cache emptied: 102453998 bytes

 

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1193379 bytes

->FireFox cache emptied: 43953417 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: zé

->Temp folder emptied: 1502029 bytes

->Temporary Internet Files folder emptied: 19479209 bytes

->Java cache emptied: 13690431 bytes

->FireFox cache emptied: 81893962 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: NetworkService

->Temp folder emptied: 4988 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 43921 bytes

RecycleBin emptied: 51431 bytes

 

Total Files Cleaned = 257,00 mb

 

 

OTL by OldTimer - Version 3.1.20.1 log created on 12292009_222436

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 22:34:48, on 29/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\system32\fsproflt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\My Lockbox\mylbx.exe

C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

C:\Arquivos de programas\Windows Defender\MSASCui.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe

C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\TrendMicro\HiJackThis\HiJackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [RemoteControl9] "C:\Arquivos de programas\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Arquivos de programas\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [smartDefrag] "C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [mylbx] C:\Arquivos de programas\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [Windows Defender] "C:\Arquivos de programas\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [RamBooster] C:\Arquivos de programas\RamBooster 2.0\Rambooster.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252193064828

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA30E960-20B3-4F84-8593-1B2150AB47EA}: NameServer = 201.21.192.116

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Arquivos de programas\Microsoft Private Folder 1.0\PrfldSvc.exe

 

--

End of file - 7093 bytes

[DigRam 144]

Bom Dia! gilbertoros

 

<!> O navegador ( IE8 ),ainda,fecha rapidamente?

<!> Caso o problema continue,coloque-o no modo padrão. ( ...de fábrica! )

<!> Caso não resolva,desinstale-o e,à seguir,a atualização SP3 --> Instale o IE8 e depois a atualização SP3.

 

Abraços!

[gilbertoros 0]

Olá

DigRam, esta acontecendo o seguinte:

O problema de fechar o IE8, continuou, aí desinstalei o IE8, sp1, sp2 e sp2.

Fui tentar acessar o update, e daum erro , perguntando se sou o administrador e que não posso acessa-lo!

Então consegui baixar as atualizações pelo icone do windows , que fica no canto inferior direito do monitor!

O windows então me informou que teria que desligar, para que instala-se, fiz isso ele, me mostrou instalado, so ao reiniciar a maquina, não esta nada instalado, e o windows sempre me pede para baixar tres atualizações do xp, só que nunca são instaladas!

Já tentei varias vezes, e sempre ocorre a mesma coisa, ao desligar, o windows me informa que esta instalando, mas não insta-la!

 

Feliz ano novo

[DigRam 144]

Olá

DigRam, esta acontecendo o seguinte:

O problema de fechar o IE8, continuou, aí desinstalei o IE8, sp1, sp2 e sp2.

Fui tentar acessar o update, e daum erro , perguntando se sou o administrador e que não posso acessa-lo!

Então consegui baixar as atualizações pelo icone do windows , que fica no canto inferior direito do monitor!

O windows então me informou que teria que desligar, para que instala-se, fiz isso ele, me mostrou instalado, so ao reiniciar a maquina, não esta nada instalado, e o windows sempre me pede para baixar tres atualizações do xp, só que nunca são instaladas!

Já tentei varias vezes, e sempre ocorre a mesma coisa, ao desligar, o windows me informa que esta instalando, mas não insta-la!

 

Feliz ano novo

//////////////\\\\\\\\\\\\\

Opa! gilbertoros

 

<!> A desinstalação,foi instruída da seguinte forma: IE8 --> SP3,onde os outros patches não seriam desinstalados.

°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°

<@> Baixe: < Dial-a-fix >

<@> Tire-o do zip!

<@> Marque as caixinhas: < > "Fix Windows Update" ou "Fix Windows Installer" --> Clique em "GO".

<@> Aguarde a barra de status exibir: "READY"

<@> Clique: "Flush SoftwareDistribution" --> Sim.

<@> Ps: Se houver entradas assinaladas em "Restrictive policies",clique em "Remove" --> Close.

<@> Baixe e instale: < SP3 >

<@> Instale,à seguir,o IE8.

 

Abraços!

[gilbertoros 0]

Boa noite DigRam

Sim, cometi um erro, achei que o sp3 não estava instalado, e acabei desinstalando sp1 e sp2, só depois vi que o sp3 estava mais embaixo na caixa de programas!

 

Fiz agora os procedimentos, que você me passou, porem o problema no IE8 continua, abre e fecha rapidamente.

Tambem ocorreu falha em 2 atualizações que não puderam ser instaladas, já tentei mais de uma vez:

 

Algumas atualizações não puderam ser instaladas

 

 

Atualização de segurança para o Microsoft .NET Framework, versão 2.0 (KB928365)

Atualização para o Windows XP (KB976098)

[DigRam 144]

Boa Noite! gilbertoros

 

<@> Baixe: < Norman Malware Cleaner >

<@> Salve-o no desktop.

<@> Abra o arquivo e clique em Executar --> Accept.

<@> Clique em Add,para adicionar ou Remove,para remover unidades/setores à serem escaneados. ( C:\*.*,D:\*.*,E:\*.*,etc... )

<@> Clique em "Start scan" --> Aguarde!

<@> Terminando,poste o relatório,que estará no desktop. ( NFix_2009-xx-xx_yy-yy-yy.log ) <--

°°°°°°°°°°°°°°°°°°°°°°

°°°°°°°°°°°°°°°°°°°°°°

<1> Seleccione e copie cuidadosamente o seguinte comando:  %windir%\ie8\spuninst\spuninst.exe<2> Clique em Iniciar e, em seguida, clique em Executar.<3> Na caixa Abrir, escreva Cmd.exe e, em seguida, aperte ENTER.<4> Clique com o botão direito do mouse dentro da janela Cmd.exe e, em seguida, clique em Colar para colar o comando que copiou no passo 1.<5> Aperte ENTER para desinstalar o Internet Explorer 8.<6> Quando o programa de desinstalação estiver concluído, reinicie o computador.

<!> Desinstale o Internet Explorer 8,por esse comando. Posteriormente,instale-o novamente.

<!> Baixe daqui o instalador: < IE8 >

 

Abraços!