[Arquivado] PC lento (worm?)

epfernandes · Janeiro 21, 2010

Boas srs

Tenho sofrido com uma certa lentidão em meu Pc e creio que o motivo seja algum tipo de praga virtual.

Segue meu log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:49:16, on 21/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\csrcs.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

C:\WINDOWS\system32\net.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\User\CONFIG~1\Temp\Rar$EX00.968\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1262278586&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1046&id=64855&mkt=pt-br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [EPSON Stylus CX8300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEL.EXE /FU "C:\WINDOWS\TEMP\E_S80.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKLM\..\Policies\Explorer\Run: [Logitech SetPointX] C:\WINDOWS\system32\soihna.exe

O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: siszyd32.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.flvdirect.com

O15 - ESC Trusted Zone: http://www.flvdirect.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--

End of file - 6581 bytes

Desde já agradeço qualquer ajuda.

Abraços

PedroN · Janeiro 21, 2010

Malwarebytes

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

-- Salve o programa no seu Desktop (área de trabalho)

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

• Baixe:OTL.exe

• Salve-o no desktop!

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

-- [] LOP check e [] Purity check

• Clique em: e aguarde.

• Poste:

1) OTL.txt <-- <3>

2) Extra.txt <--

epfernandes · Janeiro 22, 2010

Olá PedroN

Seguem os logs:

Malwarebyte´s

Malwarebytes' Anti-Malware 1.44
Versão do banco de dados: 3616

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

22/1/2010 19:57:28

mbam-log-2010-01-22 (19-57-28).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 130102

Tempo decorrido: 11 minute(s), 46 second(s)

Processos da Memória infectados: 1

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 2

Valores do Registro infectados: 1

Ítens do Registro infectados: 4

Pastas infectadas: 0

Arquivos infectados: 6

Processos da Memória infectados:

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Unloaded process successfully.

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Valores do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\csrcs (Trojan.Agent) -> Quarantined and deleted successfully.

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Documents and Settings\User\FLVDirect.exe (Adware.MediaPass) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\siszyd32.exe (Worm.KoobFace) -> Delete on reboot.

C:\Documents and Settings\User\Meus documentos\Downloads\rkfree_setup.exe (Keylogger.Logixoft) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\drivers\muhsop.sys (Rootkit.Agent) -> Delete on reboot.

C:\WINDOWS\system32\csrcs.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\User\Dados de aplicativos\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

OTL

OTL.txt

OTL logfile created on: 22/1/2010 20:00:44 - Run 1

OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\User\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 97,65 Gb Total Space | 73,94 Gb Free Space | 75,72% Space Free | Partition Type: NTFS

Drive D: | 51,39 Gb Total Space | 50,43 Gb Free Space | 98,14% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-7CF38FC2AC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Meus documentos\Downloads\OTL(2).exe (OldTimer Tools)

PRC - D:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEL.EXE (SEIKO EPSON CORPORATION)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Meus documentos\Downloads\OTL(2).exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (IAANTMON) Intel® -- C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (usnjsvc) -- C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (fsbts) -- C:\WINDOWS\system32\Drivers\fsbts.sys ()

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1292428093-73586283-527237240-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1262278586&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1046&id=64855&mkt=pt-br

IE - HKU\S-1-5-21-1292428093-73586283-527237240-1003\S-1-5-21-1292428093-73586283-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "http://www.gavca.com/modules.php?name=Forums"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/01/05 22:23:46 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/01/08 00:51:54 | 00,000,000 | ---D | M]

[2009/09/27 16:36:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions

[2009/11/11 19:59:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\yv0gv4gm.default\extensions

[2009/12/31 14:44:26 | 00,000,266 | ---- | M] () -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\yv0gv4gm.default\searchplugins\Search.xml

[2010/01/22 18:05:54 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/01/08 00:51:28 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

[2009/08/24 17:27:45 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/08/24 17:27:45 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/08/24 17:27:45 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/08/24 17:27:45 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2008/04/14 10:00:00 | 00,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-1292428093-73586283-527237240-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AzMixerSel] C:\Arquivos de programas\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [iAAnotif] C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\S-1-5-21-1292428093-73586283-527237240-1003..\Run: [EPSON Stylus CX8300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEL.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-1292428093-73586283-527237240-1003..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found

O4 - HKLM..\RunServices: [csrcs] C:\WINDOWS\System32\csrcs.exe File not found

O4 - Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\siszyd32.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Logitech SetPointX = C:\WINDOWS\system32\soihna.exe File not found

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1292428093-73586283-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKU\S-1-5-21-1292428093-73586283-527237240-1003\..Trusted Domains: flvdirect.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1292428093-73586283-527237240-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.211.192.167 200.211.192.168

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/28 12:49:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{26323f1d-f70d-11de-a172-00235ae10772}\Shell\AutoRun\command - "" = F:\jOnqno.eXE -- File not found

O33 - MountPoints2\{26323f1d-f70d-11de-a172-00235ae10772}\Shell\open\cOMMAnD - "" = F:\jOnQno.ExE -- File not found

O33 - MountPoints2\{97fa1b28-9c17-11de-a0b9-00235ae10772}\Shell - "" = AutoRun

O33 - MountPoints2\{c1018dee-efd2-11de-a158-00235ae10772}\Shell\AutoRun\command - "" = F:\jOnqno.eXE -- File not found

O33 - MountPoints2\{c1018dee-efd2-11de-a158-00235ae10772}\Shell\open\cOMMAnD - "" = F:\jOnQno.ExE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/22 18:21:19 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent

[2010/01/21 22:35:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Malwarebytes

[2010/01/21 22:35:55 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/21 22:35:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/21 22:35:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/01/11 22:44:23 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\AdorageI-SAL

[2010/01/10 01:20:42 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live

[2010/01/09 21:02:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages

[2010/01/09 19:59:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\vdownloader

[2010/01/08 20:19:00 | 03,362,460 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des

[2010/01/08 19:40:47 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys

[2010/01/08 19:40:41 | 00,000,000 | ---D | C] -- C:\Program Files

[2010/01/08 00:52:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\PMB Files

[2010/01/08 00:51:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2010/01/08 00:51:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Pando Networks

[2010/01/03 22:44:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Spybot - Search & Destroy

[2010/01/03 22:29:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Windows Genuine Advantage

[2009/12/31 20:12:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\WinAVI

[2009/12/31 20:11:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinAVI Video Converter 9.0

[2009/12/31 15:01:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Kobber

[2009/12/31 00:47:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Fotos Taiúva

[2009/12/30 14:20:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2009/12/30 14:20:13 | 00,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBCEL.DLL

[2009/12/30 14:20:13 | 00,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BCEL.DLL

[2009/12/30 13:34:27 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

[2009/12/30 13:34:22 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys

[2009/12/30 13:32:22 | 00,067,072 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll

[2009/12/30 13:31:43 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\epson

[2009/12/30 13:31:38 | 00,000,000 | ---D | C] -- C:\EPSON

[2009/12/30 13:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User\Meus documentos\Drivers CX 8300

[2009/08/28 12:49:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/08/28 12:49:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/08/28 12:49:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/08/28 12:49:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/22 20:01:39 | 00,763,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\muhsop.sys

[2010/01/22 18:37:29 | 00,139,264 | ---- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/22 17:41:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/22 17:41:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/22 13:09:48 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT

[2010/01/22 13:09:48 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini

[2010/01/22 00:36:35 | 06,919,440 | -H-- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\IconCache.db

[2010/01/21 22:35:57 | 00,000,590 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/21 18:44:39 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\Minhas Pastas de Compartilhamento.lnk

[2010/01/20 22:19:16 | 00,011,293 | ---- | M] () -- C:\Documents and Settings\User\Desktop\boleto_FD511402.pdf

[2010/01/20 21:55:03 | 00,121,548 | ---- | M] () -- C:\Documents and Settings\User\Desktop\47045_l.jpg

[2010/01/18 11:47:29 | 00,011,293 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\boleto_FD511402.pdf

[2010/01/12 14:56:04 | 00,000,000 | RHS- | M] () -- C:\khw

[2010/01/11 20:52:57 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\User\Desktop\KOBBER_07-01-2010.xls

[2010/01/10 19:39:43 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm

[2010/01/10 19:39:43 | 00,000,232 | -H-- | M] () -- C:\sqmdata16.sqm

[2010/01/10 19:25:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm

[2010/01/10 19:25:36 | 00,000,232 | -H-- | M] () -- C:\sqmdata15.sqm

[2010/01/10 01:22:38 | 00,954,290 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/01/10 01:22:38 | 00,425,664 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/01/10 01:22:38 | 00,392,630 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/01/10 01:22:38 | 00,067,648 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/01/10 01:22:38 | 00,058,930 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/01/10 00:34:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm

[2010/01/10 00:34:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm

[2010/01/09 21:03:49 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm

[2010/01/09 21:03:49 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm

[2010/01/09 20:52:04 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2010/01/09 20:16:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm

[2010/01/09 20:16:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm

[2010/01/09 06:37:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm

[2010/01/09 06:37:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm

[2010/01/08 20:54:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm

[2010/01/08 20:54:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm

[2010/01/08 16:02:09 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm

[2010/01/08 16:02:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm

[2010/01/08 14:29:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm

[2010/01/08 14:29:58 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm

[2010/01/08 13:27:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm

[2010/01/08 13:27:14 | 00,000,232 | -H-- | M] () -- C:\sqmdata07.sqm

[2010/01/08 00:13:56 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm

[2010/01/08 00:13:56 | 00,000,232 | -H-- | M] () -- C:\sqmdata06.sqm

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/01/07 10:32:45 | 05,638,144 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\Photos_anciennes.pps

[2010/01/07 09:56:21 | 00,618,496 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\PaiNossoMeditado.pps

[2010/01/07 03:28:44 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm

[2010/01/07 03:28:44 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm

[2010/01/07 02:06:02 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm

[2010/01/07 02:06:02 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm

[2010/01/06 16:04:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm

[2010/01/06 16:04:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm

[2010/01/05 23:30:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm

[2010/01/05 23:30:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm

[2010/01/05 21:12:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/04 14:54:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm

[2010/01/04 14:54:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

[2010/01/04 13:47:53 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\Kobber Alimentos Ltda.doc

[2010/01/03 20:39:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm

[2010/01/03 20:39:35 | 00,000,172 | -H-- | M] () -- C:\sqmnoopt19.sqm

[2010/01/03 14:18:27 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm

[2010/01/03 14:18:27 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm

[2010/01/03 01:23:41 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm

[2010/01/03 01:23:41 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm

[2010/01/02 18:20:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm

[2010/01/02 18:20:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm

[2010/01/02 14:29:18 | 02,422,784 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\Para2010-lg.pps

[2009/12/30 14:14:31 | 00,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk

[2009/12/30 14:06:02 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\User\Meus documentos\Favor.doc

[2009/12/23 20:56:27 | 00,000,005 | ---- | M] () -- C:\Documents and Settings\User\RavMonLog

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/21 22:35:57 | 00,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/20 22:19:16 | 00,011,293 | ---- | C] () -- C:\Documents and Settings\User\Desktop\boleto_FD511402.pdf

[2010/01/20 21:55:02 | 00,121,548 | ---- | C] () -- C:\Documents and Settings\User\Desktop\47045_l.jpg

[2010/01/18 11:47:28 | 00,011,293 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\boleto_FD511402.pdf

[2010/01/12 14:56:04 | 00,000,000 | RHS- | C] () -- C:\khw

[2010/01/11 20:52:56 | 00,010,752 | ---- | C] () -- C:\Documents and Settings\User\Desktop\KOBBER_07-01-2010.xls

[2010/01/09 20:52:04 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2010/01/08 19:40:46 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd

[2010/01/07 10:32:44 | 05,638,144 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\Photos_anciennes.pps

[2010/01/07 09:56:13 | 00,618,496 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\PaiNossoMeditado.pps

[2010/01/04 13:47:52 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\Kobber Alimentos Ltda.doc

[2010/01/02 14:29:17 | 02,422,784 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\Para2010-lg.pps

[2009/12/31 00:05:53 | 00,763,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\muhsop.sys

[2009/12/30 14:20:13 | 00,001,964 | ---- | C] () -- C:\WINDOWS\EPBUYINK.HTM

[2009/12/30 14:06:02 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\User\Meus documentos\Favor.doc

[2009/12/30 13:32:24 | 00,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk

[2009/09/13 21:55:22 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/09/13 21:55:22 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/09/13 21:55:20 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/09/13 21:55:20 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/09/13 21:55:19 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/09/13 21:55:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/28 13:52:59 | 00,139,264 | ---- | C] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/28 13:52:27 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/28 13:17:41 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2003/04/07 12:30:02 | 00,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/30 14:20:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\EPSON

[2010/01/08 00:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

[2009/10/26 16:28:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\BSplayer

[2009/10/26 13:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\BSplayer Pro

[2009/11/02 12:21:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\FrostWire

========== Purity Check ==========

< End of report >

Extras.txt

OTL Extras logfile created on: 22/1/2010 20:00:44 - Run 1

OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\User\Meus documentos\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 97,65 Gb Total Space | 73,94 Gb Free Space | 75,72% Space Free | Partition Type: NTFS

Drive D: | 51,39 Gb Total Space | 50,43 Gb Free Space | 98,14% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: USER-7CF38FC2AC

Current User Name: User

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1292428093-73586283-527237240-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"7770:TCP" = 7770:TCP:*:Enabled:csahiekx

"18411:TCP" = 18411:TCP:*:Enabled:NortonAV

"18447:TCP" = 18447:TCP:*:Enabled:NortonAV

"16473:TCP" = 16473:TCP:*:Enabled:NortonAV

"16975:TCP" = 16975:TCP:*:Enabled:NortonAV

"57527:TCP" = 57527:TCP:*:Enabled:Pando Media Booster

"57527:UDP" = 57527:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Steam\Steam.exe" = C:\Arquivos de programas\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Arquivos de programas\Steam\steamapps\binfa_crossbones\day of defeat source\hl2.exe" = C:\Arquivos de programas\Steam\steamapps\binfa_crossbones\day of defeat source\hl2.exe:*:Enabled:hl2 -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\livecall.exe" = C:\Arquivos de programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 17

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0

"{49FC50FC-F965-40D9-89B4-CBFF80941PTB}" = Windows Movie Maker 2.0

"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0

"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme

"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader

"{8EADB73B-026D-4978-A8F0-1EEF5E1ECEC7}" = Windows Live Messenger

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{AC76BA86-7AD7-1046-7B44-A81000000003}" = Adobe Reader 8.1.0 - Português

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"7-Zip" = 7-Zip 4.62

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"BSPlayerf" = BS.Player FREE

"CCleaner" = CCleaner

"EPSON Printer and Utilities" = Software para Impressoras EPSON

"EPSON Scanner" = EPSON Scan

"FrostWire" = FrostWire 4.18.3

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"PowerISO" = PowerISO

"Silent Package Run-Time Sample" = EPSON Reference Guide

"Steam App 300" = Day of Defeat: Source

"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinRAR archiver" = Arquivo do WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/1/2010 10:34:08 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: The server name or address could not be resolved

Error - 8/1/2010 10:34:08 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 10:34:09 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 10:34:09 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 10:34:09 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 10:34:09 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 10:34:09 | Computer Name = USER-7CF38FC2AC | Source = crypt32 | ID = 131080

Description = Falha na recuperação de atualização automática do número de seqüência

de lista raiz de terceiros de: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

com erro: Esta conexão de rede não existe.

Error - 8/1/2010 18:54:05 | Computer Name = USER-7CF38FC2AC | Source = Application Error | ID = 1000

Description = Aplicativo com falha mf.exe, versão 1.3.0.0, módulo com falha mf.exe,

versão 1.3.0.0, endereço com falha 0x000628a0.

Error - 9/1/2010 18:56:53 | Computer Name = USER-7CF38FC2AC | Source = MsiInstaller | ID = 10005

Description = Product: Windows Movie Maker 2.6 -- This product only runs on Windows

Vista

Error - 10/1/2010 21:12:40 | Computer Name = USER-7CF38FC2AC | Source = MsiInstaller | ID = 10005

Description = Product: Windows Movie Maker 2.6 -- This product only runs on Windows

Vista

[ System Events ]

Error - 7/1/2010 07:52:31 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 7/1/2010 12:52:39 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 8/1/2010 10:24:21 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 8/1/2010 12:07:20 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 8/1/2010 13:52:40 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 8/1/2010 17:11:42 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 9/1/2010 04:35:08 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 9/1/2010 05:31:22 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 9/1/2010 09:53:57 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

Error - 9/1/2010 18:54:27 | Computer Name = USER-7CF38FC2AC | Source = Service Control Manager | ID = 7023

Description = O serviço Driver Config terminou com o erro: %%1114

< End of report >

Abraços

Mário Monteiro · Fevereiro 28, 2010

Algum outro analista pode assumir o caso?

epfernandes se puder post um novo log

DigRam · Março 1, 2010

Bom Dia! epfernandes

<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

:Files
C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\siszyd32.exe

C:\WINDOWS\System32\drivers\muhsop.sys

C:\khw

:otl

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.

O3 - HKU\S-1-5-21-1292428093-73586283-527237240-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found

O4 - HKLM..\RunServices: [csrcs] C:\WINDOWS\System32\csrcs.exe File not found

O4 - Startup: C:\Documents and Settings\User\Menu Iniciar\Programas\Inicializar\siszyd32.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Logitech SetPointX = C:\WINDOWS\system32\soihna.exe File not found

O33 - MountPoints2\{26323f1d-f70d-11de-a172-00235ae10772}\Shell\AutoRun\command - "" = F:\jOnqno.eXE -- File not found

O33 - MountPoints2\{26323f1d-f70d-11de-a172-00235ae10772}\Shell\open\cOMMAnD - "" = F:\jOnQno.ExE -- File not found

O33 - MountPoints2\{97fa1b28-9c17-11de-a0b9-00235ae10772}\Shell - "" = AutoRun

O33 - MountPoints2\{c1018dee-efd2-11de-a158-00235ae10772}\Shell\AutoRun\command - "" = F:\jOnqno.eXE -- File not found

O33 - MountPoints2\{c1018dee-efd2-11de-a158-00235ae10772}\Shell\open\cOMMAnD - "" = F:\jOnQno.ExE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

:services

muhsop

:Commands

[purity]

[emptytemp]

[Reboot]

<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

ººººººººººººººººººººººººº

<@> Execute o OTL Quick Scan,onde teremos um rápido escaneamento pela ferramenta.

<@> Duplo-clique em: < >

<@> Clique em "Scan All Users" --> --> Aguarde!

<@> Copie e poste o relatório. ( OTL log )

Abraços!

Mário Monteiro · Abril 1, 2010

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Entrar

Arquivado

[Arquivado] PC lento (worm?)

Recommended Posts

epfernandes 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

PedroN 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

epfernandes 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

DigRam 144

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP - Abrir e Fechar janela

Pergunta: Beautiful Womans from your city - Verified Women

Search Pretty Womans in your city for night

Este projeto é apoiado pelas empresas

Fóruns

Tempo Real

Informação importante