[Resolvido!] Computador cada vez mais lento

[latos 0]

Olá, tudo bom?

 

De um tempo para ca tenho reparado que meu computador esta cada vez mais lento! Tanto para iniciar, abrir arquivos de video, word, audio, etc. Tanto como para navegar pelo Firefox (que leva quase uns 10 minutos para abrir) assim como agora até o google chrome tem levado seculos para abrir e tem travado mto.

 

Nao sei ao certo se é um virus, acredito que sim, pois a parte da lentidao, aparentemente nada mudou no meu computador. De diferente só uma pasta chamada Pastas da Web apareceu. Enfim, espero que possam me ajudar. Abaixo o meu log do Hijackthis: Muito obrigado

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:56:22, on 13/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

D:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\AOL\1273433411\ee\AOLSoftware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\AOL 9.5\waol.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Arquivos de programas\Arquivos comuns\AOL\ACS\AOLAcsd.exe

C:\Arquivos de programas\AOL 9.5\shellmon.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P32 "\\quarto\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "Auto EPSON Stylus C67 Series em quarto" /O17 "\\QUARTO\EPSONSty" /M "Stylus C67"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HostManager] C:\Arquivos de programas\Arquivos comuns\AOL\1273433411\ee\AOLSoftware.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Arquivos de programas\AOL 9.5\AOL.EXE" -b

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Arquivos de programas\Arquivos comuns\AOL\ACS\AOLAcsd.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 10260 bytes

[DigRam 144]

Bom Dia! latos

 

<!> Desinstale: C:\Arquivos de programas\AOL 9.5

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < Malwarebytes' Anti-Malware >

 

<@> Link - 2: < >

 

<@> Ps: Salve ou imprima estas instruções:

 

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.

- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

 

Abraços!

[latos 0]

Ola DigRam, obrigado pela resposta. Fiz tudo o que foi pedido. Aqui segue o Log do Malware e logo abaixo o do HijackThis

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4109

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

17/5/2010 13:15:40

mbam-log-2010-05-17 (13-15-40).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 121746

Tempo decorrido: 7 minuto(s), 44 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

 

Log do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:17:17, on 17/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\Explorer.EXE

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

D:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P32 "\\quarto\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "Auto EPSON Stylus C67 Series em quarto" /O17 "\\QUARTO\EPSONSty" /M "Stylus C67"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 9278 bytes

[DigRam 144]

Boa Noite! latos

 

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\cngaudit.dll /s /md5%SYSTEMDRIVE%\sceclt.dll /s /md5%SYSTEMDRIVE%\ntelogon.dll /s /md5%SYSTEMDRIVE%\logevent.dll /s /md5%SYSTEMDRIVE%\iaStor.sys /s /md5%SYSTEMDRIVE%\nvstor.sys /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[latos 0]

Ola DigRam, abaixo seguem os logs:

 

OLT.Txt

 

OTL logfile created on: 17/5/2010 22:04:43 - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 41,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 24,42 Gb Total Space | 12,57 Gb Free Space | 51,48% Space Free | Partition Type: NTFS

Drive D: | 115,74 Gb Total Space | 7,02 Gb Free Space | 6,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 232,88 Gb Total Space | 14,29 Gb Free Space | 6,14% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RODRIGO

Current User Name: Rodrigo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Arquivos de programas\AVG\AVG8\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe ()

PRC - D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

PRC - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

PRC - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAL.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Arquivos de programas\VIA\RAID\raid_tool.exe (VIA Technologies)

 

 

========== Modules (SafeList) ==========

 

MOD - D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found

SRV - (NMIndexingService) -- File not found

SRV - (avg8wd) -- C:\Arquivos de programas\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (TVersityMediaServer) -- D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe ()

SRV - (Apple Mobile Device) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (NMSAccessU) -- d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe ()

SRV - (getPlus® Helper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)

SRV - (MSCamSvc) -- C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

DRV - (viasraid) -- C:\WINDOWS\system32\DRIVERS\viasraid.sys (VIA Technologies inc,.ltd)

DRV - (yukonx86) -- C:\WINDOWS\system32\drivers\yukonx86.sys (Marvell Semiconductor Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.uol.com"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9

FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: pbreak.br@gmail.com:3.2

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.7.10

FF - prefs.js..extensions.enabledItems: {455D905A-D37C-4643-A9E2-F6FEFAA0424A}:0.8.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.4896

FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3

FF - prefs.js..extensions.enabledItems: camifox@altmusictv.com:3.6.5

FF - prefs.js..extensions.enabledItems: {269FB356-C69F-7349-D092-AB28AF836D0E}:3.5.004

FF - prefs.js..keyword.URL: "http://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG8\Firefox [2009/12/22 18:51:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 18:39:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/04/26 00:14:56 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/09 16:33:59 | 000,000,000 | ---D | M]

 

[2009/02/04 15:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Extensions

[2009/02/04 15:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

[2010/05/10 17:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions

[2010/04/28 13:18:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/03/28 23:25:16 | 000,000,000 | ---D | M] (Strata Aero) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}

[2009/11/21 02:23:25 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}

[2010/03/09 15:47:15 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}

[2010/05/09 16:34:10 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2010/05/01 19:07:29 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2009/03/09 11:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2010/04/25 23:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010/04/28 13:18:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/11/21 02:23:26 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

[2010/03/28 23:25:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/03/28 23:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\camifox@altmusictv.com

[2008/06/17 18:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\pbreak.br@gmail.com

[2010/03/28 23:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{269FB356-C69F-7349-D092-AB28AF836D0E}\mozapps\extensions

[2010/03/09 15:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions

[2010/03/09 15:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions

[2010/03/09 15:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions

[2010/03/09 15:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions

[2010/05/10 02:12:35 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\searchplugins\aol-search.xml

[2010/05/10 17:55:38 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2010/04/20 01:21:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/04/20 01:21:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/03/26 20:10:52 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/03/26 20:10:52 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/03/26 20:10:52 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/03/26 20:10:52 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2009/08/10 14:19:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Arquivos de programas\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CloneCDTray] D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

O4 - HKLM..\Run: [LifeCam] C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe (VIA Technologies)

O4 - Startup: C:\Documents and Settings\Rodrigo\Menu Iniciar\Programas\Inicializar\LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe (Lime Wire, LLC)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-790525478-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O15 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/03 13:20:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

O33 - MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/03 13:20:23 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ISTray - hkey= - key= - Reg Error: Value error. File not found

MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)

MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: WinDefend - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: WinDefend - C:\Arquivos de programas\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {3F31F3B5-C1FF-3708-8611-869DE39C0CB6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - ac3acm.acm File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/05/17 21:58:31 | 000,571,392 | ---- | C] (OldTimer Tools) -- D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\OTL.exe

[2010/05/17 13:27:56 | 000,000,000 | ---D | C] -- D:\Meus documentos\Viagem Disney

[2010/05/17 12:58:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL

[2010/05/17 11:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA

[2010/05/13 00:20:37 | 012,515,915 | ---- | C] (DVDVideoSoft Limited. ) -- D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\FreeYouTubeDownload.exe

[2010/05/09 16:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\AOL

[2010/05/09 16:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Macromedia

[2010/05/09 16:37:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL

[2010/05/09 16:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

[2010/05/09 16:34:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Viewpoint

[2010/05/09 16:34:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar

[2010/05/09 16:33:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Software Update Utility

[2010/05/09 16:32:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\AOL Downloads

[2010/05/09 16:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL OCP

[2010/05/09 16:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/05/17 21:58:52 | 000,571,392 | ---- | M] (OldTimer Tools) -- D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\OTL.exe

[2010/05/17 21:49:48 | 060,085,298 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/05/17 21:49:05 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1004UA.job

[2010/05/17 18:30:38 | 012,320,768 | -H-- | M] () -- C:\Documents and Settings\Rodrigo\NTUSER.DAT

[2010/05/17 16:04:17 | 000,000,344 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies

[2010/05/17 13:03:06 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/05/17 13:01:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/05/17 13:00:28 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/05/17 13:00:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2010/05/17 13:00:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/05/17 12:59:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/05/17 12:59:52 | 535,613,440 | -HS- | M] () -- C:\hiberfil.sys

[2010/05/17 12:58:46 | 000,000,330 | -HS- | M] () -- C:\Documents and Settings\Rodrigo\ntuser.ini

[2010/05/17 12:56:38 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini

[2010/05/17 12:54:51 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini

[2010/05/17 00:49:05 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-790525478-839522115-1004Core.job

[2010/05/17 00:20:49 | 000,181,760 | ---- | M] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/13 22:50:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010/05/13 00:22:12 | 012,515,915 | ---- | M] (DVDVideoSoft Limited. ) -- D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\FreeYouTubeDownload.exe

[2010/05/12 16:28:36 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.zreglib

[2010/05/09 16:45:36 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

[2010/05/09 16:23:53 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010/05/08 22:24:39 | 006,403,516 | -H-- | M] () -- C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\IconCache.db

[2010/05/05 14:54:15 | 000,000,442 | ---- | M] () -- D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\Arquivos Micro Mariana.lnk

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/05/17 12:54:51 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2010/05/09 16:45:36 | 000,010,920 | ---- | C] () -- C:\aolconnfix.exe

[2010/03/26 17:46:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini

[2010/03/26 17:46:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2010/03/26 17:46:24 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2010/03/26 17:46:24 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2010/03/26 17:46:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2010/03/26 17:46:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/20 15:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/03/31 14:33:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll

[2008/06/17 22:53:42 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008/06/06 10:51:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/06 10:20:49 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini

[2008/06/03 15:11:14 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/06/03 14:27:41 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

 

========== LOP Check ==========

 

[2009/06/10 17:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Security Toolbar

[2009/10/01 14:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\F4

[2008/11/14 11:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/06/04 12:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PassMark

[2009/07/28 10:58:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

[2009/09/21 19:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

[2010/05/09 16:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

[2010/02/28 18:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2009/03/08 19:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

[2009/06/10 11:31:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\AVGTOOLBAR

[2009/04/21 16:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\AVGTOOLBAR

[2008/12/25 02:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Canneverbe_Limited

[2010/04/25 23:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers

[2008/07/14 00:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\GrabPro

[2010/04/27 15:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\LimeWire

[2009/04/24 17:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Opera

[2009/04/28 12:43:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Orbit

[2008/06/17 23:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Sports Interactive

[2009/08/04 13:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Uniblue

[2010/05/17 11:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\uTorrent

[2010/04/20 00:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\VitySoft

[2010/02/28 18:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rodrigo\Dados de aplicativos\Vso

[2010/05/13 22:50:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010/05/17 13:03:06 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2010/05/17 13:00:14 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2010/05/09 16:45:36 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

 

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

 

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

 

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

 

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

 

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

 

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

 

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

[2003/10/31 11:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) MD5=EBE101C01D80A42868F57B327BE1B564 -- C:\WINDOWS\system32\drivers\viasraid.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F2DF5BA481F01A72

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

< End of report >

 

 

 

 

Extras.Txt

 

OTL Extras logfile created on: 17/5/2010 22:04:44 - Run 1

OTL by OldTimer - Version 3.2.4.1 Folder = D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

511,00 Mb Total Physical Memory | 208,00 Mb Available Physical Memory | 41,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 24,42 Gb Total Space | 12,57 Gb Free Space | 51,48% Space Free | Partition Type: NTFS

Drive D: | 115,74 Gb Total Space | 7,02 Gb Free Space | 6,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 232,88 Gb Total Space | 14,29 Gb Free Space | 6,14% Space Free | Partition Type: NTFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: RODRIGO

Current User Name: Rodrigo

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [TVersity] -- "D:\Arquivos de programas\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"32459:TCP" = 32459:TCP:*:Enabled:Utorrent

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Serviço de Compartilhamento de Rede do Windows Media Player

"863:UDP" = 863:UDP:*:Enabled:msnmsgr

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\Arquivos de programas\eMule\emule.exe" = D:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"D:\Arquivos de programas\Utorrent\uTorrent.exe" = D:\Arquivos de programas\Utorrent\uTorrent.exe:*:Enabled:µTorrent -- ()

"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4 -- (SEIKO EPSON CORPORATION)

"D:\Arquivos de programas\The 7 Deadly Sins\mirc.exe" = D:\Arquivos de programas\The 7 Deadly Sins\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"D:\Arquivos de programas\LimeWire\LimeWire.exe" = D:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"D:\Arquivos de programas\iTunes\iTunes.exe" = D:\Arquivos de programas\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Arquivos de programas\Java\jre6\bin\java.exe" = C:\Arquivos de programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"D:\Arquivos de programas\Championship Manager 01-02\cm0102.exe" = D:\Arquivos de programas\Championship Manager 01-02\cm0102.exe:*:Enabled:cm0102 -- ()

"D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe" = D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\AVG\AVG8\avgam.exe" = C:\Arquivos de programas\AVG\AVG8\avgam.exe:*:Disabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG8\avgdiag.exe" = C:\Arquivos de programas\AVG\AVG8\avgdiag.exe:*:Disabled:avgdiag.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG8\avgdiagex.exe" = C:\Arquivos de programas\AVG\AVG8\avgdiagex.exe:*:Disabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG8\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG8\avgnsx.exe:*:Disabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG8\avgupd.exe" = C:\Arquivos de programas\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\F4\ClientUpdater\ClientUpdater.exe" = C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\F4\ClientUpdater\ClientUpdater.exe:*:Enabled:F4 Game Client Updater -- File not found

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Arquivos de programas\Opera\opera.exe" = C:\Arquivos de programas\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\UT1.6.1.exe" = D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\UT1.6.1.exe:*:Enabled:UT1.6.1 -- File not found

"D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\Utorrent.exe" = D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\Utorrent.exe:*:Enabled:µTorrent -- ()

"D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\utorrent_1.6.1.exe" = D:\Arquivos de programas\Arquivos de Sistema Usuario\Desktop\utorrent_1.6.1.exe:*:Enabled:µTorrent -- File not found

"C:\Arquivos de programas\Java\jre6\launch4j-tmp\frd.exe" = C:\Arquivos de programas\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"D:\Arquivos de programas\SopCast\SopCast.exe" = D:\Arquivos de programas\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)

"C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLDial.exe" = C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- File not found

"C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLacsd.exe" = C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found

"C:\Arquivos de programas\Arquivos comuns\aol\1273433411\ee\aolsoftware.exe" = C:\Arquivos de programas\Arquivos comuns\aol\1273433411\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found

"C:\Arquivos de programas\AOL 9.5\waol.exe" = C:\Arquivos de programas\AOL 9.5\waol.exe:*:Enabled:AOL -- File not found

"C:\Arquivos de programas\Arquivos comuns\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Arquivos de programas\Arquivos comuns\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- File not found

"C:\Arquivos de programas\Arquivos comuns\aol\Loader\aolload.exe" = C:\Arquivos de programas\Arquivos comuns\aol\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found

"C:\Arquivos de programas\Arquivos comuns\aol\System Information\sinf.exe" = C:\Arquivos de programas\Arquivos comuns\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- File not found

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A7B3E313-3472-4847-8D43-25EBD6734241}" = Microsoft LifeCam

"{AC76BA86-7AD7-1046-7B44-A82000000003}" = Adobe Reader 8.2.2 - Português

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes

"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0

"AOL Toolbar" = AOL Toolbar

"AVG8Uninstall" = AVG 8.5

"CCleaner" = CCleaner

"CloneCD" = CloneCD

"CM3 Series SaveGame Editor_is1" = CM3 Series SaveGame Editor 4.0 Build 4000

"DVD Decrypter" = DVD Decrypter (Remove Only)

"eMule" = eMule

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3

"LimeWire" = LimeWire 5.3.6

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MV RegClean 5.9_is1" = MV RegClean 5.9

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Replay Media Catcher 3.02" = Replay Media Catcher 3.02

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SopCast" = SopCast 1.1.2

"TVersity Codec Pack" = TVersity Codec Pack 1.2

"TVersity Media Server " = TVersity Media Server 1.6 Beta

"Uninstall_is1" = Uninstall 1.0.0.1

"uTorrent" = µTorrent

"ViewpointMediaPlayer" = Viewpoint Media Player

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.1

"WinRAR archiver" = WinRAR archiver

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)

"Google Chrome" = Google Chrome

"UnityWebPlayer" = Unity Web Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/4/2010 13:21:47 | Computer Name = RODRIGO | Source = Application Error | ID = 1000

Description = Aplicativo com falha wordconv.exe, versão 12.0.6500.5000, módulo com

falha unknown, versão 0.0.0.0, endereço com falha 0x3142314f.

 

Error - 13/4/2010 07:52:50 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha E_FARNAAL.EXE, versão 4.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 13/4/2010 07:55:01 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha E_FARNAAL.EXE, versão 4.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 13/4/2010 07:55:15 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha E_FARNAAL.EXE, versão 4.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 13/4/2010 07:55:21 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha E_FARNAAL.EXE, versão 4.0.0.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 23/4/2010 01:57:16 | Computer Name = RODRIGO | Source = Application Error | ID = 1000

Description = Aplicativo com falha mpc-hc.exe, versão 1.3.1752.0, módulo com falha

ntdll.dll, versão 5.1.2600.5755, endereço com falha 0x00010a19.

 

Error - 23/4/2010 01:57:30 | Computer Name = RODRIGO | Source = Application Error | ID = 1000

Description = Aplicativo com falha mpc-hc.exe, versão 1.3.1752.0, módulo com falha

ntdll.dll, versão 5.1.2600.5755, endereço com falha 0x00010fa6.

 

Error - 2/5/2010 21:11:26 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha mpc-hc.exe, versão 1.3.1752.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 10/5/2010 17:17:13 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha mpc-hc.exe, versão 1.3.1752.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 13/5/2010 18:06:44 | Computer Name = RODRIGO | Source = Application Hang | ID = 1002

Description = Aplicativo com falha iexplore.exe, versão 8.0.6001.18702, módulo com

falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

[ System Events ]

Error - 12/5/2010 12:52:41 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7023

Description = O serviço Serviços IPSEC terminou com o erro: %%2

 

Error - 13/5/2010 09:45:14 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 13/5/2010 09:45:14 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7023

Description = O serviço Serviços IPSEC terminou com o erro: %%2

 

Error - 13/5/2010 09:45:55 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7011

Description = Tempo limite (30000 milissegundos) esperando por uma resposta do serviço

NVSvc.

 

Error - 16/5/2010 22:14:29 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 16/5/2010 22:14:29 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7023

Description = O serviço Serviços IPSEC terminou com o erro: %%2

 

Error - 17/5/2010 11:47:07 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 17/5/2010 11:47:07 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7023

Description = O serviço Serviços IPSEC terminou com o erro: %%2

 

Error - 17/5/2010 12:00:51 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 17/5/2010 12:00:51 | Computer Name = RODRIGO | Source = Service Control Manager | ID = 7023

Description = O serviço Serviços IPSEC terminou com o erro: %%2

 

 

< End of report >

[DigRam 144]

Bom Dia! latos

 

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

[latos 0]

Boa Tarde DigRam, abaixo seguem os logs

 

UsbFix

 

############################## | UsbFix V6.114 |

 

User : Rodrigo (Administradores) # RODRIGO

Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8

Start at: 17:14:00 | 18/5/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3000+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AVG Anti-Virus SBS Edition 8.5 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 24,42 Go (12,59 Go free) [sistema] # NTFS

D:\ -> Disco fixo local # 115,74 Go (7,03 Go free) [Dados] # NTFS

E:\ -> Disco CD-ROM

F:\ -> Disco fixo local # 232,88 Go (24,36 Go free) [Dados2] # NTFS

Q:\ -> Conexão de rede # 242,11 Go (83,56 Go free) [Dados] # NTFS

 

################## | Ficheiros # pastas infeciosos |

 

 

################## | Registro |

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

HKCU\..\..\Explorer\MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}

Shell\AutoRun\command =RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

Shell\open\command =RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | ! Fim do relatório # UsbFix V6.114 ! |

 

 

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:16:18, on 18/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

C:\WINDOWS\Explorer.EXE

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P32 "\\quarto\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "Auto EPSON Stylus C67 Series em quarto" /O17 "\\QUARTO\EPSONSty" /M "Stylus C67"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 9567 bytes

[DigRam 144]

Bom Dia! latos

 

<@> Abra o HijackThis --> Clique: Do a system scan only

 

R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

 

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

 

O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

 

O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll (file missing)

 

<@> Marque,àcima,estas entradas!

<@> Clique em Fix checked --> Sim! --> Reinicie!

0000000000000000000000

oooooooooooooooooooooo

<@> Execute,novamente,UsbFix.exe e escolha a opção: "Suppression des fichiers infectieux"

<@> Poste seu relatório + HijackThis atualizado.

 

Abraços!

[latos 0]

Ola DigRam, seguem abaixo os relatórios novos:

 

UsbFix:

 

############################## | UsbFix V6.114 |

 

User : Rodrigo (Administradores) # RODRIGO

Update on 17/05/2010 by El Desaparecido , C_XX & Chimay8

Start at: 13:16:31 | 19/5/2010

Website : http://pagesperso-orange.fr/NosTools/index.html

Contact : FindyKill.Contact@gmail.com

 

AMD Athlon 64 Processor 3000+

Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

Windows Firewall Status : Enabled

AV : AVG Anti-Virus SBS Edition 8.5 [ Enabled | Updated ]

 

A:\ -> Unidade de disquete de 3 1/2 polegadas

C:\ -> Disco fixo local # 24,42 Go (12,54 Go free) [sistema] # NTFS

D:\ -> Disco fixo local # 115,74 Go (7,03 Go free) [Dados] # NTFS

E:\ -> Disco CD-ROM

F:\ -> Disco fixo local # 232,88 Go (24,36 Go free) [Dados2] # NTFS

Q:\ -> Conexão de rede # 242,11 Go (85,6 Go free) [Dados] # NTFS

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Recycler\S-1-5-21-746137067-790525478-839522115-1004

Supprimido ! D:\Recycler\S-1-5-21-1417001333-1788223648-839522115-1005

Supprimido ! D:\Recycler\S-1-5-21-746137067-790525478-839522115-1004

Supprimido ! F:\Recycler\S-1-5-21-746137067-790525478-839522115-1004

(!) Não supprimido ! Q:\Recycler\S-1-5-21-299502267-796845957-682003330-1003

(!) Não supprimido ! Q:\Recycler\S-1-5-21-861567501-1682526488-682003330-1005

 

################## | Registro |

 

Supprimido ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

Supprimido ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

 

################## | Mountpoints2 |

 

Supprimido ! HKCU\...\Explorer\MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\Shell\AutoRun\Command

 

################## | Listing |

 

[12/08/2009 16:31|--a------|3777] C:\aaw7boot.log

[09/05/2010 16:45|--a------|10920] C:\aolconnfix.exe

[09/05/2010 16:45|--a------|1039] C:\aolconnfix.txt

[03/06/2008 13:20|--a------|0] C:\AUTOEXEC.BAT

[03/06/2008 14:46|--a------|211] C:\Boot.bak

[21/09/2009 18:54|-rahs----|281] C:\boot.ini

[28/10/2001 09:06|-rahs----|4952] C:\Bootfont.bin

[03/08/2004 23:00|--a------|261856] C:\cmldr

[17/09/2009 01:56|--a------|15283] C:\ComboFix.txt

[03/06/2008 13:20|--a------|0] C:\CONFIG.SYS

[30/05/2009 04:08|--a------|120] C:\drmHeader.bin

[?|?|?] C:\hiberfil.sys

[03/06/2008 13:20|-rahs----|0] C:\IO.SYS

[17/05/2010 13:04|--a------|100] C:\mbam-error.txt

[03/06/2008 13:20|-rahs----|0] C:\MSDOS.SYS

[03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM

[03/06/2008 13:47|-rahs----|251696] C:\ntldr

[?|?|?] C:\pagefile.sys

[19/05/2010 13:19|--a------|2618] C:\UsbFix.txt

[?|?|?] D:\pagefile.sys

[?|?|?] F:\pagefile.sys

 

################## | Vaccinação |

 

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# D:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# F:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

# Q:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

 

################## | Upload |

 

Favor enviar o arquivo : C:\UsbFix_Upload_Me_RODRIGO.zip : http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição .

 

################## | ! Fim do relatório # UsbFix V6.114 ! |

 

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:22:05, on 19/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P32 "\\quarto\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "Auto EPSON Stylus C67 Series em quarto" /O17 "\\QUARTO\EPSONSty" /M "Stylus C67"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 8807 bytes

[DigRam 144]

Boa Noite! latos

 

<!> Desinstale: C:\Arquivos de programas\Viewpoint

000000000000000000000

ooooooooooooooooooooo

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- File not found

SRV - (NMIndexingService) -- File not found

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us"

FF - prefs.js..browser.startup.homepage: "http://www.uol.com"

O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Arquivos de programas\AOL Toolbar\aoltb.dll File not found

O3 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.

O3 - HKU\S-1-5-21-746137067-790525478-839522115-1004\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)

O33 - MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\Shell\AutoRun\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

O33 - MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\Shell\open\command - "" = RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F2DF5BA481F01A72

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2

:files

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint

C:\Documents and Settings\All Users\Dados de aplicativos\AOL OCP

C:\Documents and Settings\All Users\Documentos\AOL Downloads

C:\Documents and Settings\Rodrigo\Dados de aplicativos\AOL

C:\Arquivos de programas\AOL Toolbar

C:\Arquivos de programas\Viewpoint

C:\aolconnfix.exe

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"AOL Emergency Connect Utility 1.0"=-

"AOL Toolbar"=-

"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=-

"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=-

"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=-

:services

sptd

:commands

[resethosts]

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-

<@> Poste,também,HijackThis atualizado.

 

Abraços!

[latos 0]

Ola DigRam, muito obrigado pela ajuda que você tem dado! Vou postar os logs logo abaixo, agora só um ponto, depois das ultimas ações sempre que inicio o PC aparece um retangulo preto que em cima esta escrito: c:/windows/system32/inetsrv/aqueue.dll e o computador só segue para a area de trabalho caso se clique embaixo no ok

 

Outra coisa é q na area de trabalho no canto direito ao lado do relogio aparece um icone escrito: "Nao foi possivel conectar todas as areas de rede" algo do tipo. Nao sei se vai desaparecer com o tempo ou oq tem haver, apenas foram as duas coisas q reparei q mudei desde as ultimas acoes;

 

Abaixo os logs:

 

Log OLT

 

 

All processes killed

========== OTL ==========

Error: No service named rpcapd) Remote Packet Capture Protocol v.0 (experimental was found to stop!

Service\Driver key rpcapd) Remote Packet Capture Protocol v.0 (experimental not found.

File File not found not found.

Service NMIndexingService stopped successfully!

Service NMIndexingService deleted successfully!

File File not found not found.

Error: Unable to stop service sptd!

Unable to delete service\driver key sptd.

File move failed. C:\WINDOWS\system32\drivers\sptd.sys scheduled to be moved on reboot.

HKU\S-1-5-21-746137067-790525478-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0e98552-8e47-4c6c-9b3a-11ab0549f94d}\ deleted successfully.

Prefs.js: "AOL Search" removed from browser.search.defaultenginename

Prefs.js: "http://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us" removed from browser.search.defaulturl

Prefs.js: "http://www.uol.com" removed from browser.startup.homepage

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3ef64538-8b54-4573-b48f-4d34b0238ab2}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba00b7b1-0351-477a-b948-23e3ee5a73d4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba00b7b1-0351-477a-b948-23e3ee5a73d4}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.

Registry value HKEY_USERS\S-1-5-21-746137067-790525478-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86255585-9cad-11de-b807-0011d8be390e}\ not found.

File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{86255585-9cad-11de-b807-0011d8be390e}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86255585-9cad-11de-b807-0011d8be390e}\ not found.

File C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

ADS C:\WINDOWS:F2DF5BA481F01A72 deleted successfully.

ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2 deleted successfully.

========== FILES ==========

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\ACSD\Win32\4.9.12.4 folder moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\ACSD\Win32 folder moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\ACSD folder moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL folder moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL\AOLDiag folder moved successfully.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\AOL folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\UberUninstaller\Win32\1.1.117.1 folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\UberUninstaller\Win32 folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL\UberUninstaller folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL\AOLDiag\AOL folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL\AOLDiag folder moved successfully.

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\AOL folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads\waol_single\4337.185.4.1 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads\waol_single folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads\Rsm folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Downloads folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US\ui folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US\ticker folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US\rss folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US\local folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US\buttons folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources\en-US folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar\resources folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar\ieToolbar folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL Toolbar folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Media Player folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint folder moved successfully.

C:\Documents and Settings\All Users\Dados de aplicativos\AOL OCP folder moved successfully.

C:\Documents and Settings\All Users\Documentos\AOL Downloads folder moved successfully.

C:\Documents and Settings\Rodrigo\Dados de aplicativos\AOL folder moved successfully.

File\Folder C:\Arquivos de programas\AOL Toolbar not found.

File\Folder C:\Arquivos de programas\Viewpoint not found.

C:\aolconnfix.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AOL Emergency Connect Utility 1.0 not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\AOL Toolbar not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160020} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160020}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160050} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160050}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{3248F0A8-6813-11D6-A77B-00B0D0160070} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3248F0A8-6813-11D6-A77B-00B0D0160070}\ not found.

========== SERVICES/DRIVERS ==========

Error: Unable to stop service sptd!

Unable to delete service\driver key sptd.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYFLASH]

 

User: All Users

->Flash cache emptied: 43 bytes

 

User: Default User

 

User: LocalService

 

User: NetworkService

 

User: Rodrigo

->Flash cache emptied: 44695 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: All Users

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33038 bytes

 

User: NetworkService

->Temp folder emptied: 741680 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Rodrigo

->Temp folder emptied: 321077650 bytes

->Temporary Internet Files folder emptied: 5156635 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 85863231 bytes

->Google Chrome cache emptied: 168083736 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1303335 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 555,00 mb

 

 

OTL by OldTimer - Version 3.2.4.1 log created on 05202010_005930

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\system32\drivers\sptd.sys scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

 

Log do HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:10:17, on 20/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

D:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\ARQUIV~1\AVG\AVG8\avgtray.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe

D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O1 - Hosts: ÿþ127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [\\quarto\EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P32 "\\quarto\EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"

O4 - HKLM\..\Run: [Auto EPSON Stylus C67 Series em quarto] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P38 "Auto EPSON Stylus C67 Series em quarto" /O17 "\\QUARTO\EPSONSty" /M "Stylus C67"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 9618 bytes

[DigRam 144]

Bom Dia! latos

 

Ola DigRam, muito obrigado pela ajuda que você tem dado! Vou postar os logs logo abaixo, agora só um ponto, depois das ultimas ações sempre que inicio o PC aparece um retangulo preto que em cima esta escrito: c:/windows/system32/inetsrv/aqueue.dll e o computador só segue para a area de trabalho caso se clique embaixo no ok

 

Outra coisa é q na area de trabalho no canto direito ao lado do relogio aparece um icone escrito: "Nao foi possivel conectar todas as areas de rede" algo do tipo. Nao sei se vai desaparecer com o tempo ou oq tem haver, apenas foram as duas coisas q reparei q mudei desde as ultimas acoes;

<!> De certo,ocorreu a supressão de arquivos fundamentais ao Windows.

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < Dial-a-fix >

<@> Tire-o do zip!

<@> Clique em Policies...

<@> Ps: Encontrando políticas restritivas,pode removê-las deixando o campo vazio.

<@> À seguir,clique em "Tools". ( Ícone do martelo )

<@> Clique simples,em SFC purge --> Clique em "GO" --> Aguarde!

<@> Ao concluir,selecione "SFC scan". <-- Clique simples!

<@> Insira no drive de "CD-ROM,RW",sua mídia de instalação do Windows XP.

<@> Clique em "GO" --> Aguarde sua finalização,que é demorada!

<@> Concluindo,vá em Iniciar --> Executar --> Digite ou cole: chkdsk /r /p --> Aperte Enter! --> Aguarde!

<@> Concluindo,digite no Executar: chkdsk /p --> Aperte Enter!

<@> Aguarde a conclusão dessa "verificação adicional.." ou "recuperação".

00000000000000000000

<!> Poste: OTL.txt,obtido em seu scan resumido.

 

Abraços!

[latos 0]

Ola DigRam tudo bom? Comecei a fazer o passo-a-passo dado só que tive um problema, nao consegui achar de jeito nenhum meu cd de instalacao do XP. Nao sei se perdi ou oq pode ter acontecido com ele...

 

Existe alguma outra maneira para tentar conseguir corrigir esse problema??

[DigRam 144]

Ola DigRam tudo bom? Comecei a fazer o passo-a-passo dado só que tive um problema, nao consegui achar de jeito nenhum meu cd de instalacao do XP. Nao sei se perdi ou oq pode ter acontecido com ele...

 

Existe alguma outra maneira para tentar conseguir corrigir esse problema??

/////////\\\\\\\\\\

Opa! latos

 

<!> O CD-ROM seria fundamental! Mas...você poderia buscar um Ponto de restauração,em data anterior ao problema surgido.

 

Abraços!

[latos 0]

Vlw pela ajuda DigRam, pior q acho q nao tenho um ponto de restauracao de data anterior. Vou ver aqui oq faço. O Computador deu uma melhorada, vlw. Sera que voce teria alguma outra sugestao?

[DigRam 144]

Vlw pela ajuda DigRam, pior q acho q nao tenho um ponto de restauracao de data anterior. Vou ver aqui oq faço. O Computador deu uma melhorada, vlw. Sera que voce teria alguma outra sugestao?

Opa! latos

 

<!> Poderão ser inócuas,sem promoverem o devido reparo!

<!> Verifique se existe,em sua máquina,o arquivo: c:/windows/system32/inetsrv/aqueue.dll <--

00000000000000000000000

ooooooooooooooooooooooo

<@> Baixe: < > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

[latos 0]

Boa Noite DigRam, abaixo seguem os logs, abraço!

 

ComboFix

 

ComboFix 10-05-23.05 - Rodrigo 23/05/2010 20:43:41.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.120 [GMT -3:00]

Executando de: d:\arquivos de programas\Arquivos de Sistema Usuario\Desktop\ComboFix.exe

AV: AVG Anti-Virus SBS Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

ADS - WINDOWS: deleted 24 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.exe

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-23 to 2010-05-23 ))))))))))))))))))))))))))))

.

 

2010-05-19 16:19 . 2010-05-19 16:19 1579 ----a-w- C:\UsbFix_Upload_Me_RODRIGO.zip

2010-05-18 20:09 . 2010-05-19 16:19 -------- d-----w- C:\UsbFix

2010-05-18 20:07 . 2010-05-18 20:07 1790620 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-05-17 14:04 . 2010-05-17 14:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\NVIDIA

2010-05-09 19:33 . 2010-05-09 19:33 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Software Update Utility

2010-05-01 22:07 . 2010-03-29 12:59 52224 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-05-01 22:07 . 2010-03-29 12:59 101376 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-04-26 02:07 . 2010-05-23 22:42 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers

2010-04-26 02:06 . 2010-04-26 02:06 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-04-26 02:06 . 2010-05-23 22:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-23 22:16 . 2008-06-06 14:30 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\uTorrent

2010-05-17 16:04 . 2009-08-16 23:11 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-12 14:21 . 2009-10-02 16:00 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-09 19:23 . 2008-06-06 13:42 335 ----a-w- c:\windows\nsreg.dat

2010-05-04 20:34 . 2009-04-30 16:57 -------- d-----w- c:\arquivos de programas\abgx360

2010-04-29 18:39 . 2009-08-16 23:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-16 23:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-27 18:34 . 2008-06-12 02:58 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\LimeWire

2010-04-23 07:34 . 2008-06-06 14:08 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\SopCast

2010-04-20 04:21 . 2010-04-20 03:50 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-20 03:50 . 2008-06-03 17:06 -------- d-----w- c:\arquivos de programas\Java

2010-04-20 03:15 . 2010-04-20 03:15 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\VitySoft

2010-03-30 20:41 . 2010-03-30 20:41 61440 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6c4ec41c-n\decora-sse.dll

2010-03-30 20:41 . 2010-03-30 20:41 503808 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13a67292-n\msvcp71.dll

2010-03-30 20:41 . 2010-03-30 20:41 499712 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13a67292-n\jmc.dll

2010-03-30 20:41 . 2010-03-30 20:41 348160 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-13a67292-n\msvcr71.dll

2010-03-30 20:41 . 2010-03-30 20:41 12800 ----a-w- c:\documents and settings\Rodrigo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6c4ec41c-n\decora-d3d.dll

2010-03-30 20:40 . 2008-06-03 17:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-03-26 20:44 . 2009-03-27 06:43 -------- d-----w- c:\documents and settings\Rodrigo\Dados de aplicativos\DivX

2010-03-23 14:54 . 2010-03-23 14:54 499712 ----a-w- c:\windows\system32\MSVCP71.dll

2010-03-23 14:54 . 2010-03-23 14:54 348160 ----a-w- c:\windows\system32\MSVCR71.dll

2010-03-14 18:00 . 2010-03-26 20:46 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2010-03-10 06:16 . 2004-08-04 03:45 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:17 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2004-08-04 02:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 20:57 . 2001-10-28 12:07 81204 ----a-w- c:\windows\system32\perfc016.dat

2010-02-23 20:57 . 2001-10-28 12:07 476232 ----a-w- c:\windows\system32\perfh016.dat

2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

2009-08-08 15:01 . 2009-08-07 23:27 3508256 --sha-w- c:\windows\system32\drivers\fidbox.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-06-02 16:38 1004800 ----a-w- c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

 

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="c:\documents and settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-10-09 133104]

"WMPNSCFG"="c:\arquivos de programas\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]

"nwiz"="nwiz.exe" [2006-10-22 1622016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]

"LifeCam"="c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]

"QuickTime Task"="c:\arquivos de programas\QuickTime\qttask.exe" [2009-01-05 413696]

"iTunesHelper"="d:\arquivos de programas\iTunes\iTunesHelper.exe" [2009-01-06 290088]

"AVG8_TRAY"="c:\arquiv~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"CloneCDTray"="d:\arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

 

c:\documents and settings\Rodrigo\Menu Iniciar\Programas\Inicializar\

LimeWire On Startup.lnk - d:\arquivos de programas\LimeWire\LimeWire.exe [2009-9-30 503808]

 

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

VIA RAID TOOL.lnk - c:\arquivos de programas\VIA\RAID\raid_tool.exe [2008-6-3 565248]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-30 17:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-02 18:05 40368 ----a-w- c:\arquivos de programas\Adobe\Reader 8.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]

2007-04-10 21:46 709992 ----a-r- c:\windows\vVX1000.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 22:20 866584 ----a-w- c:\arquivos de programas\Windows Defender\MSASCui.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"d:\\Arquivos de programas\\eMule\\emule.exe"=

"d:\\Arquivos de programas\\Utorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

"d:\\Arquivos de programas\\The 7 Deadly Sins\\mirc.exe"=

"d:\\Arquivos de programas\\LimeWire\\LimeWire.exe"=

"d:\\Arquivos de programas\\iTunes\\iTunes.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"d:\\Arquivos de programas\\Championship Manager 01-02\\cm0102.exe"=

"d:\\Arquivos de programas\\TVersity\\Media Server\\MediaServer.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgam.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Arquivos de programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Opera\\opera.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"d:\\Arquivos de programas\\Arquivos de Sistema Usuario\\Desktop\\Utorrent.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=

"d:\\Arquivos de programas\\SopCast\\SopCast.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"32459:TCP"= 32459:TCP:Utorrent

"863:UDP"= 863:UDP:msnmsgr

 

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [21/4/2009 16:52 12552]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/6/2008 14:17 77312]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/4/2009 16:52 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/4/2009 16:52 108552]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\AVG\AVG8\avgwdsvc.exe [21/4/2009 16:51 297752]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20/10/2009 15:19 50704]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17/6/2008 22:53 682232]

S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [3/6/2008 14:16 176256]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2008-06-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job

- c:\arquivos de programas\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

 

2010-05-23 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

 

2010-05-23 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 18:07]

.

.

------- Scan Suplementar -------

.

uStart Page =

uInternet Settings,ProxyOverride = local

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Free YouTube Download - c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\documents and settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

TCP: {34B683CA-40ED-44FC-9060-BDC42B7BEA14} = 200.162.196.29,192.168.0.1

TCP: {C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5} = 201.6.0.113,192.168.0.1

FF - ProfilePath - c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: keyword.URL - hxxp://br.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_br&p=

FF - component: c:\arquivos de programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

FF - component: c:\documents and settings\Rodrigo\Dados de aplicativos\Mozilla\Firefox\Profiles\49kicd7x.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}\components\GbMzhAbn.dll

FF - plugin: c:\arquivos de programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\arquivos de programas\Opera\program\plugins\NPMetaStream3.dll

FF - plugin: c:\arquivos de programas\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\Opera\program\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Opera\program\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: d:\arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: d:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKLM-Run-\\quarto\EPSON Stylus C67 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

HKLM-Run-Auto EPSON Stylus C67 Series em quarto - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE

AddRemove-AOL Emergency Connect Utility 1.0 - c:\arquivos de programas\Arquivos comuns\AOL\ECU\uninst.exe

AddRemove-AOL Toolbar - c:\arquivos de programas\AOL Toolbar\uninstall.exe

AddRemove-ViewpointMediaPlayer - c:\arquivos de programas\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-23 20:49

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-05-23 20:52:17

ComboFix-quarantined-files.txt 2010-05-23 23:52

ComboFix2.txt 2009-09-17 04:56

ComboFix3.txt 2009-08-10 17:31

 

Pré-execução: 9 pasta(s) 13.938.065.408 bytes disponíveis

Pós execução: 11 pasta(s) 13.921.501.184 bytes disponíveis

 

- - End Of File - - 756027BB60495D5EF82C092E3367559B

 

 

 

HiJackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:58:34, on 23/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Microsoft LifeCam\MSCamS32.exe

d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

D:\Arquivos de programas\iTunes\iTunesHelper.exe

D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\VIA\RAID\raid_tool.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Microsoft\Office Live\OfficeLiveSignIn.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG8\avgssie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Arquivos de programas\AVG\AVG8\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [LifeCam] "C:\Arquivos de programas\Microsoft LifeCam\LifeExp.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "D:\Arquivos de programas\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CloneCDTray] "D:\Arquivos de programas\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigo\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Arquivos de programas\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LimeWire On Startup.lnk = D:\Arquivos de programas\LimeWire\LimeWire.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubedownload.htm

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\Rodrigo\Dados de aplicativos\DVDVideoSoftIEHelpers\youtubetomp3.htm

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212518391921

O17 - HKLM\System\CCS\Services\Tcpip\..\{34B683CA-40ED-44FC-9060-BDC42B7BEA14}: NameServer = 200.162.196.29,192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{C2E9EDA1-AA1C-4201-BEE6-7EA229DCD9B5}: NameServer = 201.6.0.113,192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMSAccessU - Unknown owner - d:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TVersityMediaServer - Unknown owner - D:\Arquivos de programas\TVersity\Media Server\MediaServer.exe

 

--

End of file - 8644 bytes

[DigRam 144]

Boa Noite! latos

 

<@> Baixe: < SystemLook > ( ...by jpshortstuff )

<@> Salve-o no desktop.

<@> Execute SystemLook.exe e,no campo,cole estas informações:

 

:filefindaqueue.dll

<@> Clique,à seguir,em Look --> Aguarde!

<@> Terminando,clique em Exit.

<@> Poste o relatório: SystemLook.txt <--

000000000000000000000000

oooooooooooooooooooooooo

<@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

< >

 

<@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou,vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

000000000000000000000000

oooooooooooooooooooooooo

<@> Baixe: < Runscanner v. 1.9.0.9 >

 

<1> Ou..< Download zip file > <-- Descompacte-o!

 

<2> Ou..< Download executable >

 

<@> Salve-o no Disco local(C) ou desktop.

<@> Descompacte-o e reserve o executável. ( RunScanner.exe )

<@> Abra o programa e,com o botão Expert mode já marcado,clique Ok.

<@> Feche todas as janelas/programas,antes de executar este utilitário.

<@> Rode-o,clicando em Scan computer. --> Aguarde!

<@> Concluindo,salve o relatório como Arquivo RUN.

<@> Clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho.

<@> Ps: Vá,agora,à este endereço: < UPLOAD to MediaFire >

<@> Faça upload do runscanner.run,que está no desktop,para este local. <-- MediaFire!

<@> Ps: Caso queira,pode hospedá-lo no site de sua preferência.

<@> Ps: Copie e cole o endereço,que lhe será fornecido,para este Tópico.

 

Abraços!

[latos 0]

Ola DigRam, entao o programa que você recomendou o FileLook da a seguinte mensagem:

 

This tool has been deprecated in favour of SystemLook.

 

If you were advised to run this by a forum helper please inform them.

[DigRam 144]

Ola DigRam, entao o programa que você recomendou o FileLook da a seguinte mensagem:

 

This tool has been deprecated in favour of SystemLook.

 

If you were advised to run this by a forum helper please inform them.

/////////\\\\\\\\\\

Opa! latos

 

<!> Verificou se existe o arquivo: aqueue.dll

<!> Localizado aqui: c:/windows/system32/inetsrv <--

00000000000000000000

<!> Siga,portanto,com os outros procedimentos!

 

Abraços!