[Arquivado] &nbsp Firewall e Antivírus com problema!

[ItaloCCSL 0]

Pessoal, minha máquina está dando avisos dizendo que o firewall está desativado assim que eu ligo ela. Quando eu vou ver se está mesmo desativado, ele não está.

O antivírus também está apresentando problema em algumas situações e hoje eu tive que desativar ele para poder usar a minha máquina, porque ele reiniciava o tempo todo.

Falando um pouco mais sobre o antivírus, ele dá mais problema quando vai iniciar, trocando em miúdos, quando vai carregar os primeiros programas, dos quais ele está incluso. Ele não está nem procurando vírus, está só se ativando e trava o programa ao ponto de reiniciar toda a máquina.

 

Eis o meu log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:29 Ítalo César, on 6/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6274 bytes

 

 

Por favor, me ajudem. :(

[PedroN 1]

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

 

• Baixe:OTL.exe

• Salve-o no desktop!

 

 

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

 

-- [] LOP check e [] Purity check

 

• Clique em: e aguarde.

• Poste:

 

1) OTL.txt <-- <3>

2) Extra.txt <--

[ItaloCCSL 0]

Olá Pedro,

Cara eu fui rodar o malwarebytes normalmente (Eu já tinha ele, só fiz atualizar antes de scanear) e quando estava scaneando a tela tinha travado de um jeito que a imagem ficava sem foco e com tipo uma sombra (No caso só uma listra) de cor predominantemente azul em toda a tela. Então, como estava travado, eu desliguei.

 

Uma coisa curiosa desse momento foi que a luz do teclado continuou acessa (O que não é para acontecer quando desligo a cpu, ela só apagou quando desliguei a fonte). Quando liguei novamente resolvi usar o modo seguro para rodar o programa, pois achei que era algum vírus que não estava "deixando" ele scanear. Deu tudo certo para scanear com o malwarebytes no modo seguro, então, como eu não tinha baixado o OTL.exe ainda, voltei para o modo normal para baixar e rodar ele.

 

Bom, depois dessa longa introdução, vamos ao que realmente interessa. Os logs.

 

Malwarebytes' Anti-Malware 1.44

Versão do banco de dados: 3838

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

 

8/3/2010 21:12:32

mbam-log-2010-03-08 (21-12-32).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 274757

Tempo decorrido: 3 hour(s), 26 minute(s), 32 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

 

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:54 Ítalo César, on 8/3/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6031 bytes

 

OTL logfile created on: 8/3/2010 22:31:40 - Run 1

OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Ítalo César.HOME\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.007,00 Mb Total Physical Memory | 653,00 Mb Available Physical Memory | 65,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 360 720 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 47,86 Gb Free Space | 64,23% Space Free | Partition Type: NTFS

Drive D: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME

Current User Name: Ítalo César

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\Soundman.exe (Realtek Semiconductor Corp.)

PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe (OldTimer Tools)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (cmpe) -- File not found

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (ServiceLayer) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (AresChatServer) -- C:\Arquivos de programas\Ares\chatServer.exe (Ares Development Group)

SRV - (IDriverT) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (NetSvc) -- C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe (Intel® Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)

DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Ask.com"

FF - prefs.js..browser.search.defaultthis.engineName: "Bitroad Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7

FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.11.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.15

FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: pt-BR@dictionaries.addons.mozilla.org:1.0.0.1

FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028

FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/02/03 20:12:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/02/03 20:12:04 | 000,000,000 | ---D | M]

 

[2009/07/08 07:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Extensions

[2010/03/07 15:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions

[2010/02/25 20:00:34 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/02/08 23:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}

[2009/07/11 20:23:30 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

[2009/10/27 08:37:00 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}

[2010/02/08 23:19:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}

[2009/11/21 18:59:50 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}

[2009/11/09 09:41:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2010/01/28 22:43:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2010/01/23 07:33:51 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2010/02/08 23:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\nasanightlaunch@example.com

[2009/07/11 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\extensions\pt-BR@dictionaries.addons.mozilla.org

[2009/09/18 15:38:30 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\searchplugins\askcom.xml

[2009/09/01 12:06:36 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Mozilla\Firefox\Profiles\tv8x2dnn.default\searchplugins\conduit.xml

[2010/03/07 15:41:03 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2003/12/23 23:54:04 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\components\msvcp70.dll

[2003/12/23 23:54:04 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\components\msvcr70.dll

[2004/01/19 19:02:40 | 000,118,784 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\plugins\npmozax.dll

 

O1 HOSTS File: ([2009/11/01 09:30:00 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\WebBrowser: (Barra de Ferramentas do Yahoo! com bloqueador de pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [soundMan] C:\WINDOWS\Soundman.exe (Realtek Semiconductor Corp.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Value error.)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.12.118.4 201.12.118.3

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - CLSID or File not found.

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\AutoRun\command - "" = F:\tpsfyx.exe -- File not found

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\explore\Command - "" = F:\tpsfyx.exe -- File not found

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\open\Command - "" = F:\tpsfyx.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/03/08 22:27:33 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe

[2010/03/07 14:45:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ítalo César.HOME\Recent

[2010/03/03 21:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\My Received Files

[2010/02/12 12:01:36 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Total Video Converter IR Retail

[2010/02/10 12:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Nova pasta

[2007/07/20 00:48:24 | 001,673,576 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\dsetup32.dll

[2007/07/20 00:48:24 | 000,503,144 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\DXSETUP.exe

[2007/07/20 00:48:24 | 000,077,160 | ---- | C] (Microsoft Corporation) -- C:\Arquivos de programas\DSETUP.dll

[2007/05/07 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2007/05/07 20:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2007/05/07 20:32:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2007/05/07 20:32:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

 

========== Files - Modified Within 30 Days ==========

 

[2010/03/08 22:27:33 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe

[2010/03/08 22:24:31 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\spider.sav

[2010/03/08 21:17:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/08 21:17:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/03/08 21:17:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job

[2010/03/08 21:15:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/08 21:15:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/08 21:14:14 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.ini

[2010/03/08 21:14:13 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.dat

[2010/03/08 21:13:57 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\IconCache.db

[2010/03/07 14:35:10 | 008,192,828 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Desktop\13-gary_go-wonderful160.mp3

[2010/03/06 15:20:35 | 000,253,492 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Gillette.pdf

[2010/02/27 17:16:26 | 000,000,695 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/02/21 17:13:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/21 16:34:54 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/11 11:39:25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/02/07 22:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

 

========== Files Created - No Company Name ==========

 

[2010/03/08 22:24:31 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\spider.sav

[2010/03/06 17:15:42 | 008,192,828 | ---- | C] () -- C:\Documents and Settings\Ítalo César.HOME\Desktop\13-gary_go-wonderful160.mp3

[2010/03/06 15:20:35 | 000,253,492 | ---- | C] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Gillette.pdf

[2009/10/16 09:49:03 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\micr0st.dll

[2009/10/06 09:58:30 | 002,887,680 | ---- | C] () -- C:\WINDOWS\System32\VagalumePluginWMP.dll

[2009/09/24 08:52:04 | 000,000,016 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/17 19:58:26 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/07/17 19:58:21 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/07/17 19:58:21 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/07/17 19:58:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2009/07/17 19:58:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/07/17 19:58:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/05/09 19:21:45 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\wingxpxsx.dll

[2009/02/14 17:20:27 | 000,001,376 | ---- | C] () -- C:\WINDOWS\System32\wnpa32.sys

[2009/01/26 10:32:33 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\.zreglib

[2008/12/23 15:48:25 | 000,000,225 | ---- | C] () -- C:\WINDOWS\scrantic.ini

[2008/12/02 09:04:34 | 000,000,061 | ---- | C] () -- C:\Arquivos de programas\ddtabases.rar

[2008/10/04 15:39:51 | 000,000,042 | ---- | C] () -- C:\WINDOWS\boxworld.ini

[2008/10/01 22:13:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI

[2008/08/01 11:16:11 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2008/04/14 19:02:33 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll

[2008/04/14 19:02:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll

[2008/04/14 19:02:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll

[2008/04/14 19:02:32 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll

[2008/04/14 19:02:32 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll

[2008/04/14 19:02:32 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll

[2008/04/14 19:02:32 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll

[2008/04/14 19:02:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll

[2008/04/14 19:02:32 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll

[2008/03/27 01:00:28 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\addr_file.html

[2008/03/26 20:30:17 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008/03/26 18:04:08 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Sierra.ini

[2007/10/04 14:13:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2007/08/09 00:04:09 | 000,000,080 | ---- | C] () -- C:\WINDOWS\SuperUtil.ini

[2007/07/20 01:19:00 | 001,803,760 | ---- | C] () -- C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

[2007/07/20 01:19:00 | 000,855,886 | ---- | C] () -- C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

[2007/07/20 01:19:00 | 000,800,467 | ---- | C] () -- C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

[2007/07/20 01:18:58 | 000,201,696 | ---- | C] () -- C:\Arquivos de programas\AUG2007_XACT_x64.cab

[2007/07/20 01:18:56 | 001,711,752 | ---- | C] () -- C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

[2007/07/20 01:18:56 | 000,156,612 | ---- | C] () -- C:\Arquivos de programas\AUG2007_XACT_x86.cab

[2007/07/20 01:18:56 | 000,044,684 | ---- | C] () -- C:\Arquivos de programas\dxdllreg_x86.cab

[2007/07/20 00:48:24 | 001,610,886 | ---- | C] () -- C:\Arquivos de programas\JUN2007_d3dx9_34_x86.cab

[2007/07/20 00:48:24 | 001,413,862 | ---- | C] () -- C:\Arquivos de programas\OCT2006_d3dx9_31_x64.cab

[2007/07/20 00:48:24 | 001,128,177 | ---- | C] () -- C:\Arquivos de programas\OCT2006_d3dx9_31_x86.cab

[2007/07/20 00:48:24 | 000,200,722 | ---- | C] () -- C:\Arquivos de programas\JUN2007_XACT_x64.cab

[2007/07/20 00:48:24 | 000,183,321 | ---- | C] () -- C:\Arquivos de programas\OCT2006_XACT_x64.cab

[2007/07/20 00:48:24 | 000,156,509 | ---- | C] () -- C:\Arquivos de programas\JUN2007_XACT_x86.cab

[2007/07/20 00:48:24 | 000,138,977 | ---- | C] () -- C:\Arquivos de programas\OCT2006_XACT_x86.cab

[2007/07/20 00:48:24 | 000,086,925 | ---- | C] () -- C:\Arquivos de programas\Oct2005_xinput_x64.cab

[2007/07/20 00:48:24 | 000,086,709 | ---- | C] () -- C:\Arquivos de programas\dxupdate.cab

[2007/07/20 00:48:24 | 000,046,247 | ---- | C] () -- C:\Arquivos de programas\Oct2005_xinput_x86.cab

[2007/07/20 00:48:22 | 001,611,374 | ---- | C] () -- C:\Arquivos de programas\JUN2007_d3dx9_34_x64.cab

[2007/07/20 00:48:22 | 001,575,336 | ---- | C] () -- C:\Arquivos de programas\DEC2006_d3dx9_32_x86.cab

[2007/07/20 00:48:22 | 001,572,114 | ---- | C] () -- C:\Arquivos de programas\DEC2006_d3dx9_32_x64.cab

[2007/07/20 00:48:22 | 001,363,684 | ---- | C] () -- C:\Arquivos de programas\Feb2006_d3dx9_29_x64.cab

[2007/07/20 00:48:22 | 001,358,864 | ---- | C] () -- C:\Arquivos de programas\Dec2005_d3dx9_28_x64.cab

[2007/07/20 00:48:22 | 001,351,430 | ---- | C] () -- C:\Arquivos de programas\Aug2005_d3dx9_27_x64.cab

[2007/07/20 00:48:22 | 001,336,890 | ---- | C] () -- C:\Arquivos de programas\Jun2005_d3dx9_26_x64.cab

[2007/07/20 00:48:22 | 001,248,387 | ---- | C] () -- C:\Arquivos de programas\Feb2005_d3dx9_24_x64.cab

[2007/07/20 00:48:22 | 001,085,608 | ---- | C] () -- C:\Arquivos de programas\Feb2006_d3dx9_29_x86.cab

[2007/07/20 00:48:22 | 001,080,344 | ---- | C] () -- C:\Arquivos de programas\Dec2005_d3dx9_28_x86.cab

[2007/07/20 00:48:22 | 001,078,532 | ---- | C] () -- C:\Arquivos de programas\Aug2005_d3dx9_27_x86.cab

[2007/07/20 00:48:22 | 001,065,813 | ---- | C] () -- C:\Arquivos de programas\Jun2005_d3dx9_26_x86.cab

[2007/07/20 00:48:22 | 001,014,113 | ---- | C] () -- C:\Arquivos de programas\Feb2005_d3dx9_24_x86.cab

[2007/07/20 00:48:22 | 000,702,644 | ---- | C] () -- C:\Arquivos de programas\JUN2007_d3dx10_34_x64.cab

[2007/07/20 00:48:22 | 000,702,072 | ---- | C] () -- C:\Arquivos de programas\JUN2007_d3dx10_34_x86.cab

[2007/07/20 00:48:22 | 000,213,767 | ---- | C] () -- C:\Arquivos de programas\DEC2006_d3dx10_00_x64.cab

[2007/07/20 00:48:22 | 000,199,366 | ---- | C] () -- C:\Arquivos de programas\APR2007_XACT_x64.cab

[2007/07/20 00:48:22 | 000,198,275 | ---- | C] () -- C:\Arquivos de programas\FEB2007_XACT_x64.cab

[2007/07/20 00:48:22 | 000,193,435 | ---- | C] () -- C:\Arquivos de programas\DEC2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,192,680 | ---- | C] () -- C:\Arquivos de programas\DEC2006_d3dx10_00_x86.cab

[2007/07/20 00:48:22 | 000,183,863 | ---- | C] () -- C:\Arquivos de programas\AUG2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,181,745 | ---- | C] () -- C:\Arquivos de programas\JUN2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,179,247 | ---- | C] () -- C:\Arquivos de programas\Feb2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,154,825 | ---- | C] () -- C:\Arquivos de programas\APR2007_XACT_x86.cab

[2007/07/20 00:48:22 | 000,151,583 | ---- | C] () -- C:\Arquivos de programas\FEB2007_XACT_x86.cab

[2007/07/20 00:48:22 | 000,146,559 | ---- | C] () -- C:\Arquivos de programas\DEC2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,138,195 | ---- | C] () -- C:\Arquivos de programas\AUG2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,134,631 | ---- | C] () -- C:\Arquivos de programas\JUN2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,133,297 | ---- | C] () -- C:\Arquivos de programas\Feb2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,100,417 | ---- | C] () -- C:\Arquivos de programas\APR2007_xinput_x64.cab

[2007/07/20 00:48:22 | 000,088,102 | ---- | C] () -- C:\Arquivos de programas\AUG2006_xinput_x64.cab

[2007/07/20 00:48:22 | 000,056,902 | ---- | C] () -- C:\Arquivos de programas\APR2007_xinput_x86.cab

[2007/07/20 00:48:22 | 000,047,018 | ---- | C] () -- C:\Arquivos de programas\AUG2006_xinput_x86.cab

[2007/07/20 00:48:20 | 004,163,518 | ---- | C] () -- C:\Arquivos de programas\Apr2006_MDX1_x86_Archive.cab

[2007/07/20 00:48:20 | 001,610,958 | ---- | C] () -- C:\Arquivos de programas\APR2007_d3dx9_33_x64.cab

[2007/07/20 00:48:20 | 001,609,639 | ---- | C] () -- C:\Arquivos de programas\APR2007_d3dx9_33_x86.cab

[2007/07/20 00:48:20 | 001,398,718 | ---- | C] () -- C:\Arquivos de programas\Apr2006_d3dx9_30_x64.cab

[2007/07/20 00:48:20 | 001,348,242 | ---- | C] () -- C:\Arquivos de programas\Apr2005_d3dx9_25_x64.cab

[2007/07/20 00:48:20 | 001,116,109 | ---- | C] () -- C:\Arquivos de programas\Apr2006_d3dx9_30_x86.cab

[2007/07/20 00:48:20 | 001,079,850 | ---- | C] () -- C:\Arquivos de programas\Apr2005_d3dx9_25_x86.cab

[2007/07/20 00:48:20 | 000,917,318 | ---- | C] () -- C:\Arquivos de programas\Apr2006_MDX1_x86.cab

[2007/07/20 00:48:20 | 000,702,212 | ---- | C] () -- C:\Arquivos de programas\APR2007_d3dx10_33_x64.cab

[2007/07/20 00:48:20 | 000,699,465 | ---- | C] () -- C:\Arquivos de programas\APR2007_d3dx10_33_x86.cab

[2007/07/20 00:48:20 | 000,180,021 | ---- | C] () -- C:\Arquivos de programas\Apr2006_XACT_x64.cab

[2007/07/20 00:48:20 | 000,133,991 | ---- | C] () -- C:\Arquivos de programas\Apr2006_XACT_x86.cab

[2007/07/20 00:48:20 | 000,087,989 | ---- | C] () -- C:\Arquivos de programas\Apr2006_xinput_x64.cab

[2007/07/20 00:48:20 | 000,046,898 | ---- | C] () -- C:\Arquivos de programas\Apr2006_xinput_x86.cab

[2007/07/20 00:48:18 | 013,265,040 | ---- | C] () -- C:\Arquivos de programas\dxnt.cab

[2007/07/20 00:48:18 | 001,156,363 | ---- | C] () -- C:\Arquivos de programas\BDANT.cab

[2007/07/20 00:48:18 | 000,976,020 | ---- | C] () -- C:\Arquivos de programas\BDAXP.cab

[2007/07/02 22:42:06 | 000,171,008 | ---- | C] () -- C:\Arquivos de programas\FLV PlayerRCSetup.exe

[2007/06/27 17:03:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2007/05/26 15:01:27 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/05/26 13:34:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/05/26 12:18:16 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/05/09 00:31:13 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2007/05/09 00:30:46 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2007/05/08 21:00:27 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2007/05/08 20:53:35 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2007/01/22 21:55:45 | 000,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe

[2005/09/29 16:42:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\linstall.dll

[2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll

[2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll

[2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll

[2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 

========== LOP Check ==========

 

[2008/03/26 13:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

[2009/09/18 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Azureus

[2009/01/26 10:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Elaborate Bytes

[2009/09/08 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Installations

[2009/10/23 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\IObit

[2010/01/20 23:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

[2007/07/02 11:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\NFS Underground Demo

[2009/04/12 23:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nokia

[2009/07/06 12:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\NokiaMusic

[2007/10/23 23:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\PC Suite

[2008/03/31 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Readme Live Axis Tons

[2008/02/09 23:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\River Past G5

[2009/12/06 09:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\SpeedBit

[2009/12/06 09:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

[2009/05/09 15:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TuneUp Software

[2009/10/25 09:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Zylom

[2009/05/09 15:29:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

[2007/02/11 14:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César\Dados de aplicativos\fltk.org

[2009/10/23 10:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César\Dados de aplicativos\Vso

[2007/12/09 19:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\.ZMatrix

[2009/11/05 09:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Auslogics

[2009/10/23 10:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Azureus

[2009/10/17 19:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\CBS Interactive

[2008/11/24 11:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/01/14 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Coolbox

[2009/10/31 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Desktopicon

[2009/09/07 08:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\DMCache

[2007/07/18 16:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\fltk.org

[2009/10/19 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\fretsonfire

[2009/06/29 11:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\gtk-2.0

[2009/10/23 10:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\IObit

[2009/10/27 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Megaupload

[2009/07/06 20:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Nokia

[2009/10/13 12:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\PC Suite

[2009/03/19 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Publish Providers

[2007/12/21 14:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\River Past G5

[2008/06/26 23:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Shareaza

[2009/03/19 18:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Sony

[2009/05/09 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\TuneUp Software

[2009/07/11 20:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\uniblue

[2009/12/06 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\uTorrent

[2010/03/08 21:17:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job

[2010/03/08 21:17:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2010/02/07 22:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\Licking Dog Screen Clean.scr:SummaryInformation

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:CD060F93

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:5C321E34

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:D74B6CF5

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:8FB6501C

< End of report >

[2010/03/08 22:27:33 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe

[2010/03/08 22:24:31 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\spider.sav

[2010/03/08 21:17:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/08 21:17:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/03/08 21:17:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job

[2010/03/08 21:15:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/08 21:15:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/08 21:14:14 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.ini

[2010/03/08 21:14:13 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.dat

[2010/03/08 21:13:57 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\IconCache.db

[2010/03/07 14:35:10 | 008,192,828 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Desktop\13-gary_go-wonderful160.mp3

[2010/03/06 18:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Skype

[2010/03/06 17:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\skypePM

[2010/03/06 15:20:35 | 000,253,492 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Gillette.pdf

[2010/02/27 17:16:26 | 000,000,695 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/02/21 17:13:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/21 16:34:54 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/12 21:37:39 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Total Video Converter IR Retail

[2010/02/12 11:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Microsoft

[2010/02/12 09:25:44 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Google

[2010/02/12 09:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google

[2010/02/11 11:39:25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/02/07 22:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

[2009/10/20 09:39:41 | 000,069,664 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT

[2009/03/19 17:50:11 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\.zreglib

[2008/12/02 09:04:35 | 000,000,061 | ---- | M] () -- C:\Arquivos de programas\ddtabases.rar

[2008/03/27 01:00:28 | 000,000,305 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\addr_file.html

[2007/07/20 01:19:00 | 001,803,760 | ---- | M] () -- C:\Arquivos de programas\AUG2007_d3dx9_35_x64.cab

[2007/07/20 01:19:00 | 000,855,886 | ---- | M] () -- C:\Arquivos de programas\AUG2007_d3dx10_35_x64.cab

[2007/07/20 01:19:00 | 000,800,467 | ---- | M] () -- C:\Arquivos de programas\AUG2007_d3dx10_35_x86.cab

[2007/07/20 01:18:58 | 000,201,696 | ---- | M] () -- C:\Arquivos de programas\AUG2007_XACT_x64.cab

[2007/07/20 01:18:56 | 001,711,752 | ---- | M] () -- C:\Arquivos de programas\AUG2007_d3dx9_35_x86.cab

[2007/07/20 01:18:56 | 000,156,612 | ---- | M] () -- C:\Arquivos de programas\AUG2007_XACT_x86.cab

[2007/07/20 01:18:56 | 000,044,684 | ---- | M] () -- C:\Arquivos de programas\dxdllreg_x86.cab

[2007/07/20 00:48:24 | 001,673,576 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\dsetup32.dll

[2007/07/20 00:48:24 | 001,610,886 | ---- | M] () -- C:\Arquivos de programas\JUN2007_d3dx9_34_x86.cab

[2007/07/20 00:48:24 | 001,413,862 | ---- | M] () -- C:\Arquivos de programas\OCT2006_d3dx9_31_x64.cab

[2007/07/20 00:48:24 | 001,128,177 | ---- | M] () -- C:\Arquivos de programas\OCT2006_d3dx9_31_x86.cab

[2007/07/20 00:48:24 | 000,503,144 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\DXSETUP.exe

[2007/07/20 00:48:24 | 000,200,722 | ---- | M] () -- C:\Arquivos de programas\JUN2007_XACT_x64.cab

[2007/07/20 00:48:24 | 000,183,321 | ---- | M] () -- C:\Arquivos de programas\OCT2006_XACT_x64.cab

[2007/07/20 00:48:24 | 000,156,509 | ---- | M] () -- C:\Arquivos de programas\JUN2007_XACT_x86.cab

[2007/07/20 00:48:24 | 000,138,977 | ---- | M] () -- C:\Arquivos de programas\OCT2006_XACT_x86.cab

[2007/07/20 00:48:24 | 000,086,925 | ---- | M] () -- C:\Arquivos de programas\Oct2005_xinput_x64.cab

[2007/07/20 00:48:24 | 000,086,709 | ---- | M] () -- C:\Arquivos de programas\dxupdate.cab

[2007/07/20 00:48:24 | 000,077,160 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\DSETUP.dll

[2007/07/20 00:48:24 | 000,046,247 | ---- | M] () -- C:\Arquivos de programas\Oct2005_xinput_x86.cab

[2007/07/20 00:48:22 | 001,611,374 | ---- | M] () -- C:\Arquivos de programas\JUN2007_d3dx9_34_x64.cab

[2007/07/20 00:48:22 | 001,575,336 | ---- | M] () -- C:\Arquivos de programas\DEC2006_d3dx9_32_x86.cab

[2007/07/20 00:48:22 | 001,572,114 | ---- | M] () -- C:\Arquivos de programas\DEC2006_d3dx9_32_x64.cab

[2007/07/20 00:48:22 | 001,363,684 | ---- | M] () -- C:\Arquivos de programas\Feb2006_d3dx9_29_x64.cab

[2007/07/20 00:48:22 | 001,358,864 | ---- | M] () -- C:\Arquivos de programas\Dec2005_d3dx9_28_x64.cab

[2007/07/20 00:48:22 | 001,351,430 | ---- | M] () -- C:\Arquivos de programas\Aug2005_d3dx9_27_x64.cab

[2007/07/20 00:48:22 | 001,336,890 | ---- | M] () -- C:\Arquivos de programas\Jun2005_d3dx9_26_x64.cab

[2007/07/20 00:48:22 | 001,248,387 | ---- | M] () -- C:\Arquivos de programas\Feb2005_d3dx9_24_x64.cab

[2007/07/20 00:48:22 | 001,085,608 | ---- | M] () -- C:\Arquivos de programas\Feb2006_d3dx9_29_x86.cab

[2007/07/20 00:48:22 | 001,080,344 | ---- | M] () -- C:\Arquivos de programas\Dec2005_d3dx9_28_x86.cab

[2007/07/20 00:48:22 | 001,078,532 | ---- | M] () -- C:\Arquivos de programas\Aug2005_d3dx9_27_x86.cab

[2007/07/20 00:48:22 | 001,065,813 | ---- | M] () -- C:\Arquivos de programas\Jun2005_d3dx9_26_x86.cab

[2007/07/20 00:48:22 | 001,014,113 | ---- | M] () -- C:\Arquivos de programas\Feb2005_d3dx9_24_x86.cab

[2007/07/20 00:48:22 | 000,702,644 | ---- | M] () -- C:\Arquivos de programas\JUN2007_d3dx10_34_x64.cab

[2007/07/20 00:48:22 | 000,702,072 | ---- | M] () -- C:\Arquivos de programas\JUN2007_d3dx10_34_x86.cab

[2007/07/20 00:48:22 | 000,213,767 | ---- | M] () -- C:\Arquivos de programas\DEC2006_d3dx10_00_x64.cab

[2007/07/20 00:48:22 | 000,199,366 | ---- | M] () -- C:\Arquivos de programas\APR2007_XACT_x64.cab

[2007/07/20 00:48:22 | 000,198,275 | ---- | M] () -- C:\Arquivos de programas\FEB2007_XACT_x64.cab

[2007/07/20 00:48:22 | 000,193,435 | ---- | M] () -- C:\Arquivos de programas\DEC2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,192,680 | ---- | M] () -- C:\Arquivos de programas\DEC2006_d3dx10_00_x86.cab

[2007/07/20 00:48:22 | 000,183,863 | ---- | M] () -- C:\Arquivos de programas\AUG2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,181,745 | ---- | M] () -- C:\Arquivos de programas\JUN2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,179,247 | ---- | M] () -- C:\Arquivos de programas\Feb2006_XACT_x64.cab

[2007/07/20 00:48:22 | 000,154,825 | ---- | M] () -- C:\Arquivos de programas\APR2007_XACT_x86.cab

[2007/07/20 00:48:22 | 000,151,583 | ---- | M] () -- C:\Arquivos de programas\FEB2007_XACT_x86.cab

[2007/07/20 00:48:22 | 000,146,559 | ---- | M] () -- C:\Arquivos de programas\DEC2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,138,195 | ---- | M] () -- C:\Arquivos de programas\AUG2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,134,631 | ---- | M] () -- C:\Arquivos de programas\JUN2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,133,297 | ---- | M] () -- C:\Arquivos de programas\Feb2006_XACT_x86.cab

[2007/07/20 00:48:22 | 000,100,417 | ---- | M] () -- C:\Arquivos de programas\APR2007_xinput_x64.cab

[2007/07/20 00:48:22 | 000,088,102 | ---- | M] () -- C:\Arquivos de programas\AUG2006_xinput_x64.cab

[2007/07/20 00:48:22 | 000,056,902 | ---- | M] () -- C:\Arquivos de programas\APR2007_xinput_x86.cab

[2007/07/20 00:48:22 | 000,047,018 | ---- | M] () -- C:\Arquivos de programas\AUG2006_xinput_x86.cab

[2007/07/20 00:48:20 | 004,163,518 | ---- | M] () -- C:\Arquivos de programas\Apr2006_MDX1_x86_Archive.cab

[2007/07/20 00:48:20 | 001,610,958 | ---- | M] () -- C:\Arquivos de programas\APR2007_d3dx9_33_x64.cab

[2007/07/20 00:48:20 | 001,609,639 | ---- | M] () -- C:\Arquivos de programas\APR2007_d3dx9_33_x86.cab

[2007/07/20 00:48:20 | 001,398,718 | ---- | M] () -- C:\Arquivos de programas\Apr2006_d3dx9_30_x64.cab

[2007/07/20 00:48:20 | 001,348,242 | ---- | M] () -- C:\Arquivos de programas\Apr2005_d3dx9_25_x64.cab

[2007/07/20 00:48:20 | 001,116,109 | ---- | M] () -- C:\Arquivos de programas\Apr2006_d3dx9_30_x86.cab

[2007/07/20 00:48:20 | 001,079,850 | ---- | M] () -- C:\Arquivos de programas\Apr2005_d3dx9_25_x86.cab

[2007/07/20 00:48:20 | 000,917,318 | ---- | M] () -- C:\Arquivos de programas\Apr2006_MDX1_x86.cab

[2007/07/20 00:48:20 | 000,702,212 | ---- | M] () -- C:\Arquivos de programas\APR2007_d3dx10_33_x64.cab

[2007/07/20 00:48:20 | 000,699,465 | ---- | M] () -- C:\Arquivos de programas\APR2007_d3dx10_33_x86.cab

[2007/07/20 00:48:20 | 000,180,021 | ---- | M] () -- C:\Arquivos de programas\Apr2006_XACT_x64.cab

[2007/07/20 00:48:20 | 000,133,991 | ---- | M] () -- C:\Arquivos de programas\Apr2006_XACT_x86.cab

[2007/07/20 00:48:20 | 000,087,989 | ---- | M] () -- C:\Arquivos de programas\Apr2006_xinput_x64.cab

[2007/07/20 00:48:20 | 000,046,898 | ---- | M] () -- C:\Arquivos de programas\Apr2006_xinput_x86.cab

[2007/07/20 00:48:18 | 013,265,040 | ---- | M] () -- C:\Arquivos de programas\dxnt.cab

[2007/07/20 00:48:18 | 001,156,363 | ---- | M] () -- C:\Arquivos de programas\BDANT.cab

[2007/07/20 00:48:18 | 000,976,020 | ---- | M] () -- C:\Arquivos de programas\BDAXP.cab

[2007/07/02 22:43:13 | 000,171,008 | ---- | M] () -- C:\Arquivos de programas\FLV PlayerRCSetup.exe

[2007/05/08 17:28:06 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\desktop.ini

[2007/05/08 17:28:06 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\desktop.ini

[2007/05/07 20:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2007/05/07 20:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2007/05/07 20:32:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2007/05/07 20:32:19 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2004/10/01 15:00:16 | 000,040,960 | ---- | M] () -- C:\Arquivos de programas\Uninstall_CDS.exe

 

========== Files - Modified Within 30 Days ==========

 

[2010/03/08 22:27:33 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ítalo César.HOME\Desktop\OTL.exe

[2010/03/08 22:24:31 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\spider.sav

[2010/03/08 21:17:21 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/03/08 21:17:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/03/08 21:17:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job

[2010/03/08 21:15:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/03/08 21:15:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/03/08 21:14:14 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.ini

[2010/03/08 21:14:13 | 014,417,920 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\ntuser.dat

[2010/03/08 21:13:57 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\IconCache.db

[2010/03/07 14:35:10 | 008,192,828 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Desktop\13-gary_go-wonderful160.mp3

[2010/03/06 15:20:35 | 000,253,492 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Meus documentos\Gillette.pdf

[2010/02/27 17:16:26 | 000,000,695 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/02/21 17:13:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/02/21 16:34:54 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/11 11:39:25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/02/07 22:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job

 

========== LOP Check ==========

 

[2008/03/26 13:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Avg7

[2009/09/18 09:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Azureus

[2009/01/26 10:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Elaborate Bytes

[2009/09/08 21:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Installations

[2009/10/23 10:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\IObit

[2010/01/20 23:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Messenger Plus!

[2007/07/02 11:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\NFS Underground Demo

[2009/04/12 23:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Nokia

[2009/07/06 12:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\NokiaMusic

[2007/10/23 23:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\PC Suite

[2008/03/31 17:48:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Readme Live Axis Tons

[2008/02/09 23:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\River Past G5

[2009/12/06 09:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\SpeedBit

[2009/12/06 09:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP

[2009/05/09 15:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TuneUp Software

[2009/10/25 09:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\Zylom

[2009/05/09 15:29:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\{55A29068-F2CE-456C-9148-C869879E2357}

[2007/02/11 14:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César\Dados de aplicativos\fltk.org

[2009/10/23 10:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César\Dados de aplicativos\Vso

[2007/12/09 19:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\.ZMatrix

[2009/11/05 09:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Auslogics

[2009/10/23 10:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Azureus

[2009/10/17 19:37:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\CBS Interactive

[2008/11/24 11:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2009/01/14 12:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Coolbox

[2009/10/31 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Desktopicon

[2009/09/07 08:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\DMCache

[2007/07/18 16:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\fltk.org

[2009/10/19 11:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\fretsonfire

[2009/06/29 11:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\gtk-2.0

[2009/10/23 10:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\IObit

[2009/10/27 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Megaupload

[2009/07/06 20:23:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Nokia

[2009/10/13 12:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\PC Suite

[2009/03/19 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Publish Providers

[2007/12/21 14:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\River Past G5

[2008/06/26 23:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Shareaza

[2009/03/19 18:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\Sony

[2009/05/09 15:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\TuneUp Software

[2009/07/11 20:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\uniblue

[2009/12/06 21:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ítalo César.HOME\Dados de aplicativos\uTorrent

[2010/03/08 21:17:15 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job

[2010/03/08 21:17:19 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

[2010/02/07 22:00:02 | 000,000,428 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\Licking Dog Screen Clean.scr:SummaryInformation

@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:CD060F93

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:5C321E34

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:D74B6CF5

@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users.WINDOWS\Dados de aplicativos\TEMP:8FB6501C

 

< End of report >

 

OTL Extras logfile created on: 8/3/2010 22:31:40 - Run 1

OTL by OldTimer - Version 3.1.35.0 Folder = C:\Documents and Settings\Ítalo César.HOME\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1.007,00 Mb Total Physical Memory | 653,00 Mb Available Physical Memory | 65,00% Memory free

1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): C:\pagefile.sys 360 720 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,52 Gb Total Space | 47,86 Gb Free Space | 64,23% Space Free | Partition Type: NTFS

Drive D: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME

Current User Name: Ítalo César

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"34162:TCP" = 34162:TCP:*:Enabled:AresChatServer

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Ítalo César.HOME\temp\TeamViewer\TeamViewer.exe" = C:\Documents and Settings\Ítalo César.HOME\temp\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme" = C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound -- File not found

"C:\Ongame\HeroOnline\Launcher.exe" = C:\Ongame\HeroOnline\Launcher.exe:*:Enabled:HeroOnline -- ()

"C:\Age Of Empires II\empires2.exe" = C:\Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II -- File not found

"C:\Age Of Empires II\age2_x1.exe" = C:\Age Of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"24894EA20BE8E62AA4FC3DD3AA85785356B52BF5" = Pacote de Driver do Windows - Nokia Modem (08/08/2007 3.3)

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacote de Driver do Windows - Nokia Modem (10/12/2007 3.6)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Ares" = Ares 2.1.4

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"CCleaner" = CCleaner

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pacote de Driver do Windows - Nokia Modem (05/24/2007 6.84.0.1)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Programador de Modem_is1" = LightModem 3.0

"RatingsMigration" = Windows Media Player 9 Series Power Toy - Ratings Migration

"The KMPlayer" = The KMPlayer (remove only)

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"xvid" = XviD MPEG-4 Video Codec

"Yahoo! Companion" = Barra de Ferramentas do Yahoo! com bloqueador de pop-up

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/1/2010 09:01:19 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha white.exe, versão 1.2.0.0, módulo com falha white.exe,

versão 1.2.0.0, endereço com falha 0x001c5063.

 

Error - 29/1/2010 06:58:42 | Computer Name = HOME | Source = Avira AntiVir | ID = 4106

Description = The virus definition file has been modified or destroyed! Returned

error code: 0x5

 

Error - 29/1/2010 07:00:47 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha hijackthis.exe, versão 2.0.0.2, módulo com falha

ntdll.dll, versão 5.1.2600.5755, endereço com falha 0x00010fa6.

 

Error - 4/2/2010 09:25:15 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha nerostartsmart.exe, versão 2.1.0.6, módulo com

falha nerostartsmart.exe, versão 2.1.0.6, endereço com falha 0x0010a04f.

 

Error - 3/3/2010 10:49:53 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha avgnt.exe, versão 9.0.0.12, módulo com falha

, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 5/3/2010 10:19:25 | Computer Name = HOME | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 5/3/2010 10:20:46 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x00091378.

 

Error - 6/3/2010 11:13:20 | Computer Name = HOME | Source = Avira AntiVir | ID = 4106

Description = The virus definition file has been modified or destroyed! Returned

error code: 0x5

 

Error - 6/3/2010 11:17:15 | Computer Name = HOME | Source = Avira AntiVir | ID = 4109

Description = The engine file has been modified or destroyed! Returned error code:

0xb

 

Error - 8/3/2010 08:59:08 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha avgnt.exe, versão 9.0.0.12, módulo com falha

, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss

ssmdrv

Tcpip

WS2IFSL

 

Error - 8/3/2010 16:43:12 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 8/3/2010 20:13:45 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 8/3/2010 20:14:07 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 8/3/2010 20:16:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Context Manager Process Extension

devido ao seguinte erro: %%3

 

Error - 8/3/2010 20:16:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7023

Description = O serviço HID Input Service terminou com o erro: %%2

 

Error - 8/3/2010 21:13:42 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço upnphost com

argumentos "" para iniciar o servidor: {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

 

< End of report >

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"34162:TCP" = 34162:TCP:*:Enabled:AresChatServer

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Documents and Settings\Ítalo César.HOME\temp\TeamViewer\TeamViewer.exe" = C:\Documents and Settings\Ítalo César.HOME\temp\TeamViewer\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)

"C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group)

"C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Arquivos de programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)

"C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Arquivos de programas\Arquivos comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)

"C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme" = C:\Arquivos de programas\OnGame\GunBoundWC\GunBound.gme:*:Enabled:GunBound -- File not found

"C:\Ongame\HeroOnline\Launcher.exe" = C:\Ongame\HeroOnline\Launcher.exe:*:Enabled:HeroOnline -- ()

"C:\Age Of Empires II\empires2.exe" = C:\Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II -- File not found

"C:\Age Of Empires II\age2_x1.exe" = C:\Age Of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"0C5EDC3653FED5B121F464339EAC12534D253B25" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"24894EA20BE8E62AA4FC3DD3AA85785356B52BF5" = Pacote de Driver do Windows - Nokia Modem (08/08/2007 3.3)

"504244733D18C8F63FF584AEB290E3904E791693" = Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Pacote de Driver do Windows - Nokia Modem (10/12/2007 3.6)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Ares" = Ares 2.1.4

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Pacote de Driver do Windows - Nokia Modem (02/15/2007 3.1)

"CCleaner" = CCleaner

"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Pacote de Driver do Windows - Nokia Modem (05/24/2007 6.84.0.1)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Programador de Modem_is1" = LightModem 3.0

"RatingsMigration" = Windows Media Player 9 Series Power Toy - Ratings Migration

"The KMPlayer" = The KMPlayer (remove only)

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"xvid" = XviD MPEG-4 Video Codec

"Yahoo! Companion" = Barra de Ferramentas do Yahoo! com bloqueador de pop-up

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 16/1/2010 09:01:19 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha white.exe, versão 1.2.0.0, módulo com falha white.exe,

versão 1.2.0.0, endereço com falha 0x001c5063.

 

Error - 29/1/2010 06:58:42 | Computer Name = HOME | Source = Avira AntiVir | ID = 4106

Description = The virus definition file has been modified or destroyed! Returned

error code: 0x5

 

Error - 29/1/2010 07:00:47 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha hijackthis.exe, versão 2.0.0.2, módulo com falha

ntdll.dll, versão 5.1.2600.5755, endereço com falha 0x00010fa6.

 

Error - 4/2/2010 09:25:15 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha nerostartsmart.exe, versão 2.1.0.6, módulo com

falha nerostartsmart.exe, versão 2.1.0.6, endereço com falha 0x0010a04f.

 

Error - 3/3/2010 10:49:53 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha avgnt.exe, versão 9.0.0.12, módulo com falha

, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 5/3/2010 10:19:25 | Computer Name = HOME | Source = PerfNet | ID = 2004

Description = Não foi possível abrir o serviço do servidor. Os dados do desempenho

do servidor não serão retornados. O código de erro retornado está no dado DWORD

0.

 

Error - 5/3/2010 10:20:46 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha wlcomm.exe, versão 14.0.8064.206, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x00091378.

 

Error - 6/3/2010 11:13:20 | Computer Name = HOME | Source = Avira AntiVir | ID = 4106

Description = The virus definition file has been modified or destroyed! Returned

error code: 0x5

 

Error - 6/3/2010 11:17:15 | Computer Name = HOME | Source = Avira AntiVir | ID = 4109

Description = The engine file has been modified or destroyed! Returned error code:

0xb

 

Error - 8/3/2010 08:59:08 | Computer Name = HOME | Source = Application Error | ID = 1000

Description = Aplicativo com falha avgnt.exe, versão 9.0.0.12, módulo com falha

, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DHCP depende do serviço NetBios em Tcpip, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Cliente DNS depende do serviço Driver de protocolo TCP/IP,

mas não foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7001

Description = O serviço Auxiliar NetBIOS TCP/IP depende do serviço AFD, mas não

foi possível iniciá-lo devido ao seguinte erro: %%31

 

Error - 8/3/2010 16:42:50 | Computer Name = HOME | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss

ssmdrv

Tcpip

WS2IFSL

 

Error - 8/3/2010 16:43:12 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 8/3/2010 20:13:45 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço netman com

argumentos "" para iniciar o servidor: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

 

Error - 8/3/2010 20:14:07 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 8/3/2010 20:16:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Context Manager Process Extension

devido ao seguinte erro: %%3

 

Error - 8/3/2010 20:16:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7023

Description = O serviço HID Input Service terminou com o erro: %%2

 

Error - 8/3/2010 21:13:42 | Computer Name = HOME | Source = DCOM | ID = 10005

Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço upnphost com

argumentos "" para iniciar o servidor: {204810B9-73B2-11D4-BF42-00B0D0118B56}

 

 

< End of report >

 

Desde já, obrigado pela ajuda. =)

[PedroN 1]

• Execute o OTL.exe.

• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:OTL

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O3 - HKU\S-1-5-21-1390067357-117609710-725345543-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\AutoRun\command - "" = F:\tpsfyx.exe -- File not found

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\explore\Command - "" = F:\tpsfyx.exe -- File not found

O33 - MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\Shell\open\Command - "" = F:\tpsfyx.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

 

:Commands

[resethosts]

[purity]

[emptytemp]

[Reboot]

 

• Clique no botão Run Fix --> Aguarde a conclusão!

• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

[ItaloCCSL 0]

Cara fiz tudo que você pediu, só que quando reiniciou apareceu isso:

 

Além desses erros, o que é esse "OGAPluginInstall..." que apareceu do lado do OTL.exe ?

O que eu faço com ele?

 

Está aqui o log:

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.

Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.

Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ not found.

File F:\tpsfyx.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ not found.

File F:\tpsfyx.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ca23b24-f4a8-11de-97f7-000fead92af6}\ not found.

File F:\tpsfyx.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Acesso livre

->Temp folder emptied: 42185852 bytes

->Temporary Internet Files folder emptied: 10500857 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 55192909 bytes

->Flash cache emptied: 15651 bytes

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Administrador.HOME

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 137686 bytes

->Flash cache emptied: 84 bytes

 

User: All Users.WINDOWS

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: Default User.WINDOWS

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

->Flash cache emptied: 84 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 402 bytes

 

User: LocalService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 39707 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: NetworkService.AUTORIDADE NT

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 840306 bytes

 

User: Ítalo César

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 927 bytes

 

User: Ítalo César.HOME

->Temp folder emptied: 566365 bytes

->Temporary Internet Files folder emptied: 5883819 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 37005239 bytes

->Apple Safari cache emptied: 142184 bytes

->Flash cache emptied: 712 bytes

 

User: ═talo CÚsar.HOME

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 66019 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 146,00 mb

 

 

OTL by OldTimer - Version 3.1.35.0 log created on 03102010_071648

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Abraço

[PedroN 1]

Olá ItaloCCSL, Boa tarde!

 

Sobre o erro do seu antivírus so será reparada apóis uma nova instalação do mesmo.

 

Além desses erros, o que é esse "OGAPluginInstall..." que apareceu do lado do OTL.exe ?

 

É uma tentativa da Microsoft para validar a cópia genuína do Microsoft Office XP, Office 2003 ou posterior. Ao validar o Office, você pode acessar as funcionalidades mais recentes, atualizações e suporte, incluindo o Office Genuine Advantage oferece que contém add-ins, modelos, ferramentas de aprendizagem, as etiquetas inteligentes e papelaria.

 

Poste por favor, um novo log do hijackthis.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

[Mário Monteiro 179]

Tópico reaberto a pedido do autor

 

Post um novo log neste tópico

[Renato Utsch 24]

Olá!

 

Como pedido pelo Mário, poste um novo log do HijackThis.

 

 

Abraços :D

[ItaloCCSL 0]

Ok, e lá vamos nós outra vez (Inclusive hoje apareceu o recado de novo de que o firewall estava com problema).

 

Log hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:26 Ítalo César, on 28/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 7170 bytes

 

Obrigado por reabrir, prometo responder o mais rápido possível.

[Renato Utsch 24]

Olá!

 

Por favor, atualize o HijackThis para a versão 2.0.4 desinstalando no Painel de Controle > Adicionar ou Remover Programas e baixando a nova versão, conforme a regranº 02 deste tópico.

[ItaloCCSL 0]

Olá!

 

Por favor, atualize o HijackThis para a versão 2.0.4 desinstalando no Painel de Controle > Adicionar ou Remover Programas e baixando a nova versão, conforme a regranº 02 deste tópico.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:15 Ítalo César, on 29/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\HiJackThis (1).exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 7483 bytes

[Renato Utsch 24]

Olá!

 

Peço que siga a ordem das instruções dadas. Caso haja algum problema, NÃO PULE PARA A OUTRA ETAPA! Me envie uma mensagem este tópico mesmo para eu lhe dizer o que fazer.

 

__________________________________________________

 

<<1>>

 

Por favor, abra o HijackThis, clique em "Do a System Scan Only", marque as seguintes entradas e clique em Fix Checked.

 

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

 

 

__________________________________________________

 

<<2>>

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

[ItaloCCSL 0]

<<1>>

 

Tá feito:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:40 Ítalo César, on 31/8/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\HiJackThis (1).exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Ítalo César.HOME\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Arquivos de programas\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 7763 bytes

 

 

<<2>>

 

Também feito:

 

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Ítalo César at 22:34:49,26 on ter 31/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.991.602 [GMT -3:00]

 

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe

C:\Documents and Settings\Ítalo César.HOME\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

mWindow Title =

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Barra de Ferramentas do Yahoo! com bloqueador de pop-up: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\ítalo césar.home\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [Advanced SystemCare 3] "c:\arquivos de programas\iobit\advanced systemcare 3\AWC.exe" /startup

mRun: [avgnt] "c:\arquivos de programas\avira\antivir desktop\avgnt.exe" /min

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\arquivos de programas\arquivos comuns\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

mPolicies-system: EnableLUA = 0 (0x0)

IE: &Windows Live Search

IE: Baixar Link Utiizando Gerenciador Mega...

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\arquivos de programas\yahoo!\common\yinsthelper.dll

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\talocs~1.hom\dadosd~1\mozilla\firefox\profiles\tv8x2dnn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2365958&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\arquivos de programas\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npOGAPlugin.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\arquivos de programas\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 avgio;avgio;c:\arquivos de programas\avira\antivir desktop\avgio.sys [2009-5-15 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\avira\antivir desktop\sched.exe [2009-5-15 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\arquivos de programas\avira\antivir desktop\avguard.exe [2009-5-15 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-15 56816]

S2 cmpe;Context Manager Process Extension; [x]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

 

=============== Created Last 30 ================

 

2010-08-13 01:52:20 1374 -c--a-w- c:\windows\imsins.BAK

2010-08-09 23:34:48 131072 -c--a-w- C:\Bootfont.srm

2010-08-08 14:04:14 0 dc----w- c:\arquivos de programas\SoftnyxGame

2010-08-08 13:26:49 201728 -c--a-w- c:\windows\system32\Disneynature - Oceans.scr

2010-08-08 13:26:49 0 dc----w- c:\windows\system32\Disneynature - Oceans dir

2010-08-06 15:10:45 73728 -c--a-w- c:\windows\system32\javacpl.cpl

 

==================== Find3M ====================

 

2010-08-13 02:12:00 79980 ----a-w- c:\windows\system32\perfc016.dat

2010-08-13 02:12:00 471022 ----a-w- c:\windows\system32\perfh016.dat

2010-08-06 15:09:44 423656 -c--a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:32:26 149504 -c--a-w- c:\windows\system32\schannel.dll

2010-06-24 12:24:53 916480 -c--a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02:34 1852032 -c--a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:09 80384 -c--a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:42:28 1172480 -c--a-w- c:\windows\system32\msxml3.dll

2008-12-02 12:04:35 61 -c--a-w- c:\arquivos de programas\ddtabases.rar

2007-07-20 04:19:00 855886 -c--a-w- c:\arquivos de programas\AUG2007_d3dx10_35_x64.cab

2007-07-20 04:19:00 800467 -c--a-w- c:\arquivos de programas\AUG2007_d3dx10_35_x86.cab

2007-07-20 04:19:00 1803760 -c--a-w- c:\arquivos de programas\AUG2007_d3dx9_35_x64.cab

2007-07-20 04:18:58 201696 -c--a-w- c:\arquivos de programas\AUG2007_XACT_x64.cab

2007-07-20 04:18:56 44684 -c--a-w- c:\arquivos de programas\dxdllreg_x86.cab

2007-07-20 04:18:56 1711752 -c--a-w- c:\arquivos de programas\AUG2007_d3dx9_35_x86.cab

2007-07-20 04:18:56 156612 -c--a-w- c:\arquivos de programas\AUG2007_XACT_x86.cab

2007-07-03 01:43:13 171008 -c--a-w- c:\arquivos de programas\FLV PlayerRCSetup.exe

2004-10-01 18:00:16 40960 -c--a-w- c:\arquivos de programas\Uninstall_CDS.exe

2009-10-20 12:32:05 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012009102020091021\index.dat

 

============= FINISH: 22:36:20,14 ===============

 

Abraço.

[Renato Utsch 24]

Olá!

 

Desinstale e instale novamente o Mozilla Firefox.

 

Veja se o Firewall do windows está ativado - as vezes há um conflito entre seu firewall e o firewall do windows e isso gera problemas. Se estiver, desative-o e veja se os alertas param.

 

O seu antivírus está com problema?

 

Se não for o caso acima (do firewall), tente rodar o programa abaixo:

 

Faça o download do FindyKill e salve no seu desktop (área de trabalho).

 

• Duplo clique em Setup.exe.
  
• Digite p e tecle enter.
  
• Digite 2 e tecle novamente enter para iniciar a remoção.
  
• Clique em OK. Clique em OK novamente.
  
• Atenção: Poderá surgir uma mensagem que seu computador será desligado.
  NÃO REINICIE!!! O FindyKill irá reiniciar seu computador automaticamente.
  
• Ao reiniciar o PC a ferramenta será executada automaticamente. Apenas aguarde, sem mover o mouse ou usar o teclado. Seja paciente, o escaneamento pode demorar.
  
• Será aberto o log no bloco de notas automaticamente. O log também estará em C:\FindyKill.txt ou C:\FyK.txt.
  
• Poste esse log na sua próxima resposta.
  

 

Abraços :D

[ItaloCCSL 0]

Veja se o Firewall do windows está ativado - as vezes há um conflito entre seu firewall e o firewall do windows e isso gera problemas. Se estiver, desative-o e veja se os alertas param.

 

O seu antivírus está com problema?

 

Não tenho outro firewall.

 

O antivírus está com problema, sim. Ele não está se atualizando =/

 

Ah! O log lá do FindyKill, aqui está:

 

 

 

############################## | FindyKill V5.050 |

 

# User : Ítalo César (Administradores) # HOME

# Update on 03/09/2010 by El Desaparecido

# Start at: 12:08:47 | 4/9/2010

# Website : http://pagesperso-orange.fr/NosTools/index.html

# Contact : FindyKill.Contact@gmail.com

 

# Intel® Celeron® CPU 2.26GHz

# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

# Internet Explorer 8.0.6001.18702

# Windows Firewall Status : Enabled

# AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

 

# A:\ # Unidade de disquete de 3 1/2 polegadas

# C:\ # Disco fixo local # 74,52 Go (9,84 Go free) [Ítalo César Camelo Soares Lima] # NTFS

# D:\ # Disco CD-ROM

# E:\ # Disco CD-ROM

# F:\ # Disco removível # 1,89 Go (616,03 Mo free) [ÍTALO CÉSAR] # FAT

 

################## | Ficheiros infeciosos |

 

Supprimido ! F:\autorun.inf

Supprimido ! C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf

[Renato Utsch 24]

Olá!

 

Me desculpe pela demora para responder.

 

Tente reinstalar o seu anti-vírus e tenha certeza que o firewall não está bloqueando ele.

 

______________________________________________

 

<<1>>

 

Por favor, siga o tutorial abaixo e execute o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Poste o log gerado.

 

______________________________________________

 

<<2>>

 

Siga o tutorial abaixo e execute o Kaspersky Virus Removal Tool e poste o log gerado:

 

Tutorial do Kaspersky Virus Removal Tool

 

Abraços :D

[Felipe_88 0]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.