Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

carol2906

[Resolvido!] PC lento e alguns sites não são acessados corretamen

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

carol2906    0

carol2906
Postado

Meu notebook está lento, alguns sites que eu visitava frequentemente não consigo acessar ou mesmo estes não funcionam corretamente. Do meu outro computador tenho acesso normal. Não sei se é algum programa que instalei que pode estar dando conflito, se tem algo errado em configurações, ou mesmo se pode ser um vírus ...

 

Segue log do hijack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:09:22, on 30/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\ngsrv\ngslotd.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\ngsrv\epsng_certd.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: OSD.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe

 

--

End of file - 10235 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Constatei um worm no seu log, vamos utilizar os programas abaixo.

 

 

 

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

 

 

• Baixe:OTL.exe

• Salve-o no desktop!

 

OTLI-scan.png

 

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

 

-- [] LOP check e [] Purity check

 

• Clique em: runscanbutton.png e aguarde.

• Poste:

 

1) OTL.txt <-- <3>

2) Extra.txt <--

Compartilhar este post

Link para o post
Compartilhar em outros sites

carol2906    0

carol2906
Postado

Olá.

Rodei o MBAM ontem e o OTL hoje, espero que não tenha problema.

Haviam 3 arquivos txt OTL, mas tentei postar aqui e não consegui, como havia fechado perdi 2 deles, pois só tem 1 salvo. Devo rodar novamente?

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:47:11, on 24/1/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\SCardSvr.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\ngsrv\epsng_certd.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\ngsrv\ngslotd.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\notepad.exe

C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: OSD.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: ngSlotDaemon (ngSlotD) - OEM - C:\Arquivos de programas\ngsrv\ngslotd.exe

 

--

End of file - 10284 bytes

 

[red]=================================================================================================================================================[/red]

 

OTL logfile created on: 24/1/2010 08:16:08 - Run 1

OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Edson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 97,65 Gb Total Space | 72,04 Gb Free Space | 73,77% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 97,65 Gb Total Space | 79,33 Gb Free Space | 81,24% Space Free | Partition Type: NTFS

Drive F: | 102,78 Gb Total Space | 102,68 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: CASA-46997CABD5

Current User Name: Edson

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Edson\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\ngsrv\epsng_certd.exe (OEM)

PRC - C:\Arquivos de programas\ngsrv\ngslotd.exe (OEM)

PRC - C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\OEM\LIVE! OSD 1.03\osd.exe (ODM)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)

PRC - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

PRC - C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Edson\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (ngSlotD) -- C:\Arquivos de programas\ngsrv\ngslotd.exe (OEM)

SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( )

SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Microsoft Office Groove Audit Service) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (CCALib8) -- C:\Arquivos de programas\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (Bonjour Service) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Apple Computer, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucminas.br/destaques/

IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll File not found

IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\S-1-5-21-725345543-920026266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-920026266-1801674531-1003\S-1-5-21-725345543-920026266-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

 

 

[2010/01/05 15:55:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Extensions

[2009/09/06 17:36:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2010/01/05 15:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Firefox\Profiles\fnaha4kx.default\extensions

[2010/01/05 15:55:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla\Firefox\Profiles\fnaha4kx.default\extensions\staged-xpis

 

O1 HOSTS File: ([2009/12/09 13:23:39 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe (OEM)

O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKU\S-1-5-21-725345543-920026266-1801674531-1003..\Run: [Google Update] C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk = C:\WINDOWS\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_E8A79982C3B6DC35709DD1.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-725345543-920026266-1801674531-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Append to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-725345543-920026266-1801674531-1003\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.0.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/09/01 10:17:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/01/30 21:08:01 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/01/30 20:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010/01/30 20:52:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/01/30 20:51:56 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2010/01/30 20:41:27 | 00,000,000 | --SD | C] -- C:\ComboFix

[2010/01/29 18:29:56 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Edson\IECompatCache

[2010/01/24 08:13:47 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2010/01/18 22:28:52 | 00,000,000 | ---D | C] -- C:\BrowserPlusPlugins

[2010/01/10 10:47:26 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Edson\PrivacIE

[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx

[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat

[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini

[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx

[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb

[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx

[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/01/31 06:51:39 | 00,233,134 | ---- | C] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | C] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | C] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | C] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 17:23:12 | 00,014,699 | ---- | C] () -- E:\Tudo começou.docx

[2010/01/22 16:39:43 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 07:15:18 | 00,033,153 | ---- | C] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/15 15:52:26 | 00,031,154 | ---- | C] () -- E:\Carol gastos.xlsx

[2010/01/15 11:22:43 | 00,035,834 | ---- | C] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | C] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:13:41 | 00,491,520 | ---- | C] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:10:34 | 04,194,304 | ---- | C] () -- E:\Northwind 2007.accdb

[2010/01/10 12:39:42 | 05,767,168 | ---- | C] () -- C:\Documents and Settings\Edson\ntuser.dat

[2009/12/15 23:09:08 | 00,197,352 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2009/12/15 21:36:58 | 00,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\ft12usb.sys

[2009/12/15 21:36:58 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\FT12CoIn.dll

[2009/10/20 22:56:27 | 00,001,323 | ---- | C] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log

[2009/09/13 18:32:01 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/09/13 18:32:00 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2009/09/13 18:31:59 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/09/13 18:31:59 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/09/13 18:31:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/09/13 18:31:57 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/09/13 18:31:56 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/09/06 17:53:14 | 00,132,096 | ---- | C] () -- C:\WINDOWS\System32\ZipDLL.dll

[2009/09/06 17:53:14 | 00,117,760 | ---- | C] () -- C:\WINDOWS\System32\Unzdll.dll

[2009/09/02 18:29:13 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll

[2009/09/01 19:27:23 | 00,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2009/09/01 19:11:55 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll

[2009/09/01 19:11:55 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll

[2009/09/01 15:52:41 | 00,115,712 | ---- | C] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/01 14:52:36 | 00,093,718 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2009/09/01 14:51:52 | 00,130,007 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2009/09/01 14:39:56 | 00,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\RLVrtAuCbl.sys

[2009/09/01 14:33:14 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ECSLiveIO.sys

[2009/01/07 12:27:06 | 00,016,336 | ---- | C] () -- C:\WINDOWS\System32\ECSLiveIO.sys

 

========== LOP Check ==========

 

[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao

[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire

[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\CameraWindowDC

[2010/01/30 20:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Ares

[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/01/30 20:53:22 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Internet Explorer

[2010/01/30 20:52:30 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx

[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat

[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini

[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx

[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/22 11:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2010/01/22 11:41:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Silverlight

[2010/01/22 07:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Adobe

[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/18 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Yahoo!

[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb

[2010/01/13 10:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft

[2010/01/13 10:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\ZoomBrowser EX

[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx

[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx

[2010/01/10 09:55:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Microsoft

[2009/12/15 23:09:08 | 00,197,352 | ---- | M] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2009/12/15 21:28:24 | 04,290,600 | -H-- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\IconCache.db

[2009/10/30 17:29:28 | 00,072,488 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/10/23 11:29:14 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log

[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\desktop.ini

[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2006/06/29 15:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 15:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 16:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 16:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx

[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat

[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini

[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx

[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb

[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx

[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== LOP Check ==========

 

[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao

[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire

[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

 

< End of report >

[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 20:55:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\CameraWindowDC

[2010/01/30 20:55:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Ares

[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/01/30 20:53:22 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Internet Explorer

[2010/01/30 20:52:30 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared

[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx

[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat

[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini

[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx

[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/22 11:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

[2010/01/22 11:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2010/01/22 11:41:29 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Microsoft Silverlight

[2010/01/22 07:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Adobe

[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/18 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Yahoo!

[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb

[2010/01/13 10:33:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Microsoft

[2010/01/13 10:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\ZoomBrowser EX

[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx

[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx

[2010/01/10 09:55:30 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Microsoft

[2010/01/09 09:43:12 | 00,000,000 | -H-D | M] -- C:\Arquivos de programas\Uninstall Information

[2010/01/07 07:26:17 | 00,977,920 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xls

[2010/01/06 22:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Norton

[2010/01/06 22:14:09 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\DigiPix

[2010/01/05 15:54:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/01/05 15:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Mozilla

[2010/01/05 15:54:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\Mozilla

[2010/01/04 09:31:32 | 00,862,720 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xlsm

[2010/01/02 16:50:28 | 00,011,606 | ---- | M] () -- E:\carol.xlsx

[2010/01/02 01:21:31 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Arquivos comuns

[2010/01/01 23:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Symantec

[2010/01/01 23:02:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NortonInstaller

[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover

[2010/01/01 20:02:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Macromedia

[2009/12/29 10:18:50 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Recuva

[2009/12/15 23:09:08 | 00,197,352 | ---- | M] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

[2009/12/15 21:28:24 | 04,290,600 | -H-- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\IconCache.db

[2009/10/30 17:29:28 | 00,072,488 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/10/23 11:29:14 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\momento.log

[2009/09/01 10:20:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/09/01 10:17:06 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Edson\Dados de aplicativos\desktop.ini

[2009/09/01 10:03:18 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\desktop.ini

[2006/06/29 15:58:52 | 00,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 15:53:56 | 00,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 16:39:28 | 00,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 16:39:28 | 00,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/01/31 06:54:28 | 00,233,134 | ---- | M] () -- E:\Artigo%20Thiago.pdf

[2010/01/31 06:41:56 | 00,656,220 | ---- | M] () -- E:\mateus_simoes_de_almeida2.pdf

[2010/01/31 06:41:32 | 00,149,779 | ---- | M] () -- E:\DIALOGO-JURIDICO-14-JUNHO-AGOSTO-2002-LUIS-ROBERTO-BARROSO.pdf

[2010/01/31 06:38:38 | 00,142,356 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\DireitoNet - Artigos - Intervenção direta do Estado no domínio econômico e discricionariedade administrativa.pdf

[2010/01/31 06:28:26 | 00,032,380 | ---- | M] () -- E:\Constituição 1988 e intervenção.pdf

[2010/01/31 06:26:51 | 00,067,388 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\Jus Navigandi - Doutrina - A intervenção estatal no domínio econômico_ o atual papel do Estado na constitucionalidade democrática brasileira.pdf

[2010/01/30 21:08:30 | 00,115,712 | ---- | M] () -- C:\Documents and Settings\Edson\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/01/30 21:08:03 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/01/30 20:13:56 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/01/30 17:23:12 | 00,014,699 | ---- | M] () -- E:\Tudo começou.docx

[2010/01/24 08:13:51 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Edson\Desktop\OTL.exe

[2010/01/24 08:11:38 | 00,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\OSD.lnk

[2010/01/24 08:11:31 | 00,002,369 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk

[2010/01/24 08:11:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/01/24 08:11:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/01/23 22:53:15 | 05,767,168 | ---- | M] () -- C:\Documents and Settings\Edson\ntuser.dat

[2010/01/23 22:53:15 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Edson\ntuser.ini

[2010/01/23 18:16:41 | 00,031,154 | ---- | M] () -- E:\Carol gastos.xlsx

[2010/01/22 16:39:44 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\CEMEIS.doc

[2010/01/22 12:33:07 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/01/22 07:15:18 | 00,033,153 | ---- | M] () -- E:\requerimento_cadastro_anuncios.pdf

[2010/01/15 11:22:43 | 00,035,834 | ---- | M] () -- E:\relacao_escolas_municipais_contagem.pdf

[2010/01/14 22:31:01 | 00,927,762 | ---- | M] () -- E:\CONTRATO_PRESTACAO_SERVICOS_EDUCACIONAIS_CALOUROS2010.pdf

[2010/01/13 22:21:52 | 00,491,520 | ---- | M] () -- E:\Banco de Dados1.accdb

[2010/01/13 22:13:41 | 04,194,304 | ---- | M] () -- E:\Northwind 2007.accdb

[2010/01/12 09:31:01 | 00,014,932 | ---- | M] () -- E:\PLAN0.xlsx

[2010/01/12 09:26:52 | 00,014,994 | ---- | M] () -- E:\Pasta1.xlsx

[2010/01/07 07:26:17 | 00,977,920 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xls

[2010/01/05 15:54:49 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/01/04 09:31:32 | 00,862,720 | ---- | M] () -- C:\Documents and Settings\Edson\Desktop\BAMEC_2010_1.0.xlsm

[2010/01/02 16:50:28 | 00,011,606 | ---- | M] () -- E:\carol.xlsx

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== LOP Check ==========

 

[2010/01/30 20:53:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/10/23 10:51:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\Grupo Projecao

[2009/11/23 10:24:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\LimeWire

[2010/01/01 22:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Edson\Dados de aplicativos\UNOUndercover

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

 

< End of report >

 

 

[red]=================================================================================================================================================[/red]

 

OTL Extras logfile created on: 24/1/2010 08:16:08 - Run 1

OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Edson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 97,65 Gb Total Space | 72,04 Gb Free Space | 73,77% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 97,65 Gb Total Space | 79,33 Gb Free Space | 81,24% Space Free | Partition Type: NTFS

Drive F: | 102,78 Gb Total Space | 102,68 Gb Free Space | 99,90% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: CASA-46997CABD5

Current User Name: Edson

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

Quick Scan

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL File not found

 

[HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l File not found

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Console de gerenciamento Microsoft -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{271F5A67-A83A-4985-B41B-201EB267E6CF}" = LIVE! Control Center 1.03

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{73289228-1853-4623-982A-EB17FF0270CA}" = LIVE! OSD 1.03

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{669EB263-0AFE-4FCB-A068-DB082CA6273C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{98003BDC-1B68-4970-B28E-ACC8000D2F3E}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{B818F15C-FA76-4262-AB26-C04D0772EED8}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC66F0B8-8E0E-4106-AF80-3F8F1F93BE14}_is1" = WHO Anthro

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1504C77-1B19-4AF0-8DEC-946666123B55}" = CrazyTalk Cam Suite

"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"4673551D-STFT12-4FE7-A218-48BDAE051E2B_std" = ePass2000 (Somente remover)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium

"Ares" = Ares 2.1.2

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CAL" = Canon Camera Access Library

"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CCleaner" = CCleaner

"CSCLIB" = Canon Camera Support Core Library

"DirectPrintUserGuide" = Canon Direct Print User Guide

"e6f77d61-06ba-27ac-7e8a-0350e921ec7b" = Contextual Tool Precisead

"eBay Icon" = eBay Icon

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EOS Utility" = Canon Utilities EOS Utility

"eqbfscxkcshuwi" = RON Too1 Precisead

"falador" = falador

"HijackThis" = HijackThis 2.0.2

"HWiNFO32_is1" = HWiNFO32 Version 3.10

"ie8" = Windows Internet Explorer 8

"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.1.0

"LHTTSPTB" = L&H TTS3000 Português (Brasil)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"Recuva" = Recuva

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"SiS VGA Driver" = SiS VGA Utilities

"SMSERIAL" = Motorola SM56 Data Fax Modem

"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TUGZip_is1" = TUGZip 3.5

"Uploader" = Uploader

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-725345543-920026266-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22/1/2010 05:18:14 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com

falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.

 

Error - 22/1/2010 05:18:26 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1001

Description = Falha no compartimento de memória 375779571.

 

Error - 22/1/2010 05:19:09 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com

falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.

 

Error - 22/1/2010 05:35:53 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha setup.exe, versão 1.0.135.0, módulo com falha

setup.exe, versão 1.0.135.0, endereço com falha 0x0006f1fe.

 

Error - 22/1/2010 05:36:02 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha setup.exe, versão 1.0.135.0, módulo com falha

setup.exe, versão 1.0.135.0, endereço com falha 0x0006f1fe.

 

Error - 22/1/2010 10:33:38 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20

Description =

 

Error - 23/1/2010 15:39:14 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20

Description =

 

Error - 23/1/2010 15:43:10 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha hh.exe, versão 5.2.3790.2453, módulo com falha

hhctrl.ocx, versão 5.2.3790.4110, endereço com falha 0x00013004.

 

Error - 23/1/2010 17:08:39 | Computer Name = CASA-46997CABD5 | Source = Application Error | ID = 1000

Description = Aplicativo com falha formdesigner.exe, versão 8.0.1291.1, módulo com

falha formdesigner.exe, versão 8.0.1291.1, endereço com falha 0x00366772.

 

Error - 24/1/2010 06:11:39 | Computer Name = CASA-46997CABD5 | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 22/1/2010 10:33:17 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 22/1/2010 14:22:24 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 22/1/2010 17:03:40 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/1/2010 15:38:57 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/1/2010 16:10:37 | Computer Name = CASA-46997CABD5 | Source = BROWSER | ID = 8032

Description = O serviço localizador não pôde recuperar a lista de backup muitas

vezes no transporte \Device\NetBT_Tcpip_{8E2A87FF-0AEA-49D3-90BD-D450CB5C356B}. O

localizador reserva está finalizando.

 

Error - 23/1/2010 16:25:03 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/1/2010 16:46:38 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/1/2010 17:07:37 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

Error - 23/1/2010 18:36:28 | Computer Name = CASA-46997CABD5 | Source = NetBT | ID = 4321

Description = O nome "MSHOME :1d" não pôde ser registrado na interface com

o endereço IP 192.168.0.181. O computador de endereço IP 192.168.0.177 não permitiu

que o nome fosse solicitado por este computador.

 

Error - 24/1/2010 06:11:30 | Computer Name = CASA-46997CABD5 | Source = sr | ID = 1

Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001'

ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume

foi interrompido.

 

[red]=================================================================================================================================================[/red]

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3222

Windows 5.1.2600 Service Pack 3

 

23/1/2010 18:21:10

mbam-log-2010-01-23 (18-21-10).txt

 

Tipo de Verificação: Completa (C:\|E:\|F:\|)

Objetos verificados: 176769

Tempo decorrido: 23 minute(s), 48 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 21

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 2

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\u_mmipnnxwlgxefvnqg.dll.exe (Adware.AdRotator) -> Quarantined and deleted successfully.

 

Hoje estão ocorrendo coisas estranhas no computador... 2 vezes ele travou, apareceu uma tela azul com algumas coisas escritas, mas foi rápido e não consegui ler nada, após isso ele desliga sozinho.

Quando religado novamente aparece a mensagem que o sistema se recuperou de um erro grave.

O que será?

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

Bom dia carol...

 

Em relação ao desligamento do PC, ainda acontece?

 

Caso positivo, seria bom levar a um técnico para dar uma olhada na fonte do seu PC ou verificar os pentes da(s) memória(s).

 

Em relação ao acesso dos sites, quais os sites?...

 

Verifique se o bloqueador de cookies do IE seja o responsável.

http://windows.microsoft.com/pt-BR/windows-vista/Block-or-allow-cookies

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

1.

*Abra o programa Malwarebytes e na aba [Quarentena], selecione todos os resultados e clique em [Remover tudo]

*Clique na aba [Logs], selecione o relatório e clique em [Remover]

 

2.

*Atualize seu Internet Explorer para a versão 8.

http://www.microsoft.com/brasil/windows/Internet-explorer/

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito