Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

esdrasyave

[Arquivado] Virus - PC nao desliga e Combofix nao funciona

Recommended Posts

Foi dps q eu colokei meu pen drive num pc da faculdade, e acho q isso comtaminou o meu PC.

Tento executar o combofix e nao acontece nada, nem o PC tb desliga qd coloco pra desligar.

No menu iniciar qd tento abrir os programas, na verdade o q abre são os diretorios onde estao instalados os programas e nao consigo restaurar o sistema pois essa opção nao ta no PC me ajudem. Obrigado.

Ai vai o relatorio do HJack.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:43, on 11/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\msiexec.exe

c:\cc9c4f68ee2f300ab00cbff2dd\HotFixInstaller.exe

c:\WINDOWS\system32\MsiExec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Qbyrd Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [box services] C:\WINDOWS\system32\wmdir\svwhost.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

O4 - HKCU\..\Run: [box services] C:\WINDOWS\system32\wmdir\svwhost.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 189.40.224.5 189.38.95.95

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 12510 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! esdrasyave

 

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

 

C:\WINDOWS\system32\wmdir\svwhost.exe

<!> Em Modo Seguro,delete estes ficheiros em destaque.

00000000000000000000

oooooooooooooooooooo

O4 - HKLM\..\Run: [box services] C:\WINDOWS\system32\wmdir\svwhost.exeO4 - HKLM\..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXeO4 - HKCU\..\Run: [box services] C:\WINDOWS\system32\wmdir\svwhost.exe

<!> Com o HijackThis,dê Fix nestas entradas. <-- Se possível,em Modo Seguro!

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < Malwarebytes' Anti-Malware >

 

<@> Link - 2: < marcinsig.gif >

 

<@> Ps: Salve ou imprima estas instruções:

 

- Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.

- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas.

- Clique,à seguir,em Concluir.

- Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas.

- Ao final da atualização,com o programa aberto, marque: Verificação Rápida

- Clique no botão Verificar.

- Começará então o exame. -> Aguarde,pois pode demorar!

- Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório.

- Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover".

- Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório.

- Ps: O log será armazenado,automáticamente,pela ferramenta.

- Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa.

<@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez!

<@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar.

0000000000000000000

<!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta.

<!> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROCEDIMENTO FEITO

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 4195

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

13/6/2010 19:40:03

mbam-log-2010-06-13 (19-40-03).txt

 

Tipo de Verificação: Verificação Rápida

Objetos escaneados: 138246

Tempo decorrido: 17 minuto(s), 37 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:41:57, on 13/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Qbyrd Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD1.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 189.40.224.5 189.38.95.95

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 12498 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! esdrasyave

 

<!> Siga,na ordem,estes procedimentos: ToolBar S&D :seta: OTL

00000000000000000

<@> Baixe: < ToolBar S&D >

<@> Salve-o no Disco Local-C,em uma pasta própria.

<@> Reinicie o computador,em Modo de Segurança. <-- Importante!

<@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok.

<@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

<@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) <--

00000000000000000

ooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < otlDesktopIcon.png >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extras.txt <--

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : lan-04 ( Administrator )

BOOT : Fail-safe with network boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090416-0] 4.8.1335 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:7 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)

F:\ (Local Disk) - FAT32 - Total:18 Go (Free:1 Go)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( qui 16/04/2009|19:27 )

C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

 

-----------\\ REMOVIDOS

 

Deletado! - C:\Arquivos de programas\AskBarDis\bar

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.dat

Deletado! - C:\Arquivos de programas\AskBarDis\unins000.exe

Deletado! - C:\Arquivos de programas\AskSBar\bar

Deletado! - C:\Arquivos de programas\AskTBar\bar

Deletado! - C:\Arquivos de programas\AskTBar\SrchAstt

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio\dinstallhelper.8AACB8EC3EB44DD7AF111D56BE8DEF73.dll

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio\kb127

Deletado! - C:\Arquivos de programas\Dealio\DealioAU.exe

Deletado! - C:\Arquivos de programas\Dealio\kb127

Deletado! - C:\Arquivos de programas\Dealio\SearchSettingsKit.exe

Deletado! - C:\DOCUME~1\ALLUSE~1\MENUIN~1\PROGRA~1\Dealio

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Search Settings\kb127

Deletado! - C:\Arquivos de programas\Search Settings\kb127

Deletado! - C:\Arquivos de programas\Search Settings\SearchSettings.exe

Deletado! - C:\Arquivos de programas\Mozilla Firefox\plugins\NPAskSBr.dll

Deletado! - C:\Arquivos de programas\AskBarDis

Deletado! - C:\Arquivos de programas\AskSBar

Deletado! - C:\Arquivos de programas\AskTBar

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio

Deletado! - C:\Arquivos de programas\Dealio

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Search Settings

Deletado! - C:\Arquivos de programas\Search Settings

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(lan-04) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload

(lan-04) - {5e594888-3e8e-47da-b2c6-b0b545112f84} => saveimageinfolder

(lan-04) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.orkut.com/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.google.com/ie"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\lan-04\Dados de aplicativos\uTorrent\Total Video Converter 3.11+crack.rar.torrent

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 16/04/2009|19:29 - Option : [2]

 

 

 

-----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3

X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : lan-04 ( Administrator )

BOOT : Fail-safe with network boot

Antivirus : ESET Smart Security 4.0 4.0 (Activated)

Firewall : Firewall pessoal do ESET 4.0.437.0 (Activated)

C:\ (Local Disk) - NTFS - Total:74 Go (Free:4 Go)

D:\ (CD or DVD)

E:\ (Local Disk) - NTFS - Total:19 Go (Free:0 Go)

F:\ (Local Disk) - FAT32 - Total:18 Go (Free:0 Go)

G:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( qui 17/06/2010|21:34 )

C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsl2564.tmp

C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsr2561.tmp

C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsv2563.tmp

C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsw2565.tmp

 

-----------\\ REMOVIDOS

 

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio\dinstallhelper.53207F91CAEB4FC7B2AA0C2C7D71BA0B.dll

Deletado! - C:\Arquivos de programas\DAEMON Tools Toolbar\DTToolbar.dll

Deletado! - C:\Arquivos de programas\DAEMON Tools Toolbar\Resources

Deletado! - C:\Arquivos de programas\DAEMON Tools Toolbar\uninst.exe

Deletado! - C:\Arquivos de programas\DAEMON Tools Toolbar\_DTLite.xml

Deletado! - C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsl2564.tmp

Deletado! - C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsr2561.tmp

Deletado! - C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsv2563.tmp

Deletado! - C:\DOCUME~1\lan-04\CONFIG~1\Temp\nsw2565.tmp

Deletado! - C:\DOCUME~1\lan-04\DADOSD~1\Dealio

Deletado! - C:\Arquivos de programas\DAEMON Tools Toolbar

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ Extensions

 

(lan-04) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user

(lan-04) - {37E4D8EA-8BDA-4831-8EA1-89053939A250} => pdfdownload

(lan-04) - {5C46D283-ABDE-4dce-B83C-08881401921C} => googleshortcuts

(lan-04) - {5e594888-3e8e-47da-b2c6-b0b545112f84} => saveimageinfolder

(lan-04) - {87F8774F-B485-47E2-A755-A40A8A5E886C} => gbmzhbb

(lan-04) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} => mybabylon_english

(lan-04) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

(lan-04) - {c50ca3c4-5656-43c2-a061-13e717f73fc8} => fvd

(lan-04) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} => dvdvideosoft

(lan-04) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.orkut.com/"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.google.com/ie"

"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

"Start Page Redirect Cache"="http://br.msn.com/?ocid=iehp"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\WINDOWS\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"

 

 

--------------------\\ Procurando por outras infecções

 

--------------------\\ Cracks & Keygens ..

 

C:\DOCUME~1\lan-04\Dados de aplicativos\uTorrent\Total Video Converter 3.11+crack.rar.torrent

C:\DOCUME~1\lan-04\Meus documentos\Downloads\7_Sins_Crack.rar

 

 

 

1 - "C:\ToolBar SD\TB_1.txt" - qui 16/04/2009|19:29 - Option : [2]

2 - "C:\ToolBar SD\TB_2.txt" - qui 17/06/2010|21:37 - Option : [2]

 

 

OTL logfile created on: 17/6/2010 21:42:10 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\lan-04\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

990,00 Mb Total Physical Memory | 680,00 Mb Available Physical Memory | 69,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 97,00% Paging File free

Paging file location(s): C:\pagefile.sys 3950 3950 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,53 Gb Total Space | 4,13 Gb Free Space | 5,54% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 19,09 Gb Total Space | 0,14 Gb Free Space | 0,75% Space Free | Partition Type: NTFS

Drive F: | 18,21 Gb Total Space | 0,65 Gb Free Space | 3,56% Space Free | Partition Type: FAT32

Drive G: | 11,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BEGA-4078FCC43

Current User Name: lan-04

Logged in as Administrator.

 

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\lan-04\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe ()

PRC - C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\lan-04\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (getPlusHelper) getPlus® -- C:\Arquivos de programas\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - (a2free) -- C:\Arquivos de programas\a-squared Free\a2service.exe (Emsi Software GmbH)

SRV - (SeaPort) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (EhttpSrv) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (Macromedia Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe ()

SRV - (MSDTC) -- C:\WINDOWS\system32\msdtc [2008/06/06 09:56:35 | 000,000,000 | ---D | M]

SRV - (FirebirdServerDefaultInstance) -- C:\AdmIg\Firebird\bin\fbserver.exe (Firebird Project)

SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (ScReadSpool) -- C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe (VoyagerSoft, LLC)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\System32\HPZipm12.exe (HP)

SRV - (btwdins) -- C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe (WIDCOMM, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (epfwtdi) -- C:\WINDOWS\System32\DRIVERS\epfwtdi.sys (ESET)

DRV - (Epfwndis) -- C:\WINDOWS\System32\DRIVERS\Epfwndis.sys (ESET)

DRV - (epfw) -- C:\WINDOWS\System32\DRIVERS\epfw.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys (ESET)

DRV - (eamon) -- C:\WINDOWS\System32\DRIVERS\eamon.sys (ESET)

DRV - (cpuz132) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys (Windows ® Codename Longhorn DDK provider)

DRV - (KLIF) -- C:\WINDOWS\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (AnyDVD) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)

DRV - (ElbyCDIO) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)

DRV - (is-VD0FUdrv) -- C:\WINDOWS\System32\DRIVERS\27206467.sys (Kaspersky Lab)

DRV - (is-UEHSSdrv) -- C:\WINDOWS\System32\DRIVERS\99758160.sys (Kaspersky Lab)

DRV - (is-QR2A2drv) -- C:\WINDOWS\System32\DRIVERS\17601523.sys (Kaspersky Lab)

DRV - (is-D8KDBdrv) -- C:\WINDOWS\System32\DRIVERS\98782068.sys (Kaspersky Lab)

DRV - (is-A7UA6drv) -- C:\WINDOWS\System32\DRIVERS\47000877.sys (Kaspersky Lab)

DRV - (gameenum) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)

DRV - (hwdatacard) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (AtcL002) -- C:\WINDOWS\System32\DRIVERS\l251x86.sys (Atheros Communications)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (motmodem) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)

DRV - (smserial) -- C:\WINDOWS\System32\DRIVERS\smserial.sys (Motorola Inc.)

DRV - (ialm) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys (Intel Corporation)

DRV - (nv) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)

DRV - (cmpci) C-Media PCI Audio Driver (WDM) -- C:\WINDOWS\System32\drivers\cmaudio.sys (C-Media Inc)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)

DRV - (ElbyDelay) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)

DRV - (HdAudAddService) -- C:\WINDOWS\System32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)

DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)

DRV - (ndiscm) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys (Motorola Inc.)

DRV - (MTsensor) -- C:\WINDOWS\System32\DRIVERS\ASACPI.sys ()

DRV - (BTSERIAL) -- C:\WINDOWS\System32\drivers\btserial.sys ()

DRV - (BTSLBCSP) -- C:\WINDOWS\System32\drivers\btslbcsp.sys (WIDCOMM, Inc.)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 ED EF 06 57 7F CA 01 [binary data]

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Qbyrd"

FF - prefs.js..browser.search.defaultenginename: "Qbyrd"

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.order.1: "Qbyrd"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.orkut.com"

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1

FF - prefs.js..extensions.enabledItems: 6

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 44

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0

FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1

FF - prefs.js..extensions.enabledItems: {5e594888-3e8e-47da-b2c6-b0b545112f84}:1.3.1

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: pt-BR@dellalibera.sf.net:1.4

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4

FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.0.5

FF - prefs.js..keyword.URL: "http://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/05/01 16:18:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/04/03 10:16:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/08/27 00:06:00 | 000,000,000 | ---D | M]

 

[2008/08/31 22:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Extensions

[2010/06/16 21:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions

[2010/05/18 12:06:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/10/29 20:27:49 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2010/05/18 12:06:50 | 000,000,000 | ---D | M] (Google Shortcuts) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}

[2010/03/07 14:18:08 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}

[2010/05/18 12:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2010/05/18 12:07:04 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}

[2010/05/01 16:19:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/17 13:44:30 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

[2009/09/10 06:52:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

[2009/12/21 11:48:13 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}

[2009/03/26 21:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2010/01/23 21:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\DTToolbar@toolbarnet.com

[2010/03/07 14:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\pt-BR@dellalibera.sf.net

[2010/05/01 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\toolbar@ask.com

[2009/11/10 12:31:01 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\FireFox\Profiles\5hnkqff0.default\searchplugins\bing.xml

[2009/12/21 17:28:15 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\FireFox\Profiles\5hnkqff0.default\searchplugins\conduit.xml

[2009/09/03 00:10:18 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\FireFox\Profiles\5hnkqff0.default\searchplugins\daemon-search.xml

[2010/05/01 16:19:35 | 000,008,820 | ---- | M] () -- C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\FireFox\Profiles\5hnkqff0.default\searchplugins\qbyrd.xml

[2010/06/16 18:20:46 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2008/09/03 21:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

[2009/03/29 06:09:14 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2007/12/17 14:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

[2010/01/15 22:18:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2010/01/15 22:18:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2010/01/15 22:18:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/01/15 22:18:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2009/08/01 16:49:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Solid Converter PDF) - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll (VoyagerSoft, LLC)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Barra de Ferramentas do Yahoo!) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O3 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O3 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe ()

O4 - HKLM..\Run: [egui] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)

O4 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003..\Run: [bitTorrent] C:\Arquivos de programas\BitTorrent\bittorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe (Nero AG / Nero Inc.)

O4 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O8 - Extra context menu item: Translate with &Babylon - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm ()

O15 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..Trusted Domains: ufc.br ([www.sofia] https in Trusted sites)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://127.0.0.1:9070/etc/var/TVUAx.cab (CTVUAxCtrl Object)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812 (MUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (Reg Error: Key error.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/06/06 10:03:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/07/29 13:32:21 | 000,000,510 | ---- | M] () - C:\autorun.MSNFix -- [ NTFS ]

O32 - AutoRun File - [2005/05/08 00:41:58 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/07/24 18:35:24 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\AutoRun\command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\explore\Command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\open\Command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/06 10:02:03 | 000,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk - C:\ARQUIV~1\ARQUIV~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk - C:\ARQUIV~1\SOFTWA~1\BLUETO~1\BTTray.exe - (WIDCOMM, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk - C:\ARQUIV~1\OIINTE~1\DiscaOi.exe - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk - C:\ARQUIV~1\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk - - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk - - File not found

MsConfig - StartUpReg: Ask and Record FLV Service - hkey= - key= - C:\Arquivos de programas\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

MsConfig - StartUpReg: Babylon Client - hkey= - key= - C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)

MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found

MsConfig - StartUpReg: C-Media Mixer - hkey= - key= - C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig - StartUpReg: eMule Acceleration Patch - hkey= - key= - C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk ()

MsConfig - StartUpReg: Google Quick Search Box - hkey= - key= - C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig - StartUpReg: High Definition Audio Property Page Shortcut - hkey= - key= - File not found

MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Arquivos de programas\Messenger\msmsgs.exe (Microsoft Corporation)

MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)

MsConfig - StartUpReg: Nero PhotoShow Media Manager - hkey= - key= - C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe (Nero AG / Nero Inc.)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Arquivos de programas\uTorrent\uTorrent.exe (BitTorrent, Inc.)

MsConfig - StartUpReg: VTTimer - hkey= - key= - File not found

MsConfig - StartUpReg: VTTrayp - hkey= - key= - File not found

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - Service

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {3F31F3B5-C1FF-3708-8611-869DE39C0CB6} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

Drivers32: msacm.iac2 - C:\\WINDOWS\\system32\\iac25_32.ax ()

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.voxacm160 - vct3216.acm File not found

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.DRAW - DVIDEO.DLL File not found

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ffdshow.ax ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

Drivers32: vidc.mp42 - MPG4C32.dll File not found

Drivers32: VIDC.MSUD - msulvc05.dll File not found

Drivers32: VIDC.VP40 - vp4vfw.dll File not found

Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)

Drivers32: vidc.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

Drivers32: vidc.X264 - C:\WINDOWS\System32\x264vfw.dll ()

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Error starting restore point: The function was called in safe mode.

Error closing restore point: The sequence number is invalid.

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/06/17 21:30:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\lan-04\Recent

[2010/06/16 22:55:49 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lan-04\Desktop\OTL.exe

[2010/06/16 22:55:13 | 000,000,000 | ---D | C] -- C:\Toll Bar

[2010/06/13 19:21:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\lan-04\Desktop\backups

[2010/06/12 20:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lan-04\Dados de aplicativos\PriceGong

[2010/06/11 19:53:43 | 000,000,000 | ---D | C] -- C:\cc9c4f68ee2f300ab00cbff2dd

[2010/06/11 18:06:31 | 000,000,000 | ---D | C] -- C:\d1cc57b52de34df7644a

[2010/06/11 17:59:49 | 000,000,000 | ---D | C] -- C:\Pen drive

[2010/06/11 17:57:24 | 000,000,000 | ---D | C] -- C:\327882R2FWJFW

[2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[26 C:\Documents and Settings\lan-04\Meus documentos\*.tmp files -> C:\Documents and Settings\lan-04\Meus documentos\*.tmp -> ]

 

========== Files - Modified Within 14 Days ==========

 

[2010/06/17 21:36:43 | 000,583,946 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010/06/17 21:36:43 | 000,544,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/17 21:36:43 | 000,113,906 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010/06/17 21:36:43 | 000,098,876 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/17 21:36:42 | 001,358,370 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/17 21:33:16 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\lan-04\Desktop\~$TIVIRUS.doc

[2010/06/17 21:32:40 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/17 21:32:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/17 21:31:35 | 062,357,984 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx

[2010/06/17 21:31:33 | 4294,966,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat

[2010/06/17 21:30:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/17 21:30:46 | 019,136,512 | ---- | M] () -- C:\Documents and Settings\lan-04\ntuser.dat

[2010/06/17 21:30:46 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\lan-04\ntuser.ini

[2010/06/17 21:28:53 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\lan-04\Desktop\ANTIVIRUS.doc

[2010/06/17 21:03:06 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/17 21:01:02 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/06/17 20:33:38 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/16 22:56:32 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lan-04\Desktop\OTL.exe

[2010/06/16 21:18:40 | 001,009,206 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\Cópia de DSC02692.JPG

[2010/06/15 21:46:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/06/15 20:46:21 | 000,034,430 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAK33chIdf1_294b70k3AfAtfDl6ePb1TCQR0qPIn0Mw8Ca2Ecq8XyIRJBZVCTDEcQyffiXAPNZBjGkPAN_2FVI4Am1T1UMu4g77aQ7Zau5ExoN48TVPt7k45.jpg

[2010/06/15 20:27:17 | 000,073,225 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAC0uQyrToeGeZhe4ggHs9PmeY0AhTPsuvejoCojlmK-NisJjt6y61xQWNosP5KOJi_YMddoTMmnXkICgx8qjjAoAm1T1UHyzm6s7Kt-oczBq64xDBnk0OYQ9.jpg

[2010/06/15 13:19:22 | 006,943,270 | -H-- | M] () -- C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\IconCache.db

[2010/06/13 17:22:22 | 000,005,460 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\euu2.jpg

[2010/06/13 13:50:04 | 000,065,361 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAIQMyzHZ0A-3oijgbbmI82KrcPFKWeWp8eROeDLZLzcxVdfjUczMZ6-QhUyNwVF6Jfiz3-6JGpXZzM5LdOG47IIAm1T1UMTcUs8iqdnKPyyQ2mpOGu_F0NE5.jpg

[2010/06/11 17:32:38 | 000,319,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/08 21:58:01 | 000,061,332 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAM4sX1VozintK3lhWy_Py0UcNqcTPnfR-vcjYh6v3eVKQhsdNt5S4Hp-fOwkS0W9HuKZxJKr7N4sKd1g-54ezSsAm1T1UEYZJciHm6vvxg-TtEH0PKWH5xFg.jpg

[2010/06/08 21:51:47 | 000,043,684 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAK_Lk0n73-khrBHbiWnH_h_X_A04oxTMt5weJnciNOo_m1kyQ8KKxPWEMm1zwXntCSe1KpX7-QzcG3dHxbXv-r8Am1T1UBUKnsseRgB4drxyDO-YU6CcM0L7.jpg

[2010/06/08 21:12:20 | 000,055,426 | ---- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAFP9ActF4nLOz6BZMlSZE8_a_fuTN4rBYJMfVLH3Ns6RWqthNDRditt7br4llqm1zsAbF9qfGcI2qX5QpnOfYaEAm1T1UE1S-94Qz_KssrGBG-2EK-jpztSX.jpg

[2010/06/06 17:04:52 | 000,205,824 | -H-- | M] () -- C:\Documents and Settings\lan-04\Meus documentos\photothumb.db

[2010/06/06 17:04:52 | 000,154,624 | -H-- | M] () -- C:\Documents and Settings\lan-04\Desktop\photothumb.db

[2010/06/06 16:58:55 | 000,082,944 | -H-- | M] () -- C:\photothumb.db

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[26 C:\Documents and Settings\lan-04\Meus documentos\*.tmp files -> C:\Documents and Settings\lan-04\Meus documentos\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/06/17 21:33:16 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\lan-04\Desktop\~$TIVIRUS.doc

[2010/06/17 21:28:53 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\lan-04\Desktop\ANTIVIRUS.doc

[2010/06/16 21:10:45 | 001,009,206 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Cópia de DSC02692.JPG

[2010/06/15 20:46:21 | 000,034,430 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAK33chIdf1_294b70k3AfAtfDl6ePb1TCQR0qPIn0Mw8Ca2Ecq8XyIRJBZVCTDEcQyffiXAPNZBjGkPAN_2FVI4Am1T1UMu4g77aQ7Zau5ExoN48TVPt7k45.jpg

[2010/06/15 20:27:16 | 000,073,225 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAC0uQyrToeGeZhe4ggHs9PmeY0AhTPsuvejoCojlmK-NisJjt6y61xQWNosP5KOJi_YMddoTMmnXkICgx8qjjAoAm1T1UHyzm6s7Kt-oczBq64xDBnk0OYQ9.jpg

[2010/06/14 14:01:29 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\backups .scr

[2010/06/13 17:22:20 | 000,005,460 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\euu2.jpg

[2010/06/13 13:50:02 | 000,065,361 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAIQMyzHZ0A-3oijgbbmI82KrcPFKWeWp8eROeDLZLzcxVdfjUczMZ6-QhUyNwVF6Jfiz3-6JGpXZzM5LdOG47IIAm1T1UMTcUs8iqdnKPyyQ2mpOGu_F0NE5.jpg

[2010/06/08 21:58:01 | 000,061,332 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAM4sX1VozintK3lhWy_Py0UcNqcTPnfR-vcjYh6v3eVKQhsdNt5S4Hp-fOwkS0W9HuKZxJKr7N4sKd1g-54ezSsAm1T1UEYZJciHm6vvxg-TtEH0PKWH5xFg.jpg

[2010/06/08 21:51:46 | 000,043,684 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAK_Lk0n73-khrBHbiWnH_h_X_A04oxTMt5weJnciNOo_m1kyQ8KKxPWEMm1zwXntCSe1KpX7-QzcG3dHxbXv-r8Am1T1UBUKnsseRgB4drxyDO-YU6CcM0L7.jpg

[2010/06/08 21:12:17 | 000,055,426 | ---- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\OgAAAFP9ActF4nLOz6BZMlSZE8_a_fuTN4rBYJMfVLH3Ns6RWqthNDRditt7br4llqm1zsAbF9qfGcI2qX5QpnOfYaEAm1T1UE1S-94Qz_KssrGBG-2EK-jpztSX.jpg

[2010/06/08 12:42:27 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool1 .scr

[2010/06/08 12:42:26 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool .scr

[2010/06/08 12:42:24 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\Originals .scr

[2010/06/08 12:42:23 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\Nova pasta (2) .scr

[2010/06/08 12:42:22 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\niver neuba .scr

[2010/06/08 12:42:21 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Desktop\Atalhos não utilizados da área de trabalho .scr

[2010/06/08 12:42:20 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Volta ao mundo com Jesus .scr

[2010/06/08 12:42:19 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\videos Gisa .scr

[2010/06/08 12:42:18 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\VideoConverter .scr

[2010/06/08 12:42:17 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Updater5 .scr

[2010/06/08 12:42:16 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Originals .scr

[2010/06/08 12:42:15 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\NeroVision .scr

[2010/06/08 12:42:14 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Nero Recode .scr

[2010/06/08 12:42:13 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\MY_FLASH .scr

[2010/06/08 12:42:12 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\My Recordings .scr

[2010/06/08 12:42:11 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\My MMS .scr

[2010/06/08 12:42:10 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\My eBooks .scr

[2010/06/08 12:42:09 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Missões Rondom .scr

[2010/06/08 12:42:08 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas .scr

[2010/06/08 12:42:07 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens .scr

[2010/06/08 12:42:06 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações .scr

[2010/06/08 12:42:05 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Meus vídeos .scr

[2010/06/08 12:42:04 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Meus PhotoShows .scr

[2010/06/08 12:42:03 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Meus arquivos recebidos .scr

[2010/06/08 12:42:02 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\janas .scr

[2010/06/08 12:42:01 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Hetki Hiljaa (2005) .scr

[2010/06/08 12:42:00 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\GTA3 User Files .scr

[2010/06/08 12:41:59 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\EatCam Webcam Recorder .scr

[2010/06/08 12:41:58 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\DVDVideoSoft .scr

[2010/06/08 12:41:57 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Downloads .scr

[2010/06/08 12:41:56 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\disquetes .scr

[2010/06/08 12:41:55 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\CyberLink .scr

[2010/06/08 12:41:54 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Corel User Files .scr

[2010/06/08 12:41:53 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Conselho da Comunidade .scr

[2010/06/08 12:41:52 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Ask and Record Toolbar .scr

[2010/06/08 12:41:51 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\AnyDVDHD .scr

[2010/06/08 12:41:50 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\Any Video Converter .scr

[2010/06/08 12:41:49 | 000,214,528 | R--- | C] () -- C:\Documents and Settings\lan-04\Meus documentos\a-squared Free .scr

[2010/06/08 12:41:48 | 000,214,528 | R--- | C] () -- C:\WINDOWS\WinSxS .scr

[2010/06/08 12:41:47 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Web .scr

[2010/06/08 12:41:46 | 000,214,528 | R--- | C] () -- C:\WINDOWS\WBEM .scr

[2010/06/08 12:41:45 | 000,214,528 | R--- | C] () -- C:\WINDOWS\twain_32 .scr

[2010/06/08 12:41:44 | 000,214,528 | R--- | C] () -- C:\WINDOWS\temp .scr

[2010/06/08 12:41:43 | 000,214,528 | R--- | C] () -- C:\WINDOWS\system32 .scr

[2010/06/08 12:41:42 | 000,214,528 | R--- | C] () -- C:\WINDOWS\system .scr

[2010/06/08 12:41:41 | 000,214,528 | R--- | C] () -- C:\WINDOWS\SxsCaPendDel .scr

[2010/06/08 12:41:40 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Sun .scr

[2010/06/08 12:41:39 | 000,214,528 | R--- | C] () -- C:\WINDOWS\srchasst .scr

[2010/06/08 12:41:38 | 000,214,528 | R--- | C] () -- C:\WINDOWS\SoftwareDistribution .scr

[2010/06/08 12:41:37 | 000,214,528 | R--- | C] () -- C:\WINDOWS\SHELLNEW .scr

[2010/06/08 12:41:36 | 000,214,528 | R--- | C] () -- C:\WINDOWS\ServicePackFiles .scr

[2010/06/08 12:41:35 | 000,214,528 | R--- | C] () -- C:\WINDOWS\security .scr

[2010/06/08 12:41:34 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Resources .scr

[2010/06/08 12:41:33 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Replay Media Catcher .scr

[2010/06/08 12:41:32 | 000,214,528 | R--- | C] () -- C:\WINDOWS\repair .scr

[2010/06/08 12:41:31 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Registration .scr

[2010/06/08 12:41:30 | 000,214,528 | R--- | C] () -- C:\WINDOWS\RegisteredPackages .scr

[2010/06/08 12:41:29 | 000,214,528 | R--- | C] () -- C:\WINDOWS\pss .scr

[2010/06/08 12:41:28 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Provisioning .scr

[2010/06/08 12:41:27 | 000,214,528 | R--- | C] () -- C:\WINDOWS\PIF .scr

[2010/06/08 12:41:26 | 000,214,528 | R--- | C] () -- C:\WINDOWS\PeerNet .scr

[2010/06/08 12:41:25 | 000,214,528 | R--- | C] () -- C:\WINDOWS\pchealth .scr

[2010/06/08 12:41:24 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Offline Web Pages .scr

[2010/06/08 12:41:23 | 000,214,528 | R--- | C] () -- C:\WINDOWS\nview .scr

[2010/06/08 12:41:22 | 000,214,528 | R--- | C] () -- C:\WINDOWS\network diagnostic .scr

[2010/06/08 12:41:21 | 000,214,528 | R--- | C] () -- C:\WINDOWS\mui .scr

[2010/06/08 12:41:20 | 000,214,528 | R--- | C] () -- C:\WINDOWS\mug .scr

[2010/06/08 12:41:19 | 000,214,528 | R--- | C] () -- C:\WINDOWS\msapps .scr

[2010/06/08 12:41:17 | 000,214,528 | R--- | C] () -- C:\WINDOWS\msagent .scr

[2010/06/08 12:41:16 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Minidump .scr

[2010/06/08 12:41:15 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Microsoft.NET .scr

[2010/06/08 12:41:14 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Media .scr

[2010/06/08 12:41:13 | 000,214,528 | R--- | C] () -- C:\WINDOWS\logsysm .scr

[2010/06/08 12:41:12 | 000,214,528 | R--- | C] () -- C:\WINDOWS\l2schemas .scr

[2010/06/08 12:41:11 | 000,214,528 | R--- | C] () -- C:\WINDOWS\java .scr

[2010/06/08 12:41:10 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Internet Logs .scr

[2010/06/08 12:41:09 | 000,214,528 | R--- | C] () -- C:\WINDOWS\inf .scr

[2010/06/08 12:41:08 | 000,214,528 | R--- | C] () -- C:\WINDOWS\ime .scr

[2010/06/08 12:41:07 | 000,214,528 | R--- | C] () -- C:\WINDOWS\ie8updates .scr

[2010/06/08 12:41:06 | 000,214,528 | R--- | C] () -- C:\WINDOWS\ie7updates .scr

[2010/06/08 12:41:05 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Help .scr

[2010/06/08 12:41:04 | 000,214,528 | R--- | C] () -- C:\WINDOWS\erdnt .scr

[2010/06/08 12:41:03 | 000,214,528 | R--- | C] () -- C:\WINDOWS\ehome .scr

[2010/06/08 12:41:02 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Driver Cache .scr

[2010/06/08 12:41:01 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Debug .scr

[2010/06/08 12:41:00 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Cursors .scr

[2010/06/08 12:40:59 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Connection Wizard .scr

[2010/06/08 12:40:58 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Config .scr

[2010/06/08 12:40:57 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Cache .scr

[2010/06/08 12:40:56 | 000,214,528 | R--- | C] () -- C:\WINDOWS\AppPatch .scr

[2010/06/08 12:40:55 | 000,214,528 | R--- | C] () -- C:\WINDOWS\Applian Director .scr

[2010/06/08 12:40:54 | 000,214,528 | R--- | C] () -- C:\WINDOWS\addins .scr

[2010/06/08 12:40:52 | 000,214,528 | R--- | C] () -- C:\WINDOWS\$hf_mig$ .scr

[2010/05/01 16:36:08 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll

[2010/04/27 22:48:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2010/03/10 12:08:18 | 000,000,080 | ---- | C] () -- C:\WINDOWS\coolacm.ini

[2010/03/10 11:58:34 | 000,000,036 | ---- | C] () -- C:\WINDOWS\coolmp3.ini

[2010/03/10 11:58:34 | 000,000,028 | ---- | C] () -- C:\WINDOWS\wordpad.ini

[2010/03/10 11:58:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\COOLSYS.INI

[2010/03/10 11:58:33 | 000,010,677 | ---- | C] () -- C:\WINDOWS\coolkb2k.ini

[2010/03/10 11:58:11 | 000,000,027 | ---- | C] () -- C:\WINDOWS\winzip32.ini

[2010/03/10 11:56:39 | 000,005,410 | ---- | C] () -- C:\WINDOWS\COOL.INI

[2009/10/02 15:46:09 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009/08/03 15:07:42 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/12 23:27:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lde.INI

[2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll

[2009/06/03 15:37:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\imsispd.dll

[2009/05/14 15:16:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll

[2009/05/14 15:12:53 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll

[2009/04/27 19:11:13 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tbodbxfb.dll

[2009/04/27 19:11:13 | 000,000,464 | ---- | C] () -- C:\WINDOWS\System32\dbxdrivers.ini

[2009/04/16 18:23:21 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/04/10 22:31:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2009/03/03 20:17:59 | 000,000,169 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI

[2009/03/03 20:06:24 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll

[2009/03/03 20:06:24 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll

[2009/02/25 22:41:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

[2009/01/31 10:55:26 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2009/01/29 21:23:05 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2008/12/09 00:10:39 | 000,143,104 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll

[2008/09/18 21:33:11 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2008/08/10 00:37:02 | 000,000,069 | ---- | C] () -- C:\WINDOWS\MediaManager.INI

[2008/07/05 22:35:20 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/07/05 08:14:48 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2008/07/05 08:14:44 | 003,591,168 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2008/07/05 08:13:16 | 000,708,096 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2008/06/28 12:47:06 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2008/06/28 12:47:06 | 000,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll

[2008/06/28 12:47:05 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2008/06/28 12:47:04 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/06/23 19:20:13 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2008/06/22 14:34:00 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2008/06/19 20:42:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/06/19 14:16:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini

[2008/06/13 08:39:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2008/06/12 15:36:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2008/06/08 15:07:34 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll

[2008/06/08 15:02:09 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008/06/08 15:02:07 | 000,005,931 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008/06/08 15:01:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008/06/06 11:48:36 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/06 11:40:10 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2008/03/04 17:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll

[2007/10/31 08:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll

[2007/07/10 13:10:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2007/05/17 12:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll

[2006/10/27 07:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2006/04/01 17:33:30 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/03/06 09:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll

[2006/01/01 02:46:05 | 000,003,277 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

[2006/01/01 02:46:05 | 000,000,149 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini

[2006/01/01 02:44:50 | 000,000,633 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

[2003/09/19 15:35:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll

[2003/09/19 15:34:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll

[2003/09/19 15:27:38 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2003/09/19 15:14:42 | 000,022,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\btserial.sys

[2003/04/07 10:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2003/03/24 10:37:54 | 002,830,336 | ---- | C] () -- C:\WINDOWS\System32\btrez.dll

[2002/05/15 23:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2001/11/23 18:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

 

========== LOP Check ==========

 

[2010/06/13 17:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon

[2008/09/23 14:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

[2009/09/03 00:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2009/11/23 20:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DriverScanner

[2009/03/14 01:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2008/09/08 10:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2009/10/02 15:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound

[2009/08/25 18:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

[2008/08/12 17:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

[2009/03/03 20:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SolidDocuments

[2008/09/15 18:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SystemExplorer

[2009/11/23 20:29:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{66E2F539-12B6-4870-A500-7689CDE75C5E}

[2009/07/16 23:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Any Video Converter

[2010/06/13 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Babylon

[2010/06/17 21:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\BitTorrent

[2009/09/03 00:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\DAEMON Tools Lite

[2009/08/27 00:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\ESET

[2009/03/26 21:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Foxit

[2008/09/26 14:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\GrabPro

[2010/03/10 22:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express

[2009/04/30 18:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Lingoes

[2009/10/02 15:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\NCH Swift Sound

[2009/02/01 19:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\OpenCandy

[2010/05/18 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Orbit

[2010/06/16 22:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\PriceGong

[2009/08/25 18:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\River Past G5

[2008/06/19 19:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Simple Star

[2010/06/17 21:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\SolidDocuments

[2009/03/12 12:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Thinstall

[2009/11/23 20:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\Uniblue

[2009/10/15 15:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\uTorrent

[2009/01/08 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lan-04\Dados de aplicativos\VitySoft

[2010/06/17 21:01:02 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

[2008/03/19 16:56:58 | 003,858,985 | ---- | M] () -- C:\eMule0.48a-Installer.exe

[2008/04/24 10:28:48 | 001,495,112 | ---- | M] (Adobe Systems Incorporated) -- C:\install_flash_player.exe

[2008/12/22 13:33:36 | 002,188,592 | ---- | M] (www.orbitdownloader.com ) -- C:\OrbitDownloaderSetup.exe

[2008/09/26 14:12:10 | 002,306,336 | ---- | M] (www.orbitdownloader.com ) -- C:\OrbitSetup_276.exe

[2008/06/20 15:17:29 | 006,361,100 | ---- | M] (Koyote Soft ) -- C:\Setup_FreeConverter.exe

[2009/04/16 19:21:08 | 000,343,017 | ---- | M] () -- C:\ToolBarSD.exe

[2009/01/28 01:13:55 | 061,737,440 | ---- | M] () -- C:\World_Wind_1.3.5_Full.exe

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\erdnt\cache\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 23:20:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\erdnt\cache\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 23:20:40 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

[2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\erdnt\cache\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll

[2008/04/13 23:20:40 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\erdnt\cache\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 23:20:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\System32\drivers\atapi.sys

 

========== Files - Unicode (All) ==========

[2009/04/29 12:21:28 | 000,029,696 | ---- | M] ()(C:\Documents and Settings\lan-04\Meus documentos\Tsda v?z qµ? ???cisa? d? ?i?.doc) -- C:\Documents and Settings\lan-04\Meus documentos\Tσđα vєz qµє ρгєcisαг đє мiм.doc

[2009/04/29 12:21:27 | 000,029,696 | ---- | C] ()(C:\Documents and Settings\lan-04\Meus documentos\Tsda v?z qµ? ???cisa? d? ?i?.doc) -- C:\Documents and Settings\lan-04\Meus documentos\Tσđα vєz qµє ρгєcisαг đє мiм.doc

< End of report >

 

 

OTL Extras logfile created on: 17/6/2010 21:42:11 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\lan-04\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

990,00 Mb Total Physical Memory | 680,00 Mb Available Physical Memory | 69,00% Memory free

5,00 Gb Paging File | 5,00 Gb Available in Paging File | 97,00% Paging File free

Paging file location(s): C:\pagefile.sys 3950 3950 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 74,53 Gb Total Space | 4,13 Gb Free Space | 5,54% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 19,09 Gb Total Space | 0,14 Gb Free Space | 0,75% Space Free | Partition Type: NTFS

Drive F: | 18,21 Gb Total Space | 0,65 Gb Free Space | 3,56% Space Free | Partition Type: FAT32

Drive G: | 11,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: BEGA-4078FCC43

Current User Name: lan-04

Logged in as Administrator.

 

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [mega] -- "C:\Arquivos de programas\Megacubo\megacubo.exe" "%1" (www.megacubo.net)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Arquivos de programas\eMule\emule.exe" = C:\Arquivos de programas\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\uTorrent\uTorrent.exe" = C:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\SopCast\adv\SopAdver.exe" = C:\Arquivos de programas\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\River Past\Wave@MP3\WaveAtMp3.exe" = C:\Arquivos de programas\River Past\Wave@MP3\WaveAtMp3.exe:*:Enabled:River Past Wave@MP3 -- (River Past Corporation)

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- (www.megacubo.net)

"C:\Documents and Settings\lan-04\Meus documentos\Meus arquivos recebidos\TeamViewer.exe" = C:\Documents and Settings\lan-04\Meus documentos\Meus arquivos recebidos\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:Windows Update -- (Microsoft Corporation)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help

"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool

"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM

"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights

"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12

"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart

"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{378914D6-FBC8-42D1-B5FD-648CF8E6C039}" = ESET Smart Security

"{381C70F0-FC2C-4BEF-B16C-B88FA67A6B7B}" = Assistente de Conexão do Windows Live

"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help

"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap

"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5A06BC95-C59E-438D-AA8D-A97690AD628C}" = Encore 5

"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help

"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision

"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help

"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help

"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live

"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar

"{7299052B-02A4-4627-81F2-1818DA5D550D}" = Microsoft Visual C++ 2005 Redistributable

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed

"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

"{93AD10A9-3302-44C7-881C-693D7F3EF942}}_is1" = Aneesoft Free AVI Video Converter

"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express

"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter

"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress

"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool

"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed

"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help

"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009

"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit

"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12

"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help

"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget

"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help

"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision

"{F75367EA-D807-42AC-9EF2-B51F2026F50D}_is1" = getTube 2010 - Downloader de áudio e vídeo

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FE90E9E7-A158-4687-8853-DF677A939A61}" = Software WIDCOMM Bluetooth

"Abcc Free Youtube FLV Video Downloader&Converter_is1" = Abcc Free Youtube FLV Video Downloader&Converter 3.2

"AdmIg_is1" = AdmIg 2009

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AmazingMIDI" = AmazingMIDI

"Ant Movie Catalog_is1" = Ant Movie Catalog

"Applian Director2.0" = Applian Director

"a-squared Free_is1" = a-squared Free 4.0

"aTube Catcher" = aTube Catcher

"Babylon" = Babylon

"CCleaner" = CCleaner (remove only)

"Cool Edit 2000" = Cool Edit 2000

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2

"Debut" = Debut Video Capture Software

"Direct MIDI to MP3 Converter_is1" = Direct MIDI to MP3 Converter versão 6.1.1.34

"Dirf 2009" = Dirf 2009

"DVD Audio Ripper" = DVD Audio Ripper

"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar

"Encore 4.5.3" = Encore 4.5.3

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02

"Fast MIDI to MP3 Converter_is1" = Fast MIDI to MP3 Converter 6.1

"Finale Reader" = Finale Reader 2009

"Foxit PDF Editor" = Foxit PDF Editor

"Foxit Reader" = Foxit Reader

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2

"HijackThis" = HijackThis 2.0.2

"ie8" = Windows Internet Explorer 8

"intelliScore Polyphonic WAV to MIDI Converter Demo" = intelliScore Polyphonic WAV to MIDI Converter Demo

"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

"Konvertor" = Konvertor

"L&H Power Translator Pro 7.0" = L&H Power Translator Pro 7.0

"lde" = Longman Dicionário Escolar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaCoder" = MediaCoder 0.6.2

"Megacubo_is1" = Megacubo 7.2.0

"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"MID Converter 4.2" = MID Converter 4.2

"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Orbit_is1" = Orbit Downloader

"PhotoScape" = PhotoScape

"Picasa 3" = Picasa 3

"Receitanet Java 2010.02a" = Receitanet Java 2010.02a

"Replay Media Catcher 3.11" = Replay Media Catcher

"Revo Uninstaller" = Revo Uninstaller 1.83

"SopCast" = SopCast 3.0.3

"TallStick TS-AudioToMIDI 3.30" = TallStick TS-AudioToMIDI 3.30 (remove only)

"TIM Web Banda Larga" = TIM Web Banda Larga

"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908

"TVUPlayer" = TVUPlayer 2.3.7.1

"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009

"Uninstall_is1" = Uninstall 1.0.0.1

"UsbFix" = UsbFix

"Wave@MP3" = River Past Wave@MP3

"WavePad" = WavePad Sound Editor

"WIDI Recognition System Pro 3.0" = WIDI Recognition System Pro 3.0 (remove only)

"WinLiveSuite_Wave3" = Windows Live Essentials

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"Google Chrome" = Google Chrome

"uTorrent" = µTorrent

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 12/6/2010 08:18:32 | Computer Name = BEGA-4078FCC43 | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Failed to compile: c:\Arquivos de programas\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll

. Error code = 0x80131047

 

Error - 12/6/2010 08:18:41 | Computer Name = BEGA-4078FCC43 | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Failed to compile: c:\Arquivos de programas\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll

. Error code = 0x80131047

 

Error - 12/6/2010 08:27:34 | Computer Name = BEGA-4078FCC43 | Source = .NET Runtime Optimization Service | ID = 1101

Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)

- Failed to compile: c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMdiagnostics.dll . Error code = 0x80131047

 

Error - 12/6/2010 12:56:06 | Computer Name = BEGA-4078FCC43 | Source = Google Update | ID = 20

Description =

 

Error - 12/6/2010 13:26:23 | Computer Name = BEGA-4078FCC43 | Source = Application Hang | ID = 1002

Description = Aplicativo com falha mplayerc.exe, versão 6.4.9.0, módulo com falha

hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

 

Error - 12/6/2010 13:56:05 | Computer Name = BEGA-4078FCC43 | Source = Google Update | ID = 20

Description =

 

Error - 12/6/2010 19:00:03 | Computer Name = BEGA-4078FCC43 | Source = MsiInstaller | ID = 11704

Description = Produto: Microsoft Office Professional Edição 2003 -- Erro 1704. A

instalação de Microsoft .NET Framework 2.0 Service Pack 2 está suspensa no momento.

Desfaça as alterações feitas por essa instalação para continuar. Deseja desfazer

as alterações?

 

Error - 12/6/2010 19:01:58 | Computer Name = BEGA-4078FCC43 | Source = MsiInstaller | ID = 1024

Description = Produto: Microsoft Office Professional Edição 2003 - A atualização

'Security Update for Office 2003 (KB982311): MSO' não pôde ser instalada. Código

de erro 1603. O Windows Installer pode criar logs para ajudar a solucionar problemas

na instalação de pacotes de software. Use o link a seguir para obter informações

sobre ativação do suporte a registro em log: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error - 14/6/2010 12:56:06 | Computer Name = BEGA-4078FCC43 | Source = Google Update | ID = 20

Description =

 

Error - 15/6/2010 12:03:06 | Computer Name = BEGA-4078FCC43 | Source = Google Update | ID = 20

Description =

 

[ System Events ]

Error - 17/6/2010 05:52:00 | Computer Name = BEGA-4078FCC43 | Source = Print | ID = 23

Description = A inicialização da impressora Microsoft XPS Document Writer falhou

porque um driver Microsoft XPS Document Writer adequado não pôde ser encontrado.

 

Error - 17/6/2010 05:52:05 | Computer Name = BEGA-4078FCC43 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 17/6/2010 19:33:33 | Computer Name = BEGA-4078FCC43 | Source = Print | ID = 23

Description = A inicialização da impressora Microsoft XPS Document Writer falhou

porque um driver Microsoft XPS Document Writer adequado não pôde ser encontrado.

 

Error - 17/6/2010 19:33:38 | Computer Name = BEGA-4078FCC43 | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Parallel port driver devido ao

seguinte erro: %%1058

 

Error - 17/6/2010 20:32:55 | Computer Name = BEGA-4078FCC43 | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço EventSystem

com argumentos "" para iniciar o servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 17/6/2010 20:33:19 | Computer Name = BEGA-4078FCC43 | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço StiSvc com

argumentos "" para iniciar o servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 17/6/2010 20:33:19 | Computer Name = BEGA-4078FCC43 | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço StiSvc com

argumentos "" para iniciar o servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 17/6/2010 20:34:00 | Computer Name = BEGA-4078FCC43 | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: ehdrv ElbyCDIO Fips intelppm is-A7UA6drv is-D8KDBdrv is-QR2A2drv is-UEHSSdrv

 

Error - 17/6/2010 20:38:25 | Computer Name = BEGA-4078FCC43 | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço StiSvc com

argumentos "" para iniciar o servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 17/6/2010 20:47:32 | Computer Name = BEGA-4078FCC43 | Source = DCOM | ID = 10005

Description = Erro "%1084" no DCOM na tentativa de iniciar o serviço StiSvc com

argumentos "" para iniciar o servidor: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

 

< End of report >

 

 

PS: Outra coisa que gostaria de falar, era q eu axo q tenho 2 pen drives infectados. Eles nao deletam certos arquivos chamados: autorun.inf e as pastas c arquivos de 800MB por ex. qdo clico em propriedades mostra sempre um tamanho de apenas 209KB, nao correspondendo a realidade. E isso acontece em tds as pastas do pendrive independente do tamanho da pastas e dos arquivos q tem nela. Aliás nesses msms pendrives, nao consigo formatar pq tem arquivo q nao da pra deletar.

Ate mais

abraço.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! esdrasyave

 

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:Files

c:\documents and settings\lan-04\Configurações locais\Temp\Ev~NeN^e.eXe

C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

C:\Arquivos de programas\Ask.com

:otl

PRC - C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O3 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.

O3 - HKU\S-1-5-21-1844237615-1606980848-682003330-1003\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (Qbyrd)

O4 - HKLM..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe ()

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)

O33 - MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\AutoRun\command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\explore\Command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\Shell\open\Command - "" = H:\WinConfig~.exe -- File not found

O33 - MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\Shell - "" = AutoRun

O33 - MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/23 18:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[26 C:\Documents and Settings\lan-04\Meus documentos\*.tmp files -> C:\Documents and Settings\lan-04\Meus documentos\*.tmp -> ]

:commands

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 )

<@> Salve-a em Arquivos de programas!

<@> Desabilite seu antivírus!

<@> Instale e execute a ferramenta,com um duplo-clique em: < r2t69y.jpg >

<@> Nas opções da língua,escolha "PT-BR" --> Enter.

<@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter.

 

wrmljk.jpg

 

<@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... )

<@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok.

 

6f8nwo.jpg

 

<@> O computador irá reiniciar. <-- Aguarde!

<@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta.

<@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante!

<@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter.

<@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

All processes killed

========== FILES ==========

c:\documents and settings\lan-04\Configurações locais\Temp\Ev~NeN^e.eXe moved successfully.

C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll moved successfully.

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.

File\Folder C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe not found.

C:\Arquivos de programas\Ask.com folder moved successfully.

========== OTL ==========

No active process named Ev~NeN^e.eXe was found!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

File C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.

Registry value HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe deleted successfully.

File C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fe049e-6134-11df-80b9-001a66ad48cd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fe049e-6134-11df-80b9-001a66ad48cd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fe049e-6134-11df-80b9-001a66ad48cd}\ not found.

File move failed. G:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fe04a1-6134-11df-80b9-001a66ad48cd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fe04a1-6134-11df-80b9-001a66ad48cd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fe04a1-6134-11df-80b9-001a66ad48cd}\ not found.

File move failed. G:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb71b1-4207-11dd-a498-000000000010}\ not found.

File H:\WinConfig~.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb71b1-4207-11dd-a498-000000000010}\ not found.

File H:\WinConfig~.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b8eb71b1-4207-11dd-a498-000000000010}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8eb71b1-4207-11dd-a498-000000000010}\ not found.

File H:\WinConfig~.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6db9592-6363-11df-80be-001a66ad48cd}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6db9592-6363-11df-80be-001a66ad48cd}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6db9592-6363-11df-80be-001a66ad48cd}\ not found.

File H:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File move failed. G:\AutoRun.exe scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\AutoRun.exe not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\DUMP7455.tmp deleted successfully.

C:\WINDOWS\DUMP7649.tmp deleted successfully.

C:\WINDOWS\DUMP8a0f.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0365.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0380.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0562.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0657.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0694.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL0790.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1096.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1275.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1315.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1413.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1419.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL1855.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL2270.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL2469.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL2879.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL2903.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL2916.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3341.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3635.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3669.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3727.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3767.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL3986.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL4002.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL4045.tmp deleted successfully.

C:\Documents and Settings\lan-04\Meus documentos\~WRL4099.tmp deleted successfully.

========== COMMANDS ==========

 

[EMPTYFLASH]

 

User: Administrador

 

User: All Users

 

User: Default User

 

User: lan-04

->Flash cache emptied: 649 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: lan-04

->Temp folder emptied: 662883440 bytes

->Temporary Internet Files folder emptied: 344195 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 59942550 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 32969 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 78303508 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 764,00 mb

 

 

OTL by OldTimer - Version 3.2.6.0 log created on 06182010_180307

 

Files\Folders moved on Reboot...

File move failed. G:\AutoRun.exe scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:22:02, on 18/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 189.40.224.5 189.38.95.95

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 11719 bytes

 

############################## | UsbFix 7.011 | [supressão]

 

Usuário: lan-04 (Administrador) # BEGA-4078FCC43 [ ]

Atualizado em 17/06/2010 por El Desaparecido / C_XX

Começou em 18:16:03 | 18/06/2010

Site: http://pagesperso-orange.fr/NosTools/index.html

Contato: FindyKill.Contact@gmail.com

 

CPU: Intel® Pentium® D CPU 2.80GHz

CPU 2: Intel® Pentium® D CPU 2.80GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: ESET Smart Security 4.0 4.0 [Enabled | (!) Outdated]

Firewall: Firewall pessoal do ESET 4.0.437.0 [(!) Disabled]

RAM -> 990 Mb

C:\ (%systemdrive%) -> Disco fixo # 75 Gb (4 Mb livre - 6%) [] # NTFS

D:\ -> CD-ROM

E:\ -> Disco fixo # 19 Gb (147 Mb livre - 1%) [] # NTFS

F:\ -> Disco fixo # 18 Gb (663 Mb livre - 4%) [] # FAT32

G:\ -> CD-ROM

H:\ -> Disco removível # 952 Mb (0 Mb livre - 0%) [NEUILA] # FAT32

I:\ -> Disco removível # 984 Mb (7 Mb livre - 1%) [ESDRAS] # FAT

 

################## | Ficheiros # pastas infeciosos |

 

Supprimido ! C:\Arquivos de programas\GbPlugin

Não supprimido ! G:\Autorun.inf

Supprimido ! C:\Recycler\S-1-5-21-1844237615-1606980848-682003330-1003

Supprimido ! E:\Recycler\S-1-5-21-1202660629-1078145449-854245398-1003

Supprimido ! E:\Recycler\S-1-5-21-1390067357-152049171-839522115-500

Supprimido ! E:\Recycler\S-1-5-21-1844237615-1606980848-682003330-1003

Supprimido ! I:\Recycler\S-1-5-21-1482476501-1644491937-682003330-1013

Supprimido ! I:\Recycler\S-1-6-22-2134031345-1609158761-021649731-3254

Supprimido ! I:\Recycler\S-3-6-21-2434476501-1644491937-600003330-1213

Supprimido ! I:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! I:\Restore\S-1-5-21-1482476501-1644491937-682003330-1013

Supprimido ! C:\temp.txt

Supprimido ! H:\PhotoScapeSetup_V3.4.exe

Supprimido ! I:\autorun.inf .scr

Supprimido ! I:\driver\Usb

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\A Bíblia em Bytes .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\a-squared Free .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Abcc Free Youtube FLV Video Downloader&Converter .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\AdmIg .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Aneesoft .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ant Movie Catalog .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Applian Technologies .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\aTube Catcher .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Audio Related Programs .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\CPUID .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\DAEMON Tools Lite .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Debut Video Capture Software .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Direct MIDI to MP3 Converter .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\doPDF 5 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Download Toolz .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\DVD Shrink .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\DVDVideoSoft .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\EatCam Webcam Recorder for MSN .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Elaborate Bytes .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Encore 4.5.3 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Encore 5 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\ESET .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Fast MIDI to MP3 Converter .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Finale Reader .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Foxit PDF Editor .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Foxit Reader .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Earth .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Guitar Pro 5 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\HP .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\intelliScore Polyphonic WAV to MIDI Converter Demo .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\K-Lite Codec Pack .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\L&H Power Translator Pro .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Lavalys .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Longman .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Megacubo .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office Live Add-in .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Silverlight .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\MIKSOFT .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\mobile PhoneTools .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Motorola Driver Installer .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\MP3 Player Utilities 4.00 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\MP3 Player Utilities 4.13 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\MP3 Player Utilities 5.02 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\MP4TOOL .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\NCH Software Suite .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Nero .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Nero PhotoShow Express 4 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Oi Internet .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Orbit .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\PhotoScape .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Picasa 3 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB2009 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Programas RFB2010 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\River Past .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Runtime Software .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\save2pc .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Serif Applications .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Skype .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\SlySoft .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\SolidDocuments .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Suite de Aplicativos Gráficos CorelDRAW 12 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\System Explorer .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\TIM Web Banda Larga .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Total Video Converter .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\TouchStoneSoftware .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Turbo Pascal 7 .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\TVUPlayer .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Uniblue .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\VDOWNLOADER .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Video Related Programs .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\WavePad Sound Editor .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\Windows Live .scr

Supprimido ! C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR .scr

Supprimido ! C:\Documents and Settings\lan-04\Configurações locais\temp\Ev~NeN^e.eXe

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Atalhos não utilizados da área de trabalho .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\backups .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\niver neuba .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Nova pasta (2) .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Originals .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool\is-UEHSS .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool1\is-QR2A2 .scr

Supprimido ! C:\Documents and Settings\lan-04\Desktop\Virus Removal Tool1 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Acessórios\Acessibilidade .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Acessórios\Entretenimento .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Acessórios .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\AmazingMIDI .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\AtomixMP3 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\AVIConverter .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\BestPractice .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\CCleaner .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Cool Edit 2000 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\CyberLink PowerDVD .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Ferramentas administrativas .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\getTube 2010 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Google Chrome .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\ImTOO .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Inicializar .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\LimeWire .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\MediaCoder .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\MID Converter 4.2 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Programas RFB2009 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Recuva .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\Revo Uninstaller .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\SopCast .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\TS-AudioToMIDI 3.30 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\UsbFix .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\WIDI Recognition System Pro 3.0 .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\WinRAR .scr

Supprimido ! C:\Documents and Settings\lan-04\Menu Iniciar\Programas\XviD .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\a-squared Free .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Any Video Converter .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\AnyDVDHD .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Ask and Record Toolbar .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Conselho da Comunidade .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Corel User Files .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\CyberLink .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\disquetes .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\+ Links .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\1988 - Live At The Ritz .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Angra .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\AWQ170A_SG_174 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Dancando De Vestido Na Webcam .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Dark.Tranquillity.2003.Live.Damage .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Doc .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Dream Theater Metropolis .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\FITO .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Guns N' Roses - 2010-03-13 - Palestra Italia, Sao Paulo, Brazil .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Hetki Hiljaa (2005) .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Hyvästi, Dolores Haze (2010) .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Megadeth - Arsenal Of Megadeth DVD1 (Full DVD) (www.heavytorrents.org)(by hijodeodin) .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Metallica - New York 2004 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Nuclear Assault - Louder Harder Faster (Full DVD)(www.heavytorrents.org)(By hijodeodin) .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\PhotoScapeSetup_V3.4(2).exe

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\PhotoScapeSetup_V3.4.exe

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Steve Vai - Where The Wild Things Are (2009) - DMWINC .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\Stryper - 2010-01-23 - Live in Tivoli DVD, Utrecht, The Netherlands .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads\THEATER_LA07 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Downloads .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\DVDVideoSoft .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\EatCam Webcam Recorder .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\GTA3 User Files .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Hetki Hiljaa (2005) .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\janas .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Meus arquivos recebidos .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Meus PhotoShows .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Meus vídeos .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\80 anos .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\adolescentes rondon 0709 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\ALBUM BILLY .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\amme ebf 09 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\cidney .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\decoração .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\festa boatã .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\formatura cetred .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Fotos da natureza .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\joce .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\monteiro lobato .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Neuila Chá-de-panela I .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Originals .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Picasa .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\roupas .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Socorro gouveia .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Tasso .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\alessandra .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Artista Desconhecido .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\ebf 2009 canções .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Harpa cristã .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Hostile Inc .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Megadeth .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Minhas Listas de Reprodução .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Mução .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Missões Rondom .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\My eBooks .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\My MMS .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\My Recordings .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\MY_FLASH .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Nero Recode .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\NeroVision .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Originals .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Updater5 .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\VideoConverter .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\videos Gisa .scr

Supprimido ! C:\Documents and Settings\lan-04\Meus documentos\Volta ao mundo com Jesus .scr

Supprimido ! C:\Downloads\PhotoScapeSetup_V3.4.exe

Supprimido ! C:\Pen drive\autorun.inf .scr

Supprimido ! C:\System Volume Information\_restore{7EC2FA27-7987-4CC3-94AE-B9354BD1527C}\RP205\A0073797.eXe

Supprimido ! C:\WINDOWS\$hf_mig$ .scr

Supprimido ! C:\WINDOWS\addins .scr

Supprimido ! C:\WINDOWS\Applian Director .scr

Supprimido ! C:\WINDOWS\AppPatch .scr

Supprimido ! C:\WINDOWS\Cache .scr

Supprimido ! C:\WINDOWS\Config .scr

Supprimido ! C:\WINDOWS\Connection Wizard .scr

Supprimido ! C:\WINDOWS\Cursors .scr

Supprimido ! C:\WINDOWS\Debug .scr

Supprimido ! C:\WINDOWS\Driver Cache .scr

Supprimido ! C:\WINDOWS\ehome .scr

Supprimido ! C:\WINDOWS\erdnt .scr

Supprimido ! C:\WINDOWS\Help .scr

Supprimido ! C:\WINDOWS\ie7updates .scr

Supprimido ! C:\WINDOWS\ie8updates .scr

Supprimido ! C:\WINDOWS\ime .scr

Supprimido ! C:\WINDOWS\inf .scr

Supprimido ! C:\WINDOWS\Internet Logs .scr

Supprimido ! C:\WINDOWS\java .scr

Supprimido ! C:\WINDOWS\l2schemas .scr

Supprimido ! C:\WINDOWS\logsysm .scr

Supprimido ! C:\WINDOWS\Media .scr

Supprimido ! C:\WINDOWS\Microsoft.NET .scr

Supprimido ! C:\WINDOWS\Minidump .scr

Supprimido ! C:\WINDOWS\msagent .scr

Supprimido ! C:\WINDOWS\msapps .scr

Supprimido ! C:\WINDOWS\mug .scr

Supprimido ! C:\WINDOWS\mui .scr

Supprimido ! C:\WINDOWS\network diagnostic .scr

Supprimido ! C:\WINDOWS\nview .scr

Supprimido ! C:\WINDOWS\Offline Web Pages .scr

Supprimido ! C:\WINDOWS\pchealth .scr

Supprimido ! C:\WINDOWS\PeerNet .scr

Supprimido ! C:\WINDOWS\PIF .scr

Supprimido ! C:\WINDOWS\Provisioning .scr

Supprimido ! C:\WINDOWS\pss .scr

Supprimido ! C:\WINDOWS\RegisteredPackages .scr

Supprimido ! C:\WINDOWS\Registration .scr

Supprimido ! C:\WINDOWS\repair .scr

Supprimido ! C:\WINDOWS\Replay Media Catcher .scr

Supprimido ! C:\WINDOWS\Resources .scr

Supprimido ! C:\WINDOWS\security .scr

Supprimido ! C:\WINDOWS\ServicePackFiles .scr

Supprimido ! C:\WINDOWS\SHELLNEW .scr

Supprimido ! C:\WINDOWS\SoftwareDistribution .scr

Supprimido ! C:\WINDOWS\srchasst .scr

Supprimido ! C:\WINDOWS\Sun .scr

Supprimido ! C:\WINDOWS\SxsCaPendDel .scr

Supprimido ! C:\WINDOWS\system .scr

Supprimido ! C:\WINDOWS\system32 .scr

Supprimido ! C:\WINDOWS\temp .scr

Supprimido ! C:\WINDOWS\twain_32 .scr

Supprimido ! C:\WINDOWS\WBEM .scr

Supprimido ! C:\WINDOWS\Web .scr

Supprimido ! C:\WINDOWS\WinSxS .scr

Supprimido ! C:\_OTL\MovedFiles\06182010_180307\c_documents and settings\lan-04\Configurações locais\Temp\Ev~NeN^e.eXe

Supprimido ! E:\95183acdd2f04f9f559bdaf007d9 .scr

Supprimido ! E:\AACR2R (D) .scr

Supprimido ! E:\Angels and Demons Revealed .scr

Supprimido ! E:\Anturio - Acessos (18.12.2008) .scr

Supprimido ! E:\Arquivos de programas .scr

Supprimido ! E:\BIBLIAW2 .scr

Supprimido ! E:\CloneDVDTemp .scr

Supprimido ! E:\CloneTemp .scr

Supprimido ! E:\Documents and Settings .scr

Supprimido ! E:\Doug .scr

Supprimido ! E:\Download .scr

Supprimido ! E:\Downloads .scr

Supprimido ! E:\Emuladores .scr

Supprimido ! E:\Forragem .scr

Supprimido ! E:\FOTOS .scr

Supprimido ! E:\fotos retiro 2010 .scr

Supprimido ! E:\Gospel .scr

Supprimido ! E:\Instalador do Adobe Reader 9 .scr

Supprimido ! E:\Jorge Vercilo - Trem da Minha Vida (Áudio do DVD) .scr

Supprimido ! E:\Livro de Flores Tropicais .scr

Supprimido ! E:\Livros .scr

Supprimido ! E:\Material de Apoio .scr

Supprimido ! E:\Material de aula Forragem .scr

Supprimido ! E:\MELHORAMENTO ANIMAL .scr

Supprimido ! E:\Min. CEO\Que amor é esse .scr

Supprimido ! E:\Min. CEO .scr

Supprimido ! E:\Moscow 2009 .scr

Supprimido ! E:\MP3\Annihilator - Never, Neverland .scr

Supprimido ! E:\MP3\Anthrax - Among the Living .scr

Supprimido ! E:\MP3\Autograph-Sign in please (1984) .scr

Supprimido ! E:\MP3\Castlevania_Lament_of_Innocence_ost_part1 .scr

Supprimido ! E:\MP3\Cataracta .scr

Supprimido ! E:\MP3\Dark The Suns - 2008 - The Dead End [EP] .scr

Supprimido ! E:\MP3\DE MONT-Body Language (1989) .scr

Supprimido ! E:\MP3\Edu Falaschi's Almah - Anime Friends .scr

Supprimido ! E:\MP3\El Cuervo Pajón y los Brujos - Osamenta .scr

Supprimido ! E:\MP3\Guns N' Roses - Appetite For Destruction (1987) .scr

Supprimido ! E:\MP3\Halford - Resurrection .scr

Supprimido ! E:\MP3\Hibria - The Skull Collectors (2008) .scr

Supprimido ! E:\MP3\JasonMraz - We Sing, We Dance, We Steal Things .scr

Supprimido ! E:\MP3\Marc Collin - Hollywood, Mon Amour .scr

Supprimido ! E:\MP3\Necrotério - a rotten pile of dead humans 192 .scr

Supprimido ! E:\MP3\Shdwsd-DrTDrm\Shadowside - Dare To Dream (2009) .scr

Supprimido ! E:\MP3\Shdwsd-DrTDrm .scr

Supprimido ! E:\MP3\Six Degrees Of Separation 10 .scr

Supprimido ! E:\MP3\Slash-(Advance)-2010-SOM .scr

Supprimido ! E:\MP3\The Best Of Techno, Breaks Produced By Owns OnE! .scr

Supprimido ! E:\MP3\Viper - Theatre Of Fate - Soldiers Of Sunrise .scr

Supprimido ! E:\MP3\When_Summers_Gone-December-2009 .scr

Supprimido ! E:\MP3\Zeromancer - The Death Of Romance (2010) .scr

Supprimido ! E:\MP3 .scr

Supprimido ! E:\MSOCache .scr

Supprimido ! E:\MyAlbum .scr

Supprimido ! E:\Nero 9.0 Completo (com ativação correta) pt-br .scr

Supprimido ! E:\neuba fotos .scr

Supprimido ! E:\Nightwish .scr

Supprimido ! E:\program files .scr

Supprimido ! E:\Van Halen - Video Hits, Vol.1 1996 DVDRIP .scr

Supprimido ! E:\VDS 2 .scr

Supprimido ! E:\Videira .scr

Supprimido ! E:\WINDOWS .scr

Supprimido ! E:\Álbum Desconhecido (7-11-2007 16-00-56) .scr

Supprimido ! F:\_Johnson_\Others Vídeos .scr

Supprimido ! F:\_Johnson_\Boot_Screen .scr

Supprimido ! F:\_Johnson_\Textos .scr

Supprimido ! F:\_Johnson_\Cicero(fotos) .scr

Supprimido ! F:\_Johnson_\Criador de Capas De Cds .scr

Supprimido ! F:\_Johnson_\Videos .scr

Supprimido ! F:\_Johnson_\Álbum .scr

Supprimido ! F:\_Johnson_\Tabl .scr

Supprimido ! F:\_Johnson_\fotos pub .scr

Supprimido ! F:\_Johnson_\CONSERVATÓRIO .scr

Supprimido ! F:\_Johnson_\cissa .scr

Supprimido ! F:\_Johnson_\FLStudio4 .scr

Supprimido ! F:\_Johnson_\cortes .scr

Supprimido ! F:\_Johnson_\Oziel Fenix_arquivos .scr

Supprimido ! F:\_Johnson_\fotos .scr

Supprimido ! F:\_Johnson_\Fotos2 .scr

Supprimido ! F:\_Johnson_\LIVROS .scr

Supprimido ! F:\_Johnson_\Tirando a voz do CD_arquivos .scr

Supprimido ! F:\_Johnson_\Converter pra MIDI_arquivos .scr

Supprimido ! F:\_Johnson_\VA - Guitar Supreme Giant Steps in Fusion Guitar (2004) .scr

Supprimido ! F:\_Johnson_\Alterando Extensão_arquivos .scr

Supprimido ! F:\_Johnson_\logos camisetas .scr

Supprimido ! F:\Esdras\E-Books .scr

Supprimido ! F:\Esdras\Jogos .scr

Supprimido ! F:\Esdras\Igreja_Deus_É_Amor_arquivos .scr

Supprimido ! F:\Esdras\VEST-Inf .scr

Supprimido ! F:\Esdras\Vídeos .scr

Supprimido ! F:\Esdras\XP Tools .scr

Supprimido ! F:\Esdras\WORD_Files .scr

Supprimido ! F:\Esdras\Norton .scr

Supprimido ! F:\Esdras\Fotos_Cel .scr

Supprimido ! F:\Esdras\ZIP_Files .scr

Supprimido ! F:\Esdras\PHStat2 .scr

Supprimido ! F:\Esdras\Período Interbíblico_arquivos .scr

Supprimido ! F:\Esdras\Influências_Juadísmo_arquivos .scr

Supprimido ! F:\Esdras\Triumph Or Agony - Rhapsody - Traduções_arquivos .scr

Supprimido ! F:\Esdras\PNL GERAL .scr

Supprimido ! F:\Esdras\VOZ DA VERDADE_arquivos .scr

Supprimido ! F:\Esdras\Reforma_Protestante_arquivos .scr

Supprimido ! F:\Esdras\AnáliseTextualI Pd_arquivos .scr

Supprimido ! F:\Esdras\Paixao_de_Cristo_arquivos .scr

Supprimido ! F:\Esdras\Origem do Mal_arquivos .scr

Supprimido ! F:\Esdras\Angra__arquivos .scr

Supprimido ! F:\Esdras\Iluminatti_1_arquivos .scr

Supprimido ! F:\Esdras\Adoração - A música e os Filhos de Caim_arquivos .scr

Supprimido ! F:\Esdras\Adoração - O reino do Anticristo_arquivos .scr

Supprimido ! F:\Esdras\AntiVirus .scr

Supprimido ! F:\Esdras\Catedral_arquivos .scr

Supprimido ! F:\Esdras\Clean Center .scr

Supprimido ! F:\Esdras\Cursos Técnicos - Conectividade_arquivos .scr

Supprimido ! F:\Esdras\DivX Edição Legenda .scr

Supprimido ! F:\Esdras\FÍSICA - EIS A QUESTÃO - MECÂNICA_arquivos .scr

Supprimido ! F:\Esdras\FÍSICA - QUESTÕES_arquivos .scr

Supprimido ! F:\Esdras\Resposta da QUESTÃO #1 de MECÂNICA_arquivos .scr

Supprimido ! F:\Esdras\UNIFOR - Psicologia_arquivos .scr

Supprimido ! F:\Esdras\VirtualDub 1.4.7 .scr

Supprimido ! F:\Esdras\Xp Visual .scr

Supprimido ! F:\Esdras\Data Geosis .scr

Supprimido ! F:\Esdras\8.4_arquivos .scr

Supprimido ! F:\Esdras\Rafael Bittencourt -_arquivos .scr

Supprimido ! F:\Esdras\Oi Internet_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br7_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br8_arquivos .scr

Supprimido ! F:\Esdras\Ilumiatti_2_arquivos .scr

Supprimido ! F:\Esdras\Iluminatti_3_arquivos .scr

Supprimido ! F:\Esdras\Censo2_arquivos .scr

Supprimido ! F:\Esdras\Iluminatti_4_arquivos .scr

Supprimido ! F:\Esdras\Censo_arquivos .scr

Supprimido ! F:\Esdras\Iluminatti_5_arquivos .scr

Supprimido ! F:\Esdras\Jovens Cristãos_arquivos .scr

Supprimido ! F:\Esdras\__ Estudos Virtual Gospel __arquivos .scr

Supprimido ! F:\Esdras\MIR - Projeto Salomao_arquivos .scr

Supprimido ! F:\Esdras\Em Juazeiro_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br8.1_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br8.2_arquivos .scr

Supprimido ! F:\Esdras\Crescimento da Igreja Evangélica Brasileira_arquivos .scr

Supprimido ! F:\Esdras\Crescimento da Igreja_arquivos .scr

Supprimido ! F:\Esdras\A Próxima Guerra Árabe-Israelense Está Extremamente Próxima - Parte 1 de 2_arquivos .scr

Supprimido ! F:\Esdras\fot do arrebatamento_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br_arquivos .scr

Supprimido ! F:\Esdras\Código_Da_Vinci_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br2_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br3_arquivos .scr

Supprimido ! F:\Esdras\Ordem Illuminati_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br8.6_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br4_arquivos .scr

Supprimido ! F:\Esdras\Em São Gonçalo_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br5_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br6_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.2_arquivos .scr

Supprimido ! F:\Esdras\CP- P3_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.3_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.4_arquivos .scr

Supprimido ! F:\Esdras\Caixa Preta - Parte 2_arquivos .scr

Supprimido ! F:\Esdras\CP-P4_arquivos .scr

Supprimido ! F:\Esdras\CP- P5_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.6_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.7_arquivos .scr

Supprimido ! F:\Esdras\Terra Plana_arquivos .scr

Supprimido ! F:\Esdras\Idade da Terra_arquivos .scr

Supprimido ! F:\Esdras\TJs_Figuras_Sinistras_arquivos .scr

Supprimido ! F:\Esdras\Stratovarius_arquivos .scr

Supprimido ! F:\Esdras\FOLHA GOSPEL_com - Culto Adaptado_arquivos .scr

Supprimido ! F:\Esdras\Harry Potter e o Cálice de Fogo - Análise do Livro_arquivos .scr

Supprimido ! F:\Esdras\Stryper-Discography_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br7.5_arquivos .scr

Supprimido ! F:\Esdras\PDF_Files .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br9.1_arquivos .scr

Supprimido ! F:\Esdras\Fotos_Variadas .scr

Supprimido ! F:\Esdras\PPT_Files .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br9.6_arquivos .scr

Supprimido ! F:\Esdras\CURSO HARDWARE1_arquivos .scr

Supprimido ! F:\Esdras\Adobe Reader 8.0.0 XP .scr

Supprimido ! F:\Esdras\Aula de Estatística .scr

Supprimido ! F:\Esdras\Sisvar Prof.Marcos Esmeraldo .scr

Supprimido ! F:\Esdras\Turbo Pascal Prof.Walter .scr

Supprimido ! F:\Esdras\CURSO HARDWARE2_arquivos .scr

Supprimido ! F:\Esdras\Senhor dos Anéis_arquivos .scr

Supprimido ! F:\Esdras\CURSO HARDWARE3_arquivos .scr

Supprimido ! F:\Esdras\CURSO HARDWARE8_arquivos .scr

Supprimido ! F:\Esdras\CURSO HARDWARE9_arquivos .scr

Supprimido ! F:\Esdras\eee .scr

Supprimido ! F:\Esdras\EMBRAPA .scr

Supprimido ! F:\Esdras\TESTE VOCACIONAL_arquivos .scr

Supprimido ! F:\Esdras\fotos 2006e .scr

Supprimido ! F:\Esdras\Maçonaria_arquivos .scr

Supprimido ! F:\Esdras\ma_arquivos .scr

Supprimido ! F:\Esdras\C.A.D.R .scr

Supprimido ! F:\Esdras\Maçonaria2_arquivos .scr

Supprimido ! F:\Esdras\Maçonaria3_arquivos .scr

Supprimido ! F:\Esdras\Maçonaria4_arquivos .scr

Supprimido ! F:\Esdras\Maçonaria5_arquivos .scr

Supprimido ! F:\Esdras\Apocalipse .scr

Supprimido ! F:\Esdras\Seda_arquivos .scr

Supprimido ! F:\Esdras\Halloween_arquivos .scr

Supprimido ! F:\Esdras\Halloween2_arquivos .scr

Supprimido ! F:\Esdras\Bruxaria_arquivos .scr

Supprimido ! F:\Esdras\Bandeira_arquivos .scr

Supprimido ! F:\Esdras\Bandeira2_arquivos .scr

Supprimido ! F:\Esdras\Maytreya_arquivos .scr

Supprimido ! F:\Esdras\Belo_arquivos .scr

Supprimido ! F:\Esdras\MS_arquivos .scr

Supprimido ! F:\Esdras\Constantine_arquivos .scr

Supprimido ! F:\Esdras\Nomes_Demons_arquivos .scr

Supprimido ! F:\Esdras\Filmes_arquivos .scr

Supprimido ! F:\Esdras\Indicios_arquivos .scr

Supprimido ! F:\Esdras\Classificação_arquivos .scr

Supprimido ! F:\Esdras\Entrevista_arquivos .scr

Supprimido ! F:\Esdras\Central Gospel - Estudos Bíblicos_arquivos .scr

Supprimido ! F:\Esdras\Adoração - Anjo da guarda existe_arquivos .scr

Supprimido ! F:\Esdras\Adoração - Culto à deusa mãe_arquivos .scr

Supprimido ! F:\Esdras\Adoração - Diferença entre imagem e ídolo - Parte I_arquivos .scr

Supprimido ! F:\Esdras\Adoração - A Mensagem Subliminar na música (I parte)_arquivos .scr

Supprimido ! F:\Esdras\Curso PI Flores Holambra .scr

Supprimido ! F:\Esdras\ArranjosFlorais .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br8.3_arquivos .scr

Supprimido ! F:\Esdras\Tabernaculonet - www_tabernaculonet_com_br1.5_arquivos .scr

Supprimido ! F:\Esdras\Baixa Resolução .scr

Supprimido ! F:\Esdras\IURD-QUE REINO É ESTE_arquivos .scr

Supprimido ! F:\Esdras\IURD_arquivos .scr

Supprimido ! F:\Esdras\PESQUISA HELICONIA .scr

Supprimido ! F:\Esdras\Profecia_Iraque_arquivos .scr

Supprimido ! F:\Esdras\Inquisição_arquivos .scr

Supprimido ! F:\Esdras\Magia_Branca_&_Catolicismo_arquivos .scr

Supprimido ! F:\Esdras\Billy_Graham_arquivos .scr

Supprimido ! F:\Esdras\Catolicismo_Simbolismo_Preto_E_Branco_arquivos .scr

Supprimido ! F:\Esdras\Family_Pictures .scr

Supprimido ! F:\Esdras\Em Fortal_arquivos .scr

Supprimido ! F:\Esdras\Ecologia - Aulas .scr

Supprimido ! F:\Esdras\www.puabrasil.com .scr

Supprimido ! F:\Esdras\Símbolos _Nova_Era_arquivos .scr

Supprimido ! F:\Esdras\FOTOS EXPERIMENTO - EMBRAPA .scr

Supprimido ! F:\Esdras\Testemunho_Ex_Paquito_arquivos .scr

Supprimido ! F:\Esdras\Kmila .scr

Supprimido ! F:\Esdras\27 de Jan-Despedida da Gabi .scr

Supprimido ! F:\Esdras\Fotos da despedida da Gabi .scr

Supprimido ! F:\Esdras\Fotos-Amigo Secreto .scr

Supprimido ! F:\Esdras\MP3 .scr

Supprimido ! F:\Esdras\esdras .scr

Supprimido ! F:\Esdras\ANA CECILIA .scr

Supprimido ! F:\Esdras\Ponte .scr

Supprimido ! F:\Min CEO\Como obter intimidade .scr

Supprimido ! F:\Min CEO\Como identificar um verdadeiro cristão .scr

Supprimido ! F:\_Johnson_ .scr

Supprimido ! F:\zips .scr

Supprimido ! F:\Esdras .scr

Supprimido ! F:\municípios_arquivos .scr

Supprimido ! F:\Neuila .scr

Supprimido ! F:\políticas públicas_arquivos .scr

Supprimido ! F:\Min CEO .scr

Supprimido ! F:\ministério publico_arquivos .scr

Supprimido ! F:\Charlie Brown Jr. - Camisa 10 Joga Bola Até Na Chuva (2009) .scr

Supprimido ! F:\instituto de pesquisa e estratégia economica_arquivos .scr

Supprimido ! F:\Neubejamia .scr

Supprimido ! F:\Programas .scr

Supprimido ! F:\AUDIOBOOK.O.alquimista .scr

Supprimido ! F:\MiniBiblio .scr

Supprimido ! F:\Neubinha .scr

Supprimido ! F:\_Johnson .scr

Supprimido ! F:\_Johnson\Ciceró .scr

Supprimido ! F:\_Johnson\Winavi Video Converter 7.7 .scr

Supprimido ! F:\Revista VIP - Ana Hickmann - Março 2010 .scr

Supprimido ! F:\Dr Lair Ribeiro .scr

Supprimido ! F:\Binaries .scr

Supprimido ! F:\Edu Ardanuy .scr

Supprimido ! F:\My emotions .scr

Supprimido ! F:\Bíblia World Net - Atores de Cristo_arquivos .scr

Supprimido ! F:\StreetChaves .scr

Supprimido ! F:\RODOLFO ABRANTES - 2010 - AO VIVO .scr

Supprimido ! F:\Debates 2010 .scr

Supprimido ! F:\Debate 2010 .scr

Supprimido ! F:\Ed René .scr

Supprimido ! H:\Debates 2009 .scr

Supprimido ! I:\Min. CEO .scr

Supprimido ! I:\Debate Irmaoscom .scr

Supprimido ! I:\Debates 2009 .scr

Supprimido ! I:\Deb. 2009 .scr

 

################## | Registro |

 

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools

Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives

 

################## | Mountpoints2 |

 

 

################## | Listing |

 

[02/10/2009 - 22:01:47 | AH | 39] C:\.picasa.ini

[19/02/2007 - 00:56:18 | A | 6113290] C:\07 - Perdoado.mp3

[12/09/2009 - 22:12:24 | D ] C:\1169e70e494ec216297c

[12/09/2009 - 22:27:18 | N | 22749] C:\12-09-09_2025.jpg

[12/09/2009 - 22:26:44 | N | 30845] C:\12-09-09_2026.jpg

[12/09/2009 - 22:23:00 | N | 40386] C:\12-09-09_2050.jpg

[25/08/2008 - 21:39:36 | D ] C:\327882R2FWJFW

[13/03/2010 - 16:48:05 | D ] C:\32788R22FWJFW

[28/01/2009 - 00:07:23 | A | 984638] C:\412_dicas_xp.zip

[27/07/2008 - 17:24:18 | A | 296] C:\ADILSON SILVA.txt

[27/04/2009 - 23:47:26 | D ] C:\AdmIg

[29/12/2008 - 00:15:46 | A | 362] C:\ALBUNS.txt

[14/05/2009 - 19:46:11 | A | 15042896] C:\Angra toca "Nova Era" em São Paulo - Radar Showlivre.flv

[14/05/2009 - 20:08:56 | A | 12833530] C:\Angra toca "Waiting Silence" em São Paulo - Radar Showlivre.flv

[12/08/2008 - 18:45:00 | A | 2666848] C:\AnyDVD v.6.4.5.9.rar

[18/06/2010 - 18:57:24 | D ] C:\Arquivos de programas

[23/04/2010 - 22:22:37 | D ] C:\Arquivos de Programas RFB

[17/12/2008 - 23:13:12 | A | 27211133] C:\Arquivo_Fenix.pdf

[06/06/2008 - 10:03:38 | A | 0] C:\AUTOEXEC.BAT

[29/07/2008 - 13:32:21 | A | 510] C:\autorun.MSNFix

[26/11/2008 - 15:55:16 | A | 14379] C:\Badboy Lifestyles - Carpe Diem - Legenda_DVD1.rar

[08/05/2010 - 09:32:00 | RASH | 281] C:\boot.ini

[28/10/2001 - 09:06:10 | RASH | 4952] C:\Bootfont.bin

[20/10/2008 - 23:18:20 | D ] C:\Brasfoot2008

[12/06/2010 - 13:41:52 | D ] C:\cc9c4f68ee2f300ab00cbff2dd

[29/12/2008 - 22:20:22 | A | 2369009] C:\Cheatbook 2009.rar

[22/02/2009 - 17:57:26 | A | 1288741] C:\Clipe(3).3gp

[19/09/2008 - 16:49:48 | D ] C:\CloneDVDTemp

[09/02/2009 - 06:17:08 | D ] C:\CloneTemp

[31/07/2008 - 13:49:49 | RASHD ] C:\cmdcons

[05/09/2001 - 22:55:46 | A | 238352] C:\cmldr

[13/03/2010 - 16:27:08 | SD ] C:\ComboFix

[18/02/2010 - 11:42:34 | A | 32948] C:\ComboFix.txt

[12/06/2010 - 20:01:43 | D ] C:\Config.Msi

[06/06/2008 - 10:03:38 | A | 0] C:\CONFIG.SYS

[11/06/2010 - 18:07:00 | D ] C:\d1cc57b52de34df7644a

[30/01/2009 - 23:45:11 | D ] C:\d851c61c87af3ad524

[01/07/2009 - 15:14:34 | A | 5950322] C:\David Quinlan - Faz Chover - by MAV.mp3

[20/06/2008 - 14:26:05 | A | 0] C:\DBS.TXT

[15/04/2010 - 15:22:50 | D ] C:\Declaracoes Gravadas RFB

[01/11/2008 - 10:01:04 | A | 9091] C:\Documento recuperado 1.txt

[11/11/2008 - 08:25:19 | A | 4899] C:\Documento recuperado 2.txt

[11/11/2008 - 09:00:27 | A | 24] C:\Documento recuperado 3.txt

[11/11/2008 - 09:00:30 | A | 4955] C:\Documento recuperado 4.txt

[12/12/2008 - 13:09:03 | A | 888] C:\Documento recuperado 5.txt

[12/12/2008 - 13:09:03 | A | 1965] C:\Documento recuperado 6.txt

[01/11/2008 - 10:01:25 | A | 8965] C:\Documento recuperado.txt

[29/03/2009 - 19:08:22 | D ] C:\Documents and Settings

[18/06/2010 - 18:57:57 | D ] C:\Downloads

[20/02/2009 - 17:26:20 | A | 879367] C:\DSC02421.jpg

[20/02/2009 - 17:26:30 | A | 834427] C:\DSC02422.jpg

[20/02/2009 - 17:26:40 | A | 1312583] C:\DSC02423.jpg

[20/02/2009 - 17:26:50 | A | 2047728] C:\DSC02424.jpg

[20/02/2009 - 17:27:00 | A | 2877124] C:\DSC02425.jpg

[20/02/2009 - 17:27:12 | A | 3206884] C:\DSC02426.jpg

[20/02/2009 - 17:37:38 | A | 814356] C:\DSC02430.jpg

[20/02/2009 - 17:38:34 | A | 146827] C:\DSC02431.jpg

[11/08/2008 - 20:17:46 | A | 840787] C:\DVD DECRYPTER.rar

[21/12/2009 - 12:31:19 | D ] C:\DVDVideoSoft

[19/03/2008 - 16:56:58 | A | 3858985] C:\eMule0.48a-Installer.exe

[17/06/2010 - 21:11:30 | D ] C:\ESDRAS

[29/06/2008 - 22:41:11 | A | 25600] C:\Especies Heliconia CE.doc

[28/01/2009 - 00:51:17 | A | 4895829] C:\evidenceeliminatorv52007.rar

[24/02/2010 - 22:36:21 | A | 67781] C:\formaturasusana.jpg

[06/06/2010 - 16:54:56 | D ] C:\fotos PI

[15/07/2008 - 18:05:51 | A | 5218995] C:\Getdataback.For.Fat.And.Ntfs.3.03.by.Leo_Neiva.rar

[20/02/2009 - 20:47:46 | A | 3846] C:\Grav000.amr

[23/02/2009 - 22:53:44 | A | 168582] C:\Gravando (3).amr

[23/02/2009 - 22:52:00 | A | 42982] C:\Gravando (4).amr

[14/03/2009 - 00:59:24 | A | 8217] C:\hijackthis.log

[17/07/2008 - 14:20:23 | A | 24576] C:\HORARIO.doc

[19/07/2008 - 09:50:47 | A | 2759868] C:\IJF - ENTREVISTA DEDÉ.WMV

[22/08/2009 - 20:08:54 | A | 33192] C:\Imag000.jpg

[22/08/2009 - 20:09:00 | A | 27335] C:\Imag001.jpg

[22/08/2009 - 20:09:10 | A | 21859] C:\Imag002.jpg

[22/08/2009 - 20:10:44 | N | 23501] C:\Imag003.jpg

[12/09/2009 - 20:25:58 | N | 47796] C:\Imag006.jpg

[12/09/2009 - 20:26:16 | N | 44566] C:\Imag007.jpg

[24/04/2008 - 10:28:48 | A | 1495112] C:\install_flash_player.exe

[27/01/2010 - 20:58:52 | D ] C:\Intel

[06/06/2008 - 10:03:38 | RASH | 0] C:\IO.SYS

[30/10/2009 - 21:06:45 | A | 95587] C:\iso 2709.PDF

[24/04/2010 - 16:22:01 | RD ] C:\JOHNSON

[13/05/2009 - 15:51:33 | A | 51394199] C:\karl Weissmann.rar

[13/05/2009 - 16:43:40 | A | 40274543] C:\karl Weissmann2.rar

[18/02/2009 - 19:55:42 | D ] C:\KAV Key

[29/10/2009 - 19:28:12 | A | 2312421] C:\lei 1081.PDF

[29/10/2009 - 19:22:57 | A | 301983] C:\lei organica caucaia.PDF

[09/11/2008 - 16:36:40 | D ] C:\LinhaDefensiva

[06/04/2010 - 01:00:24 | A | 268188] C:\LinhaDefensiva.zip

[29/07/2008 - 19:57:21 | A | 30010] C:\log2.txt

[26/06/2008 - 23:23:14 | A | 1115543] C:\Manual_do_Nero_Burning_Rom_8_Ptb.PDF

[22/03/2009 - 14:01:54 | A | 3603] C:\MOV03618.THM

[22/03/2009 - 14:07:24 | A | 3250] C:\MOV03619.THM

[06/06/2008 - 10:03:38 | RASH | 0] C:\MSDOS.SYS

[08/04/2010 - 18:20:09 | A | 1234] C:\MSN Virus Removal Log 8_4_2010 18_20_9.txt

[26/09/2009 - 13:25:27 | D ] C:\MSNFix

[29/07/2008 - 14:39:09 | A | 447421] C:\MSNFix.zip

[27/06/2008 - 20:42:39 | RD ] C:\MSOCache

[02/10/2009 - 15:47:53 | D ] C:\My Music

[17/12/2008 - 18:49:22 | D ] C:\Ner09_KM

[13/10/2008 - 22:56:53 | D ] C:\Nero.9.0.9.4b.Trial.Patch.Under.SEH

[03/08/2004 - 22:38:34 | RASH | 47564] C:\NTDETECT.COM

[15/10/2008 - 17:33:48 | RASH | 251696] C:\ntldr

[22/12/2008 - 13:33:36 | A | 2188592] C:\OrbitDownloaderSetup.exe

[26/09/2008 - 14:12:10 | A | 2306336] C:\OrbitSetup_276.exe

[05/12/2009 - 21:41:25 | D ] C:\output

[18/06/2010 - 18:08:19 | ASH | 4141875200] C:\pagefile.sys

[18/06/2010 - 18:57:57 | D ] C:\Pen drive

[06/06/2010 - 16:58:55 | AH | 82944] C:\photothumb.db

[02/07/2009 - 23:50:06 | A | 8524288] C:\PIBIC Apresentação.ppt

[23/03/2009 - 15:12:56 | A | 152576] C:\Planilha das Heliconias.xls

[09/12/2008 - 23:52:40 | A | 71723324] C:\Playlist PUABRASIL.rar

[27/01/2009 - 23:52:13 | A | 203426] C:\PowerDVD

[10/03/2010 - 16:09:20 | D ] C:\Program Files

[01/02/2010 - 21:23:32 | D ] C:\Programas

[19/03/2009 - 18:34:04 | D ] C:\PSFONTS

[13/03/2010 - 16:20:58 | D ] C:\Qoobox

[01/01/2007 - 00:16:34 | A | 5120] C:\REC001.ACT

[01/08/2009 - 21:01:16 | A | 73484] C:\REC001.wav

[18/06/2010 - 18:58:23 | SHD ] C:\RECYCLER

[27/06/2008 - 19:19:37 | A | 874] C:\Registro do Nero Ultra Edition 8-3-2-1 PT-BR.zip

[06/06/2006 - 17:14:56 | A | 4172098] C:\Revista Brasileira de Horticultura Ornamental 2.pdf

[07/12/2006 - 12:42:42 | A | 10611690] C:\Revista Brasileira de Horticultura Ornamental.pdf

[29/12/2007 - 12:53:42 | A | 3538258] C:\revista Revista Brasileira de Horticultura Ornamental 3.pdf

[12/02/2009 - 13:51:42 | A | 7256421] C:\revista Revista Brasileira de Horticultura Ornamental 4.pdf

[14/05/2008 - 13:45:16 | A | 1947808] C:\revista Revista Brasileira de Horticultura Ornamental 5.pdf

[06/06/2007 - 21:32:26 | A | 8552547] C:\revista Revista Brasileira de Horticultura Ornamental.pdf

[28/01/2009 - 00:19:30 | A | 4181075] C:\Serials+2000+8.1+SR-2.rar

[27/04/2009 - 15:33:16 | A | 12415701] C:\setup.zip

[20/06/2008 - 15:17:29 | A | 6361100] C:\Setup_FreeConverter.exe

[05/01/2009 - 23:09:22 | D ] C:\SoundConvert

[29/08/2008 - 17:32:23 | AH | 232] C:\sqmdata00.sqm

[18/04/2009 - 13:34:10 | AH | 268] C:\sqmdata01.sqm

[25/09/2009 - 17:33:37 | AH | 268] C:\sqmdata02.sqm

[29/08/2008 - 17:32:23 | AH | 244] C:\sqmnoopt00.sqm

[18/04/2009 - 13:34:10 | AH | 244] C:\sqmnoopt01.sqm

[25/09/2009 - 17:33:37 | AH | 244] C:\sqmnoopt02.sqm

[18/09/2009 - 21:27:48 | SHD ] C:\System Volume Information

[17/06/2010 - 21:37:11 | A | 4042] C:\TB.txt

[15/09/2009 - 12:54:54 | D ] C:\Temp

[26/02/2010 - 10:16:21 | ASH | 77312] C:\Thumbs.db

[16/06/2010 - 22:55:23 | D ] C:\Toll Bar

[17/06/2010 - 21:37:11 | D ] C:\ToolBar SD

[16/04/2009 - 19:21:08 | A | 343017] C:\ToolBarSD.exe

[08/06/2009 - 10:04:28 | A | 645959] C:\U2 - Zoo Tv Live From Sidney (FRONT).jpg

[29/07/2008 - 15:00:15 | A | 14268103] C:\Upload_Me.zip

[18/06/2010 - 18:58:24 | D ] C:\UsbFix

[18/06/2010 - 18:58:36 | A | 43428] C:\UsbFix.txt

[27/06/2008 - 19:31:38 | A | 2039] C:\VALIDAÇÃO WINDOWS.txt

[20/09/2008 - 11:02:08 | A | 5558234] C:\Vídeo001.3gp

[20/02/2009 - 15:13:24 | A | 1089039] C:\Vídeo018.3gp

[10/03/2010 - 16:16:17 | D ] C:\Wav-2-Midi

[18/06/2010 - 18:58:05 | AD ] C:\WINDOWS

[28/01/2009 - 01:13:55 | A | 61737440] C:\World_Wind_1.3.5_Full.exe

[30/10/2009 - 18:46:26 | A | 53606] C:\z.39.50.PDF

[18/06/2010 - 18:03:07 | D ] C:\_OTL

[20/07/2008 - 14:15:37 | A | 5872584] E:\ Westlife - You Raise Me Up.mp3

[21/08/2008 - 21:08:58 | A | 1314144] E:\(ebooks - portugues)_6831 - FILOSOFIA DA CIÊNCIA - Introdução ao jogo e sua regras - RUBEM ALVES.pdf

[20/07/2008 - 14:21:37 | A | 6944896] E:\- - - - Rihanna - Don't Stop The Music.mp3

[09/03/2009 - 21:38:42 | A | 3499795] E:\02 - Krystal Meyers - My Savior.mp3

[22/02/2006 - 22:32:04 | A | 58336] E:\060222_233201.jpg

[22/02/2006 - 22:32:18 | A | 36037] E:\060222_233215.jpg

[23/02/2006 - 13:25:14 | A | 42409] E:\060223_142511.jpg

[23/02/2006 - 13:25:40 | A | 35173] E:\060223_142536.jpg

[23/03/2009 - 20:02:50 | A | 449802] E:\1.swf

[18/02/2009 - 21:49:34 | A | 43062] E:\10_21_37_44.rar

[18/09/2008 - 20:07:57 | A | 3088755] E:\123.DVD.Clone.v2.2..with.crack.rar

[09/03/2009 - 21:28:39 | A | 2176251] E:\17IVCONGRESSOLATINOAMERICANODEPNL.zip

[07/01/2009 - 13:28:58 | A | 92209] E:\480-640.zip

[19/11/2008 - 09:34:36 | A | 268414] E:\5571natal.jpg

[13/05/2009 - 19:55:40 | HD ] E:\95183acdd2f04f9f559bdaf007d9

[25/01/2008 - 12:19:47 | HD ] E:\AACR2R (D)

[08/02/2009 - 14:12:24 | A | 27488] E:\acdc-back-in-black.gp3

[19/03/2009 - 18:31:24 | A | 26739584] E:\AdbeRdr910_en_US.exe

[02/03/2009 - 17:55:30 | A | 548379] E:\AF_Ctz_40dias_4ed(2).zip

[16/10/2009 - 17:51:37 | HD ] E:\Angels and Demons Revealed

[13/04/2009 - 23:38:30 | A | 22663087] E:\Angra - live in piaui pop 2005 - carolina IV.flv

[13/04/2009 - 23:32:21 | A | 19907281] E:\Angra - Never Understand.flv

[13/04/2009 - 23:53:36 | A | 3211264] E:\Angra - The Temple Of Hate Live 2004.flv

[22/02/2009 - 13:45:37 | A | 71382] E:\Antonio Carlos F Menezes - Bases para um ministerio vivo.doc.zip

[18/04/2010 - 14:01:42 | HD ] E:\Anturio - Acessos (18.12.2008)

[19/03/2009 - 21:54:03 | HD ] E:\Arquivos de programas

[22/12/2008 - 19:23:47 | A | 51404] E:\ATgAAABQEwJvPbR0sNCUt3Ak8BZjs_tN8lZyxmYY3X0QAjnYYEq0TlnTV_bpsVL7vcElcs2tYyvaXqI9SbZv_nHMYKpIAJtU9VBnYNS-Ezpu285e0AkqdwZWWyxG8Q.jpg

[14/02/2009 - 23:01:51 | A | 26935682] E:\AULA solo guitarra - Improvisacao iniciante em Pentatonica.avi

[08/05/2005 - 00:41:58 | A | 0] E:\AUTOEXEC.BAT

[16/07/2005 - 12:05:05 | HD ] E:\BIBLIAW2

[16/03/2009 - 09:53:23 | A | 156672] E:\BIBLIOLOGIA.doc

[12/05/2005 - 00:33:55 | A | 34] E:\BIOSINFO.INI

[12/05/2005 - 00:33:55 | A | 35] E:\BIOSVIEW.INI

[31/12/1999 - 23:02:38 | SH | 211] E:\boot.ini

[24/10/2004 - 12:19:40 | RASH | 4952] E:\Bootfont.bin

[06/03/2009 - 19:17:17 | A | 50989162] E:\C Mel Tempo de Ser Crianca by Milagres Mp3 Gospel.rar

[25/03/2009 - 20:34:22 | A | 31744] E:\capa.doc

[20/03/2009 - 21:03:36 | A | 23732] E:\Charlie_Brown_Jr.4240388.TPB.torrent

[07/08/2007 - 01:04:00 | A | 6046516] E:\chikinha aniversário.AVI

[18/09/2008 - 20:25:15 | A | 5205020] E:\Clone DVD2 v 2.8.5.1 + Crack.rar

[06/01/2009 - 17:27:18 | HD ] E:\CloneDVDTemp

[02/03/2009 - 18:38:10 | HD ] E:\CloneTemp

[08/05/2005 - 00:41:58 | A | 0] E:\CONFIG.SYS

[19/11/2008 - 21:34:26 | A | 2004003] E:\datarec.zip

[20/03/2009 - 21:01:47 | A | 0] E:\Discografia 2007 Charlie Brown Jr [-bittorrentshare.com-].torrent

[01/01/2000 - 00:39:39 | HD ] E:\Documents and Settings

[18/04/2010 - 15:16:29 | HD ] E:\Doug

[31/05/2009 - 09:12:56 | HD ] E:\Download

[12/04/2009 - 14:45:05 | HD ] E:\Downloads

[14/03/2009 - 23:21:09 | A | 90900] E:\Dream Theater - Dark Side Of The Moon (DVD) [mininova].torrent

[08/02/2009 - 13:19:00 | A | 53324] E:\dream-theater-walk-beside-you.gp4

[18/01/2008 - 03:47:49 | A | 3] E:\dxva_sig.txt

[06/03/2009 - 11:37:40 | A | 5163096] E:\E morì con un felafel in mano - Always On My Mind.mp3

[22/03/2009 - 15:16:10 | A | 4151486] E:\eg.akc.0001.zip

[22/03/2009 - 15:00:50 | A | 2621420] E:\eg.fd.0001.zip

[22/03/2009 - 14:53:04 | A | 95294] E:\eg.jw.0001.zip

[19/03/2009 - 22:06:18 | HD ] E:\Emuladores

[20/01/2008 - 14:27:05 | A | 56630] E:\erebd 1.jpg

[21/01/2008 - 01:07:49 | A | 55889] E:\erebd.jpg

[20/01/2008 - 13:46:43 | A | 35745] E:\erebd2008.jpg

[15/03/2009 - 13:45:31 | A | 54690] E:\euperfil.bmp

[15/03/2009 - 13:46:16 | A | 3472] E:\euperfil.JPG

[26/06/2008 - 22:41:31 | A | 210887] E:\Extensões adicione novas funcionalidades.mht

[09/03/2009 - 21:55:43 | A | 18907] E:\Extratorrent com National Geographic - Segredos da Biblia - Desvendando o Código DaVinci.torrent

[09/03/2009 - 21:56:19 | A | 18717] E:\Extratorrent com National Geographic - Segredos da Biblia - Evangelho de Judas.torrent

[09/03/2009 - 21:55:42 | A | 11839] E:\Extratorrent com National Geographic - Segredos da Biblia - O Livro do Apocalipse.torrent

[27/08/2005 - 12:29:30 | A | 856] E:\flashplayer.xpt

[18/11/2008 - 17:29:14 | A | 11173] E:\Folder_2.jpg

[18/04/2010 - 14:02:24 | HD ] E:\Forragem

[25/09/2009 - 17:23:10 | HD ] E:\FOTOS

[11/03/2010 - 16:04:09 | HD ] E:\fotos retiro 2010

[22/02/2009 - 13:36:58 | A | 217637] E:\gary chapman - as cinco linguagens do amor (doc).rar

[08/02/2010 - 16:43:11 | HD ] E:\Gospel

[31/12/1999 - 23:01:32 | ASH | 192466944] E:\hiberfil.sys

[25/03/2009 - 20:34:25 | A | 550912] E:\Hibridação em Cevada.doc

[06/11/2007 - 18:04:23 | A | 5069211] E:\histoiras_Objetivas_Evangel.pdf

[16/03/2009 - 09:16:59 | A | 483705] E:\historia_das_missoes.zip

[27/03/2009 - 15:42:48 | HD ] E:\Instalador do Adobe Reader 9

[21/03/2009 - 11:07:36 | A | 9364426] E:\Instalar_L0109.zip

[18/01/2009 - 14:41:07 | A | 29184] E:\INT.doc

[08/05/2005 - 00:41:58 | RASH | 0] E:\IO.SYS

[31/12/1999 - 23:09:39 | A | 38] E:\iprat_2.txt

[24/03/2010 - 21:06:08 | HD ] E:\Jorge Vercilo - Trem da Minha Vida (Áudio do DVD)

[26/10/2009 - 19:58:04 | A | 733503488] E:\Jorge.Vercilo.-.Ao.Vivo.Dvd-Rip.by.Kah.avi

[22/02/2009 - 13:50:46 | A | 153551] E:\Josue Goncalves - Introducao ao Aconselhamento de Casais.pdf.zip

[02/03/2009 - 16:41:04 | A | 2659560] E:\JOSÉ.rar

[14/03/2009 - 01:25:32 | A | 101994] E:\K 4V_2009_k3 ys_(testadas_08.03.2009).rar

[20/03/2008 - 18:26:25 | A | 698] E:\leiame.txt

[23/03/2009 - 12:10:27 | A | 50621] E:\LIDER.zip

[18/04/2010 - 15:17:57 | HD ] E:\Livro de Flores Tropicais

[18/04/2010 - 13:19:13 | HD ] E:\Livros

[27/03/2009 - 15:46:38 | HD ] E:\Material de Apoio

[18/04/2010 - 15:18:29 | HD ] E:\Material de aula Forragem

[18/04/2010 - 14:02:21 | HD ] E:\MELHORAMENTO ANIMAL

[02/12/2008 - 14:22:52 | A | 835355] E:\Merry_Christmas_by_yethzart copy.jpg

[18/06/2010 - 18:58:06 | HD ] E:\Min. CEO

[07/05/2010 - 17:48:57 | HD ] E:\Moscow 2009

[07/10/2008 - 16:30:54 | A | 818176] E:\Motore ad iniezione a ciclo Diesel a 4 tempi.doc

[02/02/2009 - 19:23:18 | A | 42204592] E:\MOV02420.avi

[22/03/2009 - 14:01:54 | A | 1319904] E:\MOV03618.AVI

[22/03/2009 - 14:07:24 | A | 115558906] E:\MOV03619.AVI

[18/06/2010 - 18:58:08 | HD ] E:\MP3

[08/05/2005 - 00:41:58 | RASH | 0] E:\MSDOS.SYS

[13/05/2005 - 00:47:11 | HD ] E:\MSOCache

[01/03/2006 - 23:59:14 | HD ] E:\MyAlbum

[20/01/2009 - 17:54:07 | A | 245596] E:\NER2D3.tmp

[06/01/2010 - 17:38:54 | HD ] E:\Nero 9.0 Completo (com ativação correta) pt-br

[07/08/2008 - 16:52:49 | HD ] E:\neuba fotos

[19/02/2009 - 13:21:50 | HD ] E:\Nightwish

[03/08/2004 - 22:38:34 | RASH | 47564] E:\NTDETECT.COM

[03/08/2004 - 22:59:34 | RASH | 251168] E:\ntldr

[01/02/2009 - 13:06:53 | A | 4449] E:\oficina-g3-gloria-73090528(2).gp4

[01/02/2009 - 13:04:37 | A | 4449] E:\oficina-g3-gloria-73090528.gp4

[01/02/2009 - 13:08:00 | A | 4664] E:\oficina-g3-gloria.gp5

[23/03/2009 - 12:10:38 | A | 41994] E:\PARTICIPANTES.zip

[21/02/2009 - 17:09:03 | A | 17918407] E:\Pegadinha Mução - Caio Bicha_1

[28/12/2008 - 12:45:47 | A | 3441] E:\perfeito amor tab.txt

[12/03/2009 - 13:34:41 | A | 18886621] E:\photoperfect.rar

[04/07/2009 - 10:07:49 | AH | 69632] E:\photothumb.db

[31/01/2009 - 17:43:20 | A | 58324074] E:\pnl edim.avi

[11/03/2009 - 14:49:12 | A | 7880736] E:\Portable+ZeallSoft+FunPhotor+2008+v10.15+Portable+Brasil+(www.portablebrasil.net).rar

[01/01/2000 - 03:14:03 | HD ] E:\program files

[18/06/2010 - 18:58:23 | SHD ] E:\RECYCLER

[01/10/2005 - 05:59:32 | A | 17709] E:\relatório carta ACS- Caucaia.rtf

[01/10/2005 - 06:01:00 | A | 11107] E:\relatório carta ACS.rtf

[01/01/2000 - 01:39:20 | A | 37503] E:\relatório final-SGA.rtf

[23/03/2009 - 20:02:47 | A | 121856] E:\RESOLVIMECFLU3.doc

[03/12/2009 - 22:48:22 | A | 41740923] E:\Revista SM - novembro 2009 2.rar

[23/07/2008 - 13:27:54 | A | 41] E:\ripa.txt

[23/09/2008 - 19:56:29 | A | 9432222] E:\S6300784.avi

[13/02/2009 - 18:50:39 | A | 84318472] E:\Samson_ Zoom and Hartke Winter NAMM 2009 highlights video_.avi

[05/02/2009 - 23:10:47 | A | 32] E:\senha.txt

[14/03/2009 - 01:50:37 | A | 162116] E:\serial eset smart security.rar

[01/03/2009 - 19:01:26 | A | 184079057] E:\Shaaman - Show De Estréia (Via Funchal - 2001).asx

[11/05/2009 - 13:55:52 | A | 56443821] E:\Show do Angra.rar

[03/03/2009 - 23:08:49 | AD ] E:\Socorro gouveia

[22/02/2009 - 14:25:25 | A | 219229] E:\SP0379.zip

[22/02/2009 - 14:13:33 | A | 130752] E:\SP0395.zip

[06/08/2009 - 17:12:45 | SHD ] E:\System Volume Information

[03/03/2009 - 23:08:49 | AD ] E:\Tasso

[03/10/2009 - 22:22:13 | ASH | 302592] E:\Thumbs.db

[22/11/2008 - 16:36:27 | A | 114197639] E:\TVCorsario191_22-11-2008.wmv

[12/04/2009 - 23:09:17 | A | 8033600] E:\U2 Natal - I Believe In Father Christmas - Legendado.flv

[12/04/2008 - 19:40:54 | HD ] E:\Van Halen - Video Hits, Vol.1 1996 DVDRIP

[17/01/2008 - 22:05:41 | HD ] E:\VDS 2

[24/04/2010 - 21:04:48 | HD ] E:\Videira

[07/03/2009 - 17:49:03 | A | 131072] E:\Viscosidade.doc

[26/12/2008 - 18:19:43 | HD ] E:\WINDOWS

[29/07/2002 - 12:27:58 | A | 92157] E:\[00-00] Live At Donnington (Frente).jpg

[18/05/2009 - 13:31:42 | A | 3954225] E:\[GUITAR] Kee Marcello REH Tab Booklet.pdf

[12/03/2009 - 20:20:32 | A | 17630] E:\[isoHunt] Skid.Row.LiMiTED.DVDRip.XviD-PreVail.torrent

[09/03/2009 - 21:55:51 | A | 19480] E:\[MONOVA.ORG] National Geographic - Segredos da Biblia- Cavaleiros Templrios.torrent

[11/03/2009 - 14:48:51 | A | 3263721] E:\_Revista

[04/03/2009 - 18:18:23 | AH | 162] E:\~$lhoram. Resumo.doc

[16/02/2008 - 17:58:28 | HD ] E:\Álbum Desconhecido (7-11-2007 16-00-56)

[01/01/2000 - 01:02:28 | A | 82944] F:\Políticas públicas 1.doc

[01/01/2000 - 00:01:40 | HD ] F:\_Johnson_

[01/05/2005 - 16:17:54 | SHD ] F:\System Volume Information

[26/01/2008 - 20:21:44 | HD ] F:\zips

[01/11/2008 - 17:27:52 | HD ] F:\Esdras

[01/05/2005 - 16:38:00 | HD ] F:\municípios_arquivos

[10/02/2006 - 10:39:06 | HD ] F:\Neuila

[01/05/2005 - 16:38:04 | HD ] F:\políticas públicas_arquivos

[01/01/2000 - 04:58:52 | A | 28672] F:\curriclum pedagogo.doc

[14/07/2004 - 15:21:54 | A | 2335] F:\bid_colp.GIF

[03/10/2004 - 14:11:50 | A | 1097096] F:\DIGI0002.AVI

[01/01/2000 - 00:51:16 | A | 130560] F:\Gestão democrática da cidade.doc

[01/01/2000 - 01:44:30 | A | 55428] F:\municípios.htm

[01/01/2000 - 01:43:00 | A | 244224] F:\municípios 2.doc

[01/01/2000 - 00:51:10 | A | 267776] F:\planejamento.doc

[01/01/2000 - 03:02:42 | A | 75776] F:\planejamento 1.doc

[01/01/2000 - 03:26:32 | A | 39772] F:\políticas públicas.htm

[23/09/2009 - 15:57:58 | HD ] F:\Charlie Brown Jr. - Camisa 10 Joga Bola Até Na Chuva (2009)

[01/01/2000 - 01:36:08 | A | 42496] F:\o mundo da saúde[1].doc

[01/01/2000 - 00:53:16 | HD ] F:\ministério publico_arquivos

[01/01/2000 - 00:53:32 | HD ] F:\instituto de pesquisa e estratégia economica_arquivos

[01/01/2000 - 00:53:34 | A | 131485] F:\instituto de pesquisa e estratégia economica.htm

[15/05/2007 - 15:29:54 | HD ] F:\Neubejamia

[04/05/2005 - 13:31:02 | SHD ] F:\Recycled

[01/01/2000 - 00:53:40 | A | 135072] F:\ministério publico.htm

[08/05/2005 - 01:24:48 | HD ] F:\Programas

[06/02/2008 - 13:12:46 | AH | 7287268] F:\vagner love (completo).avi

[07/03/2010 - 23:24:08 | HD ] F:\Revista VIP - Ana Hickmann - Março 2010

[02/06/2010 - 19:51:18 | HD ] F:\Min CEO

[07/03/2010 - 23:25:02 | HD ] F:\AUDIOBOOK.O.alquimista

[06/11/2005 - 14:12:54 | HD ] F:\MiniBiblio

[24/02/2010 - 13:40:06 | A | 14389789] F:\SITV_v9.0_PE.rar

[15/05/2007 - 15:29:56 | HD ] F:\Neubinha

[24/08/2003 - 12:01:28 | A | 571] F:\juninho1_versus_normal.mid

[18/02/2010 - 22:02:16 | A | 40559966] F:\1982-11-30 - San Francisco, CA amondisk.blogspot.com.rar

[18/04/2010 - 13:16:54 | HD ] F:\Dr Lair Ribeiro

[11/02/2010 - 10:14:38 | A | 89320150] F:\PG 2010 - A Conquista - By Livre Música Gospel.zip

[15/04/2006 - 00:37:44 | A | 46592] F:\Stryper-Soldiers.doc

[28/04/2007 - 16:27:26 | A | 43520] F:\Hinos_Mãe_Hora de Vencer.doc

[17/03/2008 - 20:00:26 | HD ] F:\Edu Ardanuy

[04/06/2005 - 01:23:00 | HD ] F:\My emotions

[08/08/2006 - 17:55:00 | A | 20903367] F:\atlantis_game.exe

[29/06/2008 - 12:34:58 | A | 128443] F:\SS e RP.pdf

[27/09/2007 - 12:49:08 | A | 80000000] F:\96_ggovan_creative1cutedge[1].part1.rar

[10/04/2009 - 13:46:10 | A | 223002] F:\paginainfantil.jpg

[06/06/2010 - 16:59:02 | AH | 8192] F:\photothumb.db

[15/04/2010 - 11:07:06 | AH | 22777909] F:\Czech_Teacher_Miroslava_Prillerova.flv

[24/07/2008 - 19:06:14 | A | 44544] F:\Porque não precisamos de um Livre Arbítrio.doc

[03/03/2010 - 09:23:50 | A | 391827912] F:\awerfv12.www.therebels.biz.by.siri.avi

[01/01/2000 - 00:21:10 | HD ] F:\Bíblia World Net - Atores de Cristo_arquivos

[01/01/2000 - 00:21:12 | A | 24384] F:\Bíblia World Net - Atores de Cristo.htm

[01/01/2000 - 00:05:56 | HD ] F:\StreetChaves

[08/04/2010 - 15:44:18 | ASH | 721966] F:\Thumbs.db

[10/07/2005 - 02:44:56 | HD ] F:\_Johnson

[06/04/2010 - 01:59:18 | A | 19687] F:\[FLAC]_Guns_N_____Roses_-_Appetite_For_Destruction.htm

[17/07/2005 - 23:37:20 | HD ] F:\Binaries

[18/02/2010 - 21:55:56 | A | 27509764] F:\Bay_Area_Thrashers_amondisk.blogspot.com.rar

[10/02/2010 - 18:14:42 | A | 81515032] F:\Curso+Office+2007+by+Roby.rar

[28/01/2009 - 00:12:12 | A | 9396413] F:\Livro.Proibido.do.Curso.de.Hacker.PDF.por.Marco.Aurelio.Thompson.by.tonyroger.rar

[13/05/2009 - 18:01:56 | A | 50668470] F:\Ajuda-te+pela+nova+auto-hipnose(DR.+Paul+T.+Adams).rar

[06/04/2010 - 12:15:32 | HD ] F:\RODOLFO ABRANTES - 2010 - AO VIVO

[20/03/2009 - 20:14:24 | A | 19533443] F:\Plant_Physiology_Taiz_Zeiger_3Ed.rar

[07/04/2010 - 23:54:46 | A | 2488097] F:\cha babby cegonha3.psd

[07/04/2010 - 23:43:28 | A | 174479] F:\cha baby projeto.psd

[07/04/2010 - 23:56:10 | A | 25532] F:\cha baby projeto cópia.jpg

[11/06/2010 - 17:46:08 | HD ] F:\Debate 2010

[11/06/2010 - 17:48:38 | HD ] F:\Ed René

[11/06/2010 - 13:27:58 | A | 104697460] F:\85 Power Points.zip

[11/06/2010 - 13:27:10 | A | 102745107] F:\75 Power Points.zip

[11/06/2010 - 13:23:02 | A | 96902317] F:\600 Power Point.zip

[23/04/2008 - 18:44:40 | R | 114688] G:\AutoRun.exe

[24/07/2008 - 18:35:24 | R | 45] G:\AUTORUN.INF

[23/04/2008 - 18:44:40 | R | 114688] G:\DataCard_Setup.exe

[23/04/2008 - 18:44:50 | R | 152576] G:\DataCard_Setup64.exe

[19/02/2008 - 18:16:48 | R | 7168] G:\ResetDevice.exe

[25/09/2007 - 09:04:52 | R | 9662] G:\Startup.ico

[11/09/2008 - 06:33:06 | R | 2102] G:\SysConfig.dat

[13/09/2008 - 00:26:00 | RD ] G:\TIM Web Banda Larga

[10/05/2010 - 16:38:38 | A | 661468] H:\pedra sem fundo.JPG

[02/04/2008 - 04:36:52 | A | 2138624] H:\OrbitDownloaderSetup.exe

[17/06/2010 - 09:29:10 | HD ] H:\Debates 2009

[18/06/2010 - 14:44:48 | HD ] H:\Deb 2009

[22/04/2009 - 16:15:32 | HD ] H:\Neuila

[24/05/2009 - 17:59:26 | A | 296] H:\WMPInfo.xml

[21/05/2010 - 12:12:30 | A | 258814] H:\013.JPG

[04/06/2010 - 09:14:24 | A | 79208] H:\Minha-Montagem---www-MoldurasGratis-com.jpg

[23/09/2008 - 18:01:34 | A | 93184] H:\Roteiro do Musical Missionário _ Eu Vou.doc

[04/06/2010 - 09:17:46 | A | 61086] H:\Minha-Montagem---www-MoldurasGratis-com1.jpg

[04/06/2010 - 13:01:58 | A | 75035] H:\Minha-Montagem.jpg

[10/05/2010 - 16:38:46 | A | 76411] H:\logo DIP Roxo.JPG

[10/05/2010 - 16:38:54 | A | 83435] H:\logo DIP PB.JPG

[10/05/2010 - 16:39:00 | A | 81715] H:\logo DIP PB 2.JPG

[10/05/2010 - 16:39:16 | A | 502157] H:\logo completo PA.JPG

[17/05/2010 - 12:48:56 | A | 47616] H:\arqestudos_1160588110.doc

[17/05/2010 - 17:26:44 | A | 317440] H:\programa%20de%20EBF%2CNavegando%20na%20Arca%20com%20No%C3%A9[1].doc

[21/05/2010 - 12:01:02 | A | 146055] H:\baby-menina-rosa.jpg

[30/09/2009 - 09:55:22 | HD ] H:\roupas e moda

[03/02/2010 - 15:18:10 | A | 2604925] H:\ebf_missoes.zip

[14/01/2010 - 19:52:56 | A | 3100] H:\BOOTEX.LOG

[22/05/2009 - 18:10:46 | A | 106429] H:\la vem chuva.jpg

[27/05/2009 - 22:59:54 | RSHD ] H:\RECYCLER

[14/06/2009 - 18:22:54 | D ] H:\autorun.inf

[21/08/2009 - 16:57:22 | RA | 839890] H:\DSC03706.JPG

[21/08/2009 - 16:56:24 | RA | 77309] H:\Cópia de DSC03705.JPG

[29/01/2010 - 15:49:56 | HD ] H:\ebd

[16/12/2009 - 10:49:36 | HD ] H:\monteiro lobato

[01/02/2010 - 17:24:58 | A | 350208] H:\figurinhas com imagens.doc

[03/02/2010 - 13:16:22 | A | 185344] H:\Ficha de Matrícula.doc

[17/09/2009 - 14:58:40 | A | 39399] H:\cozinha coral fogo violeta 42RB 14 320.JPG

[30/09/2009 - 18:37:58 | A | 1182188] H:\edital_consolidado_concurso_prefeitura_caucaia.pdf

[22/09/2009 - 11:07:46 | A | 22865] H:\Cópia de cartão de agradecimento.jpeg

[01/02/2010 - 14:55:36 | A | 272896] H:\crachá.doc

[15/10/2009 - 17:46:42 | HD ] H:\chá de panela

[21/10/2009 - 17:06:32 | A | 28160] H:\RELAÇÃO DOS LIVROS ENVIADOS À BIBLIOTECA MONTEIRO LOBATO.doc

[24/09/2009 - 10:01:26 | HD ] H:\kit p banheiro em crochê

[09/11/2009 - 11:53:38 | A | 25088] H:\RELAÇÃO DOS LIVROS ENVIADOS À BIBLIOTECA DO MONTEIRO LOBATO.doc

[21/10/2009 - 17:05:26 | A | 62976] H:\relação Dr Antonio.doc

[11/01/2010 - 10:22:06 | A | 22528] H:\Repensando a Escola Bíblica Dominical e seus métodos de crescimento.doc

[10/02/2010 - 13:37:54 | A | 68608] H:\Orcamento fotos.doc

[02/04/2010 - 16:25:34 | HD ] H:\fotos

[27/04/2010 - 12:01:56 | A | 30208] H:\CURRICULUM VITAEcharles.doc

[05/05/2010 - 14:24:24 | HD ] H:\CETREDE

[16/06/2010 - 12:33:38 | HD ] I:\Min. CEO

[17/06/2010 - 09:19:46 | HD ] I:\Debate Irmaoscom

[16/06/2010 - 12:30:24 | A | 1544] I:\BOOTEX.LOG

[17/06/2010 - 09:26:16 | HD ] I:\Debates 2009

[18/06/2010 - 14:33:32 | HD ] I:\Deb. 2009

[14/06/2009 - 18:22:56 | D ] I:\autorun.inf

[31/05/2009 - 15:29:04 | RSHD ] I:\RECYCLER

[28/05/2010 - 09:56:06 | RSHD ] I:\driver

[20/07/2009 - 19:04:44 | RSHD ] I:\RESTORE

[13/12/2009 - 03:51:30 | RSHD ] I:\Gardi

[08/06/2010 - 13:35:36 | RSHD ] I:\trazim_previse

 

################## | Vaccin |

 

C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

E:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

H:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

I:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX)

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

http://chiquitine.changelog.fr/Sample/Upload.php

Obrigado pela sua contribuição.

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! esdrasyave

 

################## | Upload |

 

Favor enviar o arquivo: C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

http://chiquitine.ch...mple/Upload.php

Obrigado pela sua contribuição.

<!> Ps: Contribua,com os desenvolvedores,enviando o arquivo em destaque.

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < PureRa15Binary.zip > ( ...by Paul McLain & Fred de Vries )

 

<!> Link - 2 < purera.png >

 

<@> Salve-o no desktop! <-- Tire-o do zip!

<@> Execute: PureRa.exe --> Clique em Clean.

<@> Marque a opção: "Check All"

 

< 31234.jpg >

 

<@> Clique no botão Clean Selected --> Aguarde!

<@> Terminando ( Finished ),clique em Exit.

<@> Poste o relatório: PureRa.txt <--

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < JavaRa >

<@> Tire-o do zip!

<@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates.

<@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search.

<@> Se estiver atualizado,receberá um aviso confirmando a última versão.

<@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada.

<@> Clique no botão "Remove Older Versions" --> Aguarde!

<@> Poste: HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá brother..desculpa nao ter enviado ainda o arquivo, não tinha percebido q era pra enviar algo..mas ainda estou enviando, a minha net é lenta e se n der problema ainda hj efetuo o envio.

Mas ai está o log dos procedimentos.. Obrigado!

 

RaProducts' PureRa v1.5

Log created at 12:12 on 19/06/2010 (lan-04)

 

C:\Config.MSI emptied.

C:\WINDOWS\system32\FNTCACHE.DAT <- Successfully deleted.

Recycle bin emptied.

C:\WINDOWS\SoftwareDistribution\DataStore\Logs emptied.

C:\WINDOWS\SoftwareDistribution\Download emptied.

C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default emptied.

C:\WINDOWS\SoftwareDistribution\WuRedir emptied.

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log <- O arquivo já está sendo usado por outro processo.

C:\DOCUME~1\lan-04\CONFIG~1\Temp emptied.

C:\WINDOWS\TEMP emptied.

C:\WINDOWS\$MSI31Uninstall_KB893803v2$ <- Successfully deleted.

C:\WINDOWS\$NtServicePackUninstall$ <- Successfully deleted.

C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ <- Successfully deleted.

C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB873339$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB885836$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB886185$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB887472$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB888111WXPSP2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB888302$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB890046$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB890859$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB891781$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB893756$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB894391$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896358$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896423$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB896428$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB898461$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB899587$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB899591$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB900485$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB900725$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB901017$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB901214$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB902400$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB904942$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB905414$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB905749$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB908519$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB908531$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB910437$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911280$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911562$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911564$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB911927$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB913580$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB914388$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB914389$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB914440$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB915865$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB916595$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB918118$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB918439$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920213$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920670$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920685$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB920872$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB922582$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB922819$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923191$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923414$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923561$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923689$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB923980$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB924270$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB924496$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB924667$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB925398_WMP64$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB925902$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926239$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926255$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB926436$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927779$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB927891$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB928255$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB928843$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB929123$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB929399$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB930178$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB930916$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB931261$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB931784$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB932168$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB932823-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB933729$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935448$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB935840$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936021$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936357$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936782_WMP11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB936782_WMP9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB937894$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938127$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938464_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB938828$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB939683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941202$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941569$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB941693$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB942763$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943055$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943460$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB943485$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB944338$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB944653$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB945553$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946026$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB946648_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB948590$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950749$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950759$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950760$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950762_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB950974_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951066_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951072-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951376-v2_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951698$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951698_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951748_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB951978$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952004$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952011$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952069_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952287_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB952954_0$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB953839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954154_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954155_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954211$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954459$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB954600$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955069$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955759$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB955839$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956391$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956572$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956744$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956802$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956841$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB956844$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957095$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB957097$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958644$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958690$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB958869$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959426$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB959772_WM11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960225$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960803$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB960859$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961118$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961371$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961373$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961501$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB961503$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB967715$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968389$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968537$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB968816_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969059$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969898$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB969947$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970238$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970430$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB970653-v3$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971468$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971486$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971557$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971633$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971657$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB971737$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB972270$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973346$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973354$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973507$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973525$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973540_WM9$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973687$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973815$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973869$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB973904$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974112$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974318$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974392$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB974571$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975025$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975467$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975560$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975561$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB975713$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB976098-v2$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB977165$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB977816$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB977914$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978037$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978251$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978262$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978338$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978542$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978601$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB978706$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB979306$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB979309$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB979683$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallKB980232$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallMSCompPackV1$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWdf01005$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWMFDist11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallwmp11$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallWudf01000$ <- Successfully deleted.

C:\WINDOWS\$NtUninstallXPSEPSCLP$ <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\FrameWork.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemcore.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemess.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wbemprox.log <- Successfully deleted.

C:\WINDOWS\system32\wbem\Logs\wmiprov.log <- Successfully deleted.

C:\sqmdata00.sqm <- Successfully deleted.

C:\sqmdata01.sqm <- Successfully deleted.

C:\sqmdata02.sqm <- Successfully deleted.

C:\sqmnoopt00.sqm <- Successfully deleted.

C:\sqmnoopt01.sqm <- Successfully deleted.

C:\sqmnoopt02.sqm <- Successfully deleted.

C:\Thumbs.db <- Successfully deleted.

C:\AdmIg\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Any Video Converter\images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\eMule\Incoming\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\eMule Acceleration Patch\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\eMule Acceleration Patch\img\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Free Audio Pack\Free CD Ripper\Images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\LimeWire\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\LiveUpdate\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\MediaCoder\extensions\_images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Messenger\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\mobile PhoneTools\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\mobile PhoneTools\Custom\Thumbs.db <- Acesso negado.

C:\Arquivos de programas\mobile PhoneTools\Custom\MOTO_500\Thumbs.db <- Acesso negado.

C:\Arquivos de programas\mobile PhoneTools\Custom\MOTO_835\Thumbs.db <- Acesso negado.

C:\Arquivos de programas\mobile PhoneTools\media\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\mobile PhoneTools\media\Images\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\mobile PhoneTools\Samples\Frames\Thumbs.db <- Acesso negado.

C:\Arquivos de programas\mobile PhoneTools\Samples\Images\Thumbs.db <- Acesso negado.

C:\Arquivos de programas\Mozilla Firefox\res\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Nero\Nero 9\Nero Express\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Nero\Nero 9\Nero Recode\NPRE\NeroPreview\rich\white\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Nero\Nero 9\Nero SoundTrax\NPRE\NeroPreview\rich\white\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Nero\Nero 9\Nero StartSmart\NPRE\NeroPreview\rich\white\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Nero\Nero 9\Nero WaveEditor\NPRE\NeroPreview\rich\white\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\PhotoScape\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Serif\PhotoP60\Projects\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\TVUPlayer\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\Windows Media Connect 2\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\XviD\Thumbs.db <- Successfully deleted.

C:\Arquivos de programas\XviD3\vereadora_videos_amadordesexo\Thumbs.db <- Successfully deleted.

C:\Arquivos de Programas RFB\IRPF2009\Thumbs.db <- Successfully deleted.

C:\cc9c4f68ee2f300ab00cbff2dd\Thumbs.db <- Successfully deleted.

C:\d1cc57b52de34df7644a\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Dados de aplicativos\NOS\GP_GUI_Adobe\images\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas imagens\Amostras de imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\All Users\Documentos\Minhas músicas\Amostra de música\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\AdRotator\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\IconCache.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\Microsoft\Messenger\neuila@hotmail.com\Sharing Folders\charles_5095@hotmail.com\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Configurações locais\Dados de aplicativos\Microsoft\Windows Live OneCare safety scanner\SQM\MSVS\wlsc00.sqm <- Successfully deleted.

C:\Documents and Settings\lan-04\Dados de aplicativos\Image Zone Express\thumbnail.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Desktop\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Desktop\niver neuba\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Desktop\Nova pasta (2)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Desktop\Originals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Any Video Converter\AVI\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Conselho da Comunidade\con_comu_arquivos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\1988 - Live At The Ritz\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Dark.Tranquillity.2003.Live.Damage\Cover\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Dream Theater Metropolis\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\FITO\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Hetki Hiljaa (2005)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Hyvästi, Dolores Haze (2010)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Megadeth - Arsenal Of Megadeth DVD1 (Full DVD) (www.heavytorrents.org)(by hijodeodin)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Nuclear Assault - Louder Harder Faster (Full DVD)(www.heavytorrents.org)(By hijodeodin)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Steve Vai - Where The Wild Things Are (2009) - DMWINC\Covers\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\Stryper - 2010-01-23 - Live in Tivoli DVD, Utrecht, The Netherlands\Notes & covers\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\THEATER_LA07\CD case\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Downloads\THEATER_LA07\DVD case\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\EatCam Webcam Recorder\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Hetki Hiljaa (2005)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\janas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Meus arquivos recebidos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Meus vídeos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2008-07 (jul)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2008-08 (ago)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2008-11 (nov)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2008-12 (dez)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2008-12 (dez)\Originals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2009-02 (fev)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2009-03 (mar)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2009-04 (abr)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2009-07 (jul)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2009-09 (set)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2010-02 (fev)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas digitalizações\2010-03 (mar)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\80 anos\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\adolescentes rondon 0709\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\ALBUM BILLY\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\cidney\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\decoração\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\festa boatã\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\festa boatã\.picasaoriginals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\formatura cetred\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Fotos da natureza\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\joce\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\monteiro lobato\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Neuila Chá-de-panela I\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Neuila Chá-de-panela I\.picasaoriginals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Originals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Picasa\Colagens\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\roupas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Socorro gouveia\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas imagens\Tasso\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\alessandra\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Megadeth\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\Megadeth\Rust in Peace\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\Casamento Neuila\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\Michelle Nascimento 2009 - A Quem Enviarei\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\Novo Som - Estação da Luz 2009\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\Soraya Moraes - Promessas (2007)\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Minhas músicas\NEUILA\VANINHA\Cd-Vaninha 2-Sorriso bem alegre\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Missões Rondom\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Originals\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\lan-04\Meus documentos\Volta ao mundo com Jesus\Thumbs.db <- Successfully deleted.

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Portable Devices\wpdlog00.sqm <- Successfully deleted.

C:\Downloads\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\aqualux\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\Blue Nano\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\BnW\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\Corolla\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\cronex\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\dBOX\Thumbs.db <- Successfully deleted.

C:\Downloads\50_Themes-XP\Themes\grenox\Thumbs.db <- Successfully deleted.

C:\Downloads\Khorus 2008 - Perfeição\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Alquimia Rosa Cruz E Ordem Hermética Aurora Dorada\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Antigas\Thumbs.db <- Successfully deleted.

C:\ESDRAS\CAPAS\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Celular Fotos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Comercialização\Thumbs.db <- Successfully deleted.

C:\ESDRAS\CRIACAO DE RUMINANTES\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\09.2009.mirella.santos.revista.um.logo\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Alektra Blue\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Ana Paula Tabalipa - Playboy\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Andreia RECORD\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Anny Lee e Bianca Lopes - Dreamcam Maio de 2010 (Exclusividade)\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Bunny\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Carol Castro\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Carol Miranda\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Demi\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Elisiane Benites, a Piu-Piu do Pânico na TV, na Sexy\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Fabiana Andrade\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Flavia 2009\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\fotosdaroseleonelexclusivas-www.baixandolegal.org\fotosdaroseleonelexclusivas\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Izabel\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Joseane.Oliveira.BBB10\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\josi BBB\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Juliana BBB playboy 2008\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Melancia\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Mirella-Santos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\miss sanlor\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Nina Hartley\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB Fernana Young 1109\Playboy - Fernana Young - Novembro 2009\Cópia de SCANS\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB Fernana Young 1109\Playboy - Fernana Young - Novembro 2009\DIVERSAS\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB Fernana Young 1109\Playboy - Fernana Young - Novembro 2009\SCANS\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB Tessalia BBB10 Março 2010\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB.Flávia.Alessandra.www.therebels.biz\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB200907_GdF.erivanildo.www.THEGENIUS.us\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB200907_Mulher.Melancia\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB200907_Mulher.Melancia\PB200907_Ensaios.Secundarios\PB200907_Ensaios.Secundarios\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB200908_Priscila.Pires.Scans\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\PB200909_Barbara.Borges.Scans.HQ\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Pb_Brasil_2010-05_O.Mundo.de.Pb_vol.10\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Pb_Nana.Esp\Revista Playboy Abril 2009 Especial - Nana Gouvêa\Revista Playboy Abril 2009 Especial - Nana Gouvêa\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Penelope Nova na VIP\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Playboy - Coelhinhas - Dezembro de 2008\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Playboy_Venezuela_Janeiro 2010\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Puro_Deseijo_Rita_Cadillac__2\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Revista Sexy - Wanessa Martins - Janeiro 2010\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\SXFevereiro2010\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\Vanessa\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Facul2\mug\zzz\vereadora_videos_amadordesexo\Thumbs.db <- Successfully deleted.

C:\ESDRAS\FreeRapid-0.7\Thumbs.db <- Successfully deleted.

C:\ESDRAS\ItineraryChangeComplete.aspx_arquivos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Janaina\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Mat didat caupi\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Mat.didat.Amendoim\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Niver Evaldo\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Niver Rebeca\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Outros (FOTOS)\Thumbs.db <- Successfully deleted.

C:\ESDRAS\PNL DVD\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Pregações\Thumbs.db <- Successfully deleted.

C:\ESDRAS\RETIRO 2010\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Roma\asedrt14.www.therebels.biz.by.siri\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Roma\asedrt14.www.therebels.biz.by.siri\chamadas\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Roma\asedrt14.www.therebels.biz.by.siri\fotos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Sementes\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Sisvar\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Skid Row - Wembley Stadium 1991-08-31 Pro DVD\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-01-Leite,Aspectos Gerais\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-02-Leite,Legislação de Lácteos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-03-Leite,Tratamento Térmicos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-04-Leite,Controle de Qualidade\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-05-Leite,Doces de Leite\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-06-Leite,Manteigas\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-07-Leite, Fermentados\Thumbs.db <- Successfully deleted.

C:\ESDRAS\TPA - UFC\Aula-08-Leite,Queijos\Thumbs.db <- Successfully deleted.

C:\ESDRAS\Wallpapers_Angelina\Thumbs.db <- Successfully deleted.

C:\fotos PI\Thumbs.db <- Successfully deleted.

C:\fotos PI\Originals\Thumbs.db <- Successfully deleted.

C:\JOHNSON\Thumbs.db <- Successfully deleted.

C:\JOHNSON\audiograbber\Thumbs.db <- Successfully deleted.

C:\JOHNSON\audiograbber\diversos\Thumbs.db <- Successfully deleted.

C:\JOHNSON\Dying for a heart\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FACU\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FACU\MÉTODOS E Pesquisa em Música\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\12 10\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\amigos FAC\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Andre Matos Show\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\encerramento 31 10 08\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\eu\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Feira da Musik 2008\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Feira da Musik 2008\101_SONY\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\fotos variadas\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\FOTOS WORKSHOP SILAS\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\hotel night\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\jana\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Matos\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Originals\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\pecem\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\retiro semana santa\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\show Nightwish\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\show tarja\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Tarja\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\variadas 2\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\variadas 2\retiro\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\Wallpapers\Thumbs.db <- Successfully deleted.

C:\JOHNSON\FOTOSS\ZOOMBIE WALK\Thumbs.db <- Successfully deleted.

C:\JOHNSON\jana\Thumbs.db <- Successfully deleted.

C:\JOHNSON\jana\Originals\Thumbs.db <- Successfully deleted.

C:\JOHNSON\Originals\Thumbs.db <- Successfully deleted.

C:\JOHNSON\vds\Thumbs.db <- Successfully deleted.

C:\JOHNSON\vds 2\Thumbs.db <- Successfully deleted.

C:\JOHNSON\Vídeos do Klaus\Thumbs.db <- Successfully deleted.

C:\Nero.9.0.9.4b.Trial.Patch.Under.SEH\screen\Thumbs.db <- Successfully deleted.

C:\output\Thumbs.db <- Successfully deleted.

C:\Programas\cf75\10050-azenis_1.2_151\Thumbs.db <- Successfully deleted.

C:\Programas\cf75\60534-Blue xRay\Thumbs.db <- Successfully deleted.

C:\Programas\cf75\60534-BuG\Thumbs.db <- Successfully deleted.

C:\Programas\cf75\61577-Smilies\Thumbs.db <- Successfully deleted.

C:\Programas\cf75\61577-Ystos Cyn Small\Thumbs.db <- Successfully deleted.

C:\Programas\MPM\MPM\ReadMe\images\Thumbs.db <- Successfully deleted.

C:\Programas\Papuas\Papuas\TP Unlock Siemens\Thumbs.db <- Successfully deleted.

C:\Programas\Virtualdj Effets Skins\AddON\Wallpapers\Thumbs.db <- Successfully deleted.

C:\ToolBar SD\Thumbs.db <- Successfully deleted.

C:\WINDOWS\Thumbs.db <- Successfully deleted.

C:\WINDOWS\network diagnostic\Sqm\NetDiag00.sqm <- Successfully deleted.

C:\WINDOWS\network diagnostic\Sqm\NetDiag01.sqm <- Successfully deleted.

C:\WINDOWS\network diagnostic\Sqm\NetDiag02.sqm <- Successfully deleted.

C:\WINDOWS\network diagnostic\Sqm\NetDiag03.sqm <- Successfully deleted.

C:\WINDOWS\Resources\Themes\CrystalBlue\Screenshots\Thumbs.db <- Successfully deleted.

C:\WINDOWS\SHELLNEW\Thumbs.db <- Successfully deleted.

C:\WINDOWS\system32\Thumbs.db <- Successfully deleted.

C:\WINDOWS\Web\Thumbs.db <- Successfully deleted.

 

Total space cleaned: 1162567246 bytes

 

-=E.O.F=-

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:31:40, on 19/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\msiexec.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll (file missing)

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe] C:\DOCUME~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 189.40.224.5 189.38.95.95

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 12018 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! esdrasyave

 

<@> Abra o OTL.exe --> Clique em CleanUp.jpg ou Limpeza --> Aguarde!

<@> Na solicitação,clique OK --> Reinicie o computador!

00000000000000000000

oooooooooooooooooooo

<@> Baixe: < desktopicon.png > ( ...by sUBs )

 

<!> Link-2 --> < ForoSpyware >

 

<!> Link-3 --> < GeeksToGo >

 

<@> Salve-o no desktop!

<@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

<@> Feche todas as janelas e execute a ferramenta!

<@> Ps: A execução,por comando,também é possível:

<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall

 

combofixejr8.gif

 

<@> Clique em Ok.

<@> Na janela: "Contrato de garantia de software" --> Clique em Sim!

 

RcAuto1.gif

 

<@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

<@> Terminando,clique Sim ou Yes. --> Aguarde!

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.

<!> Salve-a no desktop,renomeada como: Kombo.exe

<!> Ps: Nomeie durante o salvamento,e não após salvá-la!

<!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link!

<!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

Rookit_found.gif

 

<!> Ps: Anote essas detecções,e dê o OK.

<!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

<!> Ps: Evite executar,voluntariamente,esta ferramenta!

<!> Ps: Para evitar problemas,siga todas as recomendações propostas.

<!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

<@> Abrir-se-á a janela Auto Scan. --> Aguarde!

<@> Para finalizar remoções,o ComboFix poderá reiniciar o computador.

<@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

<@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

<@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter!

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-06-19.01 - lan-04 19/06/2010 22:23:42.16.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.469 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\inmbox

c:\windows\system32\inmbox\iData\2967795014\abikeilly_anthonny2048244103.xml

c:\windows\system32\inmbox\iData\2967795014\aecio.aerio845091106.xml

c:\windows\system32\inmbox\iData\2967795014\alefisic3053321555.xml

c:\windows\system32\inmbox\iData\2967795014\alinehija2729703728.xml

c:\windows\system32\inmbox\iData\2967795014\alissonguitar3628095316.xml

c:\windows\system32\inmbox\iData\2967795014\alyssonmartins13_3434292181.xml

c:\windows\system32\inmbox\iData\2967795014\amadakewishowcee1580706369.xml

c:\windows\system32\inmbox\iData\2967795014\ana_patthy3954625212.xml

c:\windows\system32\inmbox\iData\2967795014\anah-e348124937.xml

c:\windows\system32\inmbox\iData\2967795014\andersongta2500722841.xml

c:\windows\system32\inmbox\iData\2967795014\andressagatinha012935988801.xml

c:\windows\system32\inmbox\iData\2967795014\anjinhavf1284085212.xml

c:\windows\system32\inmbox\iData\2967795014\bandapontocom4031884804.xml

c:\windows\system32\inmbox\iData\2967795014\barakbruno2583552406.xml

c:\windows\system32\inmbox\iData\2967795014\beatriz.franklin33269407.xml

c:\windows\system32\inmbox\iData\2967795014\bellpontocom2146675425.xml

c:\windows\system32\inmbox\iData\2967795014\bin_edson3920706408.xml

c:\windows\system32\inmbox\iData\2967795014\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\2967795014\camillaamatos857998223.xml

c:\windows\system32\inmbox\iData\2967795014\carlos_stauros1596501203.xml

c:\windows\system32\inmbox\iData\2967795014\cassia.131860594689.xml

c:\windows\system32\inmbox\iData\2967795014\ciceroyave3299335425.xml

c:\windows\system32\inmbox\iData\2967795014\cintia-ric1149617382.xml

c:\windows\system32\inmbox\iData\2967795014\corsoeumesmo2895817608.xml

c:\windows\system32\inmbox\iData\2967795014\darkvegence2384165974.xml

c:\windows\system32\inmbox\iData\2967795014\days_htinha1487560979.xml

c:\windows\system32\inmbox\iData\2967795014\dealuap3410016599.xml

c:\windows\system32\inmbox\iData\2967795014\debora_wanderley_3831153576815.xml

c:\windows\system32\inmbox\iData\2967795014\dedinrossi512680583.xml

c:\windows\system32\inmbox\iData\2967795014\dododaio3513615074.xml

c:\windows\system32\inmbox\iData\2967795014\dry_ka_sanpa1532582687.xml

c:\windows\system32\inmbox\iData\2967795014\dtg_7643406027310.xml

c:\windows\system32\inmbox\iData\2967795014\edguywagner2738394989.xml

c:\windows\system32\inmbox\iData\2967795014\ellen_acricya251252682.xml

c:\windows\system32\inmbox\iData\2967795014\esdrasyave2967795014.xml

c:\windows\system32\inmbox\iData\2967795014\eurisdenia652976388.xml

c:\windows\system32\inmbox\iData\2967795014\fabiana.ibc3544710929.xml

c:\windows\system32\inmbox\iData\2967795014\fellype.rodrigo869344652.xml

c:\windows\system32\inmbox\iData\2967795014\fran.anja.especial1158222554.xml

c:\windows\system32\inmbox\iData\2967795014\francineide_kelly2657048619.xml

c:\windows\system32\inmbox\iData\2967795014\francisca.r.passos4243666668.xml

c:\windows\system32\inmbox\iData\2967795014\gabriellenufc997728246.xml

c:\windows\system32\inmbox\iData\2967795014\geysielesantiago3479330096.xml

c:\windows\system32\inmbox\iData\2967795014\ghostangel151693598461.xml

c:\windows\system32\inmbox\iData\2967795014\gislene_russas4078587682.xml

c:\windows\system32\inmbox\iData\2967795014\gostoso-walisson3780064858.xml

c:\windows\system32\inmbox\iData\2967795014\gregoriohermes1376142385.xml

c:\windows\system32\inmbox\iData\2967795014\group12738453558209910.xml

c:\windows\system32\inmbox\iData\2967795014\haras_mont1843222911.xml

c:\windows\system32\inmbox\iData\2967795014\hcesar_elsha_betes250642423.xml

c:\windows\system32\inmbox\iData\2967795014\heber_mi101904282.xml

c:\windows\system32\inmbox\iData\2967795014\jajacksales2210894603.xml

c:\windows\system32\inmbox\iData\2967795014\janamorais20103908518191.xml

c:\windows\system32\inmbox\iData\2967795014\janiellebraga4089664156.xml

c:\windows\system32\inmbox\iData\2967795014\jessicapistrano124140338652.xml

c:\windows\system32\inmbox\iData\2967795014\jessikaborges202687960489.xml

c:\windows\system32\inmbox\iData\2967795014\john-pinhal521821963.xml

c:\windows\system32\inmbox\iData\2967795014\karlados_santos3729040307.xml

c:\windows\system32\inmbox\iData\2967795014\karllapatinha906202383.xml

c:\windows\system32\inmbox\iData\2967795014\kelzinha801863191569.xml

c:\windows\system32\inmbox\iData\2967795014\kenyalegio2946668235.xml

c:\windows\system32\inmbox\iData\2967795014\kleciafontinele3218532692.xml

c:\windows\system32\inmbox\iData\2967795014\koeh_janas3720902274.xml

c:\windows\system32\inmbox\iData\2967795014\lanynha_inha432978429.xml

c:\windows\system32\inmbox\iData\2967795014\levi_cunha3781753073.xml

c:\windows\system32\inmbox\iData\2967795014\liliacarvalho_gt4162740904.xml

c:\windows\system32\inmbox\iData\2967795014\lisleyrodrigues490601581.xml

c:\windows\system32\inmbox\iData\2967795014\lu_bibale934708022.xml

c:\windows\system32\inmbox\iData\2967795014\luanastefanelly3187558367.xml

c:\windows\system32\inmbox\iData\2967795014\luaninharussi3192375449.xml

c:\windows\system32\inmbox\iData\2967795014\luziamaia33153007661084.xml

c:\windows\system32\inmbox\iData\2967795014\marianadesousa20061004333368.xml

c:\windows\system32\inmbox\iData\2967795014\marigelber2060544313.xml

c:\windows\system32\inmbox\iData\2967795014\marinha.ketlen.2356166740.xml

c:\windows\system32\inmbox\iData\2967795014\marybrisamorena650676319.xml

c:\windows\system32\inmbox\iData\2967795014\megaware_3401985467.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\micheldasilvamonte4054791004.xml

c:\windows\system32\inmbox\iData\2967795014\milena_jales1074059199.xml

c:\windows\system32\inmbox\iData\2967795014\miriamlongaray1503418143.xml

c:\windows\system32\inmbox\iData\2967795014\moniquita-federal1760188974.xml

c:\windows\system32\inmbox\iData\2967795014\naraforte232694257.xml

c:\windows\system32\inmbox\iData\2967795014\nataliamartinsgf1482681684.xml

c:\windows\system32\inmbox\iData\2967795014\naty.bell1391918100.xml

c:\windows\system32\inmbox\iData\2967795014\nayara-kiss2732257512.xml

c:\windows\system32\inmbox\iData\2967795014\ninagatapoderosa4230355267.xml

c:\windows\system32\inmbox\iData\2967795014\nisinha_19663799423534.xml

c:\windows\system32\inmbox\iData\2967795014\noemiarocha20081796792211.xml

c:\windows\system32\inmbox\iData\2967795014\nyrlakosta2556223315.xml

c:\windows\system32\inmbox\iData\2967795014\o.fantasma.do.navegador853999181.xml

c:\windows\system32\inmbox\iData\2967795014\olacygracia1512572002.xml

c:\windows\system32\inmbox\iData\2967795014\otvjr2064077784.xml

c:\windows\system32\inmbox\iData\2967795014\paloma-loureiro791419679.xml

c:\windows\system32\inmbox\iData\2967795014\paty_originalpink49219847.xml

c:\windows\system32\inmbox\iData\2967795014\pryscylla.v456137866.xml

c:\windows\system32\inmbox\iData\2967795014\raqueleichelberger1326319598.xml

c:\windows\system32\inmbox\iData\2967795014\rebykiss2904479639.xml

c:\windows\system32\inmbox\iData\2967795014\renatakelly761676628288.xml

c:\windows\system32\inmbox\iData\2967795014\renettazastrow632506216069.xml

c:\windows\system32\inmbox\iData\2967795014\roberta_alcanfor3766103647.xml

c:\windows\system32\inmbox\iData\2967795014\rodolfoalbuquerquesilva2024728123.xml

c:\windows\system32\inmbox\iData\2967795014\rogerioestevamshow2071872412.xml

c:\windows\system32\inmbox\iData\2967795014\rosyene_solon3849947862.xml

c:\windows\system32\inmbox\iData\2967795014\samara_trioo767102372.xml

c:\windows\system32\inmbox\iData\2967795014\samarasousa1774842592.xml

c:\windows\system32\inmbox\iData\2967795014\sandrynha_ge4226652058.xml

c:\windows\system32\inmbox\iData\2967795014\saraejoab17240103.xml

c:\windows\system32\inmbox\iData\2967795014\soneca.metal2863782285.xml

c:\windows\system32\inmbox\iData\2967795014\sorainha-he507082782.xml

c:\windows\system32\inmbox\iData\2967795014\sou_bia43395059157.xml

c:\windows\system32\inmbox\iData\2967795014\sra_smith211777417056.xml

c:\windows\system32\inmbox\iData\2967795014\stefanicb596672678.xml

c:\windows\system32\inmbox\iData\2967795014\susyloka_841328117961.xml

c:\windows\system32\inmbox\iData\2967795014\tabelaperiodica2015536716.xml

c:\windows\system32\inmbox\iData\2967795014\talyta_batista201832357519.xml

c:\windows\system32\inmbox\iData\2967795014\tatacastro_p424376812.xml

c:\windows\system32\inmbox\iData\2967795014\thataviana183344332509.xml

c:\windows\system32\inmbox\iData\2967795014\thatytharja2518005915.xml

c:\windows\system32\inmbox\iData\2967795014\tiago_soneca_metal1342884053.xml

c:\windows\system32\inmbox\iData\2967795014\tianaspiva061937559889.xml

c:\windows\system32\inmbox\iData\2967795014\trecoul_zac2326045478.xml

c:\windows\system32\inmbox\iData\2967795014\victorloureiro20185790077.xml

c:\windows\system32\inmbox\iData\2967795014\vivianelopes.com556623785.xml

c:\windows\system32\inmbox\iData\2967795014\vivianereis_1523878151.xml

c:\windows\system32\inmbox\iData\2967795014\wallacemetaleiro4081123366.xml

c:\windows\system32\inmbox\iData\4029172053\anjinhavf1284085212.xml

c:\windows\system32\inmbox\iData\4029172053\bilinhabb1968636806.xml

c:\windows\system32\inmbox\iData\4029172053\charles_50953492751931.xml

c:\windows\system32\inmbox\iData\4029172053\ciceroyave3299335425.xml

c:\windows\system32\inmbox\iData\4029172053\edineusa_carvalho2172415856.xml

c:\windows\system32\inmbox\iData\4029172053\faby_nicolas09798738790.xml

c:\windows\system32\inmbox\iData\4029172053\gracinhagta2144135596.xml

c:\windows\system32\inmbox\iData\4029172053\hawlysson2503196575.xml

c:\windows\system32\inmbox\iData\4029172053\hertonaldo1178061595.xml

c:\windows\system32\inmbox\iData\4029172053\jeane28051777995345.xml

c:\windows\system32\inmbox\iData\4029172053\kar-los-antonio1631612129.xml

c:\windows\system32\inmbox\iData\4029172053\karinathe20061791784382.xml

c:\windows\system32\inmbox\iData\4029172053\kennedy_gb1022244985.xml

c:\windows\system32\inmbox\iData\4029172053\MessageLog.xsl

c:\windows\system32\inmbox\iData\4029172053\neuilas784438496.xml

c:\windows\system32\inmbox\iData\4029172053\oz_angelo3739649129.xml

c:\windows\system32\inmbox\iData\4029172053\sandropombao3074905652.xml

c:\windows\system32\inmbox\iData\4029172053\sheilinhamp695067553.xml

c:\windows\system32\inmbox\iData\4029172053\syslenyqueiroz1125091589.xml

c:\windows\system32\inmbox\iData\4029172053\talitinha_jade1556216576.xml

c:\windows\system32\inmbox\iData\4029172053\thaisforterodrigues3337144940.xml

c:\windows\system32\inmbox\iData\4029172053\thuth81841788908.xml

c:\windows\system32\inmbox\iData\4029172053\tpm_282747431041.xml

c:\windows\system32\inmbox\iData\772360000\alicinhahfernandes1452392358.xml

c:\windows\system32\inmbox\iData\772360000\bin_edson3920706408.xml

c:\windows\system32\inmbox\iData\772360000\brunobarak1606753466.xml

c:\windows\system32\inmbox\iData\772360000\carlos_stauros1596501203.xml

c:\windows\system32\inmbox\iData\772360000\clariceferreira174076726586.xml

c:\windows\system32\inmbox\iData\772360000\darkvegence2384165974.xml

c:\windows\system32\inmbox\iData\772360000\esdrasyave2967795014.xml

c:\windows\system32\inmbox\iData\772360000\hudyguitar2265031157.xml

c:\windows\system32\inmbox\iData\772360000\isadoracid2520214978.xml

c:\windows\system32\inmbox\iData\772360000\jacquelyne-duarte3407275590.xml

c:\windows\system32\inmbox\iData\772360000\karolzinha_gdt1277969024.xml

c:\windows\system32\inmbox\iData\772360000\koeh_janas3720902274.xml

c:\windows\system32\inmbox\iData\772360000\leex.222447115719.xml

c:\windows\system32\inmbox\iData\772360000\levi_cunha3781753073.xml

c:\windows\system32\inmbox\iData\772360000\lilianebarroso4264719529.xml

c:\windows\system32\inmbox\iData\772360000\mariihh_09053787366650.xml

c:\windows\system32\inmbox\iData\772360000\megaware_3401985467.xml

c:\windows\system32\inmbox\iData\772360000\MessageLog.xsl

c:\windows\system32\inmbox\iData\772360000\neuila4029172053.xml

c:\windows\system32\inmbox\iData\772360000\paulinho_brasil3074502583.xml

c:\windows\system32\inmbox\iData\772360000\po_mafalda1646828571.xml

c:\windows\system32\inmbox\iData\772360000\thtrevia3533131570.xml

c:\windows\system32\inmbox\iData\772360000\tiago_soneca_metal1342884053.xml

c:\windows\system32\inmbox\iData\772360000\toni_caval650774311.xml

c:\windows\system32\inmbox\iData\772360000\trecoul_zac2326045478.xml

c:\windows\system32\inmbox\iData\772360000\vivianelopes.com556623785.xml

c:\windows\system32\vbzlib1.dll

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-20 to 2010-06-20 ))))))))))))))))))))))))))))

.

 

2010-06-19 15:29 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 22:01 . 2010-06-18 22:02 148257995 ----a-w- C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

2010-06-18 21:15 . 2010-06-18 22:02 -------- d-----w- C:\UsbFix

2010-06-18 21:12 . 2010-06-18 21:14 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 01:55 . 2010-06-17 01:55 -------- d-----w- C:\Toll Bar

2010-06-12 23:12 . 2010-06-18 22:03 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\PriceGong

2010-06-11 22:53 . 2010-06-19 15:14 -------- d-----w- C:\cc9c4f68ee2f300ab00cbff2dd

2010-06-11 21:06 . 2010-06-19 15:14 -------- d-----w- C:\d1cc57b52de34df7644a

2010-06-11 20:59 . 2010-06-18 21:57 -------- d-----w- C:\Pen drive

2010-06-11 20:57 . 2008-08-26 00:39 -------- d-----w- C:\327882R2FWJFW

2010-06-10 22:35 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 01:04 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-06-20 01:01 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-20 01:01 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-20 00:03 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-06-19 15:30 . 2010-06-19 15:30 503808 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcp71.dll

2010-06-19 15:30 . 2010-06-19 15:30 499712 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\jmc.dll

2010-06-19 15:30 . 2010-06-19 15:30 348160 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcr71.dll

2010-06-19 15:30 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Java

2010-06-19 15:29 . 2010-06-19 15:29 61440 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-sse.dll

2010-06-19 15:29 . 2010-06-19 15:29 12800 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-d3d.dll

2010-06-19 15:29 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-19 15:15 . 2008-07-10 20:54 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2010-06-19 15:14 . 2009-01-11 15:18 -------- d-----w- c:\arquivos de programas\XviD

2010-06-19 15:14 . 2008-06-28 16:01 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-06-19 15:14 . 2009-03-15 15:23 -------- d-----w- c:\arquivos de programas\TVUPlayer

2010-06-19 15:14 . 2009-04-30 19:11 -------- d-----w- c:\arquivos de programas\PhotoScape

2010-06-19 15:14 . 2008-06-20 17:24 -------- d-----w- c:\arquivos de programas\mobile PhoneTools

2010-06-19 15:14 . 2008-09-23 17:22 -------- d-----w- c:\arquivos de programas\LiveUpdate

2010-06-19 15:14 . 2008-06-29 13:22 -------- d-----w- c:\arquivos de programas\LimeWire

2010-06-19 15:14 . 2008-07-21 22:31 -------- d-----w- c:\arquivos de programas\eMule Acceleration Patch

2010-06-18 00:52 . 2001-10-28 12:07 584300 ----a-w- c:\windows\system32\perfh016.dat

2010-06-18 00:52 . 2001-10-28 12:07 114124 ----a-w- c:\windows\system32\perfc016.dat

2010-06-13 20:41 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Babylon

2010-06-13 20:24 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-06-11 21:05 . 2009-03-14 20:23 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-06-07 21:27 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-05-19 21:47 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-19 01:09 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-05-18 20:51 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-05-18 15:00 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-16 21:54 . 2010-05-16 21:48 -------- d-----w- c:\arquivos de programas\TIM Web Banda Larga

2010-05-08 19:29 . 2010-03-10 14:56 -------- d-----w- c:\arquivos de programas\Cool2000

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 19:48 . 2010-05-01 19:33 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2010-05-01 19:36 . 2010-05-01 19:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-01 19:36 . 2010-05-01 19:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-01 19:35 . 2010-05-01 19:35 -------- d-----w- c:\arquivos de programas\Applian Director

2010-05-01 19:10 . 2010-05-01 18:57 -------- d-----w- c:\arquivos de programas\Save Flash

2010-04-29 18:39 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-02 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:48 . 2010-04-15 18:22 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-06 04:00 . 2010-04-06 04:00 268188 ----a-w- C:\LinhaDefensiva.zip

2010-03-25 13:56 . 2010-05-18 15:06 131360 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2009-08-04 23:56 . 2009-08-04 23:43 40958056 ----a-w- c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2010-06-17 01:04 2736736 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2010-02-27 654648]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

"Nero PhotoShow Media Manager"="c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-A7UA6.lnk

backup=c:\windows\pss\is-A7UA6.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-D8KDB.lnk

backup=c:\windows\pss\is-D8KDB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-QR2A2.lnk

backup=c:\windows\pss\is-QR2A2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-UEHSS.lnk

backup=c:\windows\pss\is-UEHSS.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-VD0FU.lnk

backup=c:\windows\pss\is-VD0FU.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]

2009-09-22 18:09 156672 ----a-w- c:\arquivos de programas\Replay Media Catcher\FLVSrvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R1 is-A7UA6drv;is-A7UA6drv;c:\windows\system32\drivers\47000877.sys [4/8/2009 20:58 148496]

R1 is-D8KDBdrv;is-D8KDBdrv;c:\windows\system32\drivers\98782068.sys [4/8/2009 21:04 148496]

R1 is-QR2A2drv;is-QR2A2drv;c:\windows\system32\drivers\17601523.sys [5/8/2009 10:41 148496]

R1 is-UEHSSdrv;is-UEHSSdrv;c:\windows\system32\drivers\99758160.sys [4/8/2009 22:13 148496]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 719392]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

S1 is-VD0FUdrv;is-VD0FUdrv;c:\windows\system32\drivers\27206467.sys [4/8/2009 21:08 148496]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\arquivos de programas\Ask.com\GenericAskToolbar.dll

HKLM-Run-c:\docume~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe - c:\docume~1\lan-04\CONFIG~1\Temp\Ev~NeN^e.eXe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-19 22:36

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E7133E-2B34-3E68-ED04-9E913775FEB5}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"oaapannifmdfblpenmmkebgjiojkme"=hex:64,61,64,62,63,6b,6c,69,00,85

"oamaijaacolopohcfdigicocoggdff"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

"nagakigjhiopiiapjidcdjckiajd"=hex:6a,61,64,62,64,6b,66,6c,70,62,65,64,68,61,

65,65,6d,67,6c,6a,00,02

 

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1D4C37-500C-C3FE-7715-D3EDCD5B017A}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iadpdfmhpgibdmnmbc"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

"hanajcpmflboijbj"=hex:6a,61,61,64,6d,65,62,6f,68,66,65,68,70,6d,66,6d,69,6a,

61,64,00,01

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-19 22:45:05

ComboFix-quarantined-files.txt 2010-06-20 01:44

 

Pré-execução: 3.422.081.024 bytes disponíveis

Pós execução: 2.238.906.368 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - E32812BFA8EDBF01F216F38C189F4276

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:51:58, on 19/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F998C6B0-B3CF-4169-873E-65A947207C0A}: NameServer = 189.40.224.5 189.38.95.95

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 11898 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

/////// Bom Dia! esdrasyave \\\\\\\

 

<@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

Mia::

c:\windows\system32\vbzlib1.dll

RegNull::

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{76E7133E-2B34-3E68-ED04-9E913775FEB5}*]

[HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FA1D4C37-500C-C3FE-7715-D3EDCD5B017A}*]

Firefox::

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

File::

c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

C:\LinhaDefensiva.zip

Driver::

"is-A7UA6drv"

"is-D8KDBdrv"

"is-QR2A2drv"

"is-UEHSSdrv"

"is-VD0FUdrv"

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado.

00000000000000000000000

ooooooooooooooooooooooo

<@> Baixe: < JavaRa >

<@> Tire-o do zip!

<@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates.

<@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search.

<@> Se estiver atualizado,receberá um aviso confirmando a última versão.

<@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada.

<@> Clique no botão "Remove Older Versions" --> Aguarde!

00000000000000000000000

ooooooooooooooooooooooo

<@> Ps: Você possui o programa a-squared. Faça uma verificação na máquina,escolhendo a opção inteligente.

<@> Poste,ao concluir,o relatório.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:24:05, on 20/6/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\a-squared Free\a2service.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\AdmIg\Firebird\bin\fbserver.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\BitTorrent\bittorrent.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\TIM Web Banda Larga\TIM Web Banda Larga.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\lan-04\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: DVDVideoSoftTB Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Arquivos de programas\DVDVideoSoft\tbDVD0.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\ARQUIV~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://127.0.0.1:9070/etc/var/TVUAx.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214054730812

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Arquivos de programas\a-squared Free\a2service.exe

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\AdmIg\Firebird\bin\fbserver.exe

O23 - Service: Google Update Service (gupdate1c9d8de2812eabc) (gupdate1c9d8de2812eabc) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe

O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

 

--

End of file - 11709 bytes

 

ComboFix 10-06-19.01 - lan-04 20/06/2010 13:00:44.17.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.411 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\lan-04\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 

FILE ::

"c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe"

"C:\LinhaDefensiva.zip"

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\arquivos de programas\setup_7.0.0.290_05.08.2009_03-20.exe

C:\LinhaDefensiva.zip

C:\Thumbs.db

c:\windows\system32\inmbox

c:\windows\system32\inmbox\iData\2967795014\days_htinha1487560979.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\paloma-loureiro791419679.xml

c:\windows\system32\inmbox\iData\2967795014\thatytharja2518005915.xml

c:\windows\system32\inmbox\iData\2967795014\vivianelopes.com556623785.xml

c:\windows\system32\inmbox\iData\772360000\camillaamatos857998223.xml

c:\windows\system32\inmbox\iData\772360000\MessageLog.xsl

c:\windows\system32\inmbox\iData\772360000\micheldasilvamonte4054791004.xml

 

c:\windows\system32\vbzlib1.dll . . . está faltando!!

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_IS-A7UA6DRV

-------\Legacy_IS-D8KDBDRV

-------\Legacy_IS-QR2A2DRV

-------\Legacy_IS-UEHSSDRV

-------\Service_is-A7UA6drv

-------\Service_is-D8KDBdrv

-------\Service_is-QR2A2drv

-------\Service_is-UEHSSdrv

-------\Service_is-VD0FUdrv

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-20 to 2010-06-20 ))))))))))))))))))))))))))))

.

 

2010-06-19 15:29 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 22:01 . 2010-06-18 22:02 148257995 ----a-w- C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

2010-06-18 21:15 . 2010-06-18 22:02 -------- d-----w- C:\UsbFix

2010-06-18 21:12 . 2010-06-18 21:14 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 01:55 . 2010-06-17 01:55 -------- d-----w- C:\Toll Bar

2010-06-12 23:12 . 2010-06-18 22:03 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\PriceGong

2010-06-11 22:53 . 2010-06-20 02:58 -------- d-----w- C:\cc9c4f68ee2f300ab00cbff2dd

2010-06-11 21:06 . 2010-06-20 02:58 -------- d-----w- C:\d1cc57b52de34df7644a

2010-06-11 20:59 . 2010-06-18 21:57 -------- d-----w- C:\Pen drive

2010-06-11 20:57 . 2008-08-26 00:39 -------- d-----w- C:\327882R2FWJFW

2010-06-10 22:35 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-20 16:14 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-20 16:14 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-20 15:58 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-06-20 00:03 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-06-19 15:30 . 2010-06-19 15:30 503808 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcp71.dll

2010-06-19 15:30 . 2010-06-19 15:30 499712 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\jmc.dll

2010-06-19 15:30 . 2010-06-19 15:30 348160 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcr71.dll

2010-06-19 15:30 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Java

2010-06-19 15:29 . 2010-06-19 15:29 61440 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-sse.dll

2010-06-19 15:29 . 2010-06-19 15:29 12800 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-d3d.dll

2010-06-19 15:29 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-19 15:15 . 2008-07-10 20:54 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2010-06-19 15:14 . 2009-01-11 15:18 -------- d-----w- c:\arquivos de programas\XviD

2010-06-19 15:14 . 2008-06-28 16:01 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-06-19 15:14 . 2009-03-15 15:23 -------- d-----w- c:\arquivos de programas\TVUPlayer

2010-06-19 15:14 . 2009-04-30 19:11 -------- d-----w- c:\arquivos de programas\PhotoScape

2010-06-19 15:14 . 2008-06-20 17:24 -------- d-----w- c:\arquivos de programas\mobile PhoneTools

2010-06-19 15:14 . 2008-09-23 17:22 -------- d-----w- c:\arquivos de programas\LiveUpdate

2010-06-19 15:14 . 2008-06-29 13:22 -------- d-----w- c:\arquivos de programas\LimeWire

2010-06-19 15:14 . 2008-07-21 22:31 -------- d-----w- c:\arquivos de programas\eMule Acceleration Patch

2010-06-18 00:52 . 2001-10-28 12:07 584300 ----a-w- c:\windows\system32\perfh016.dat

2010-06-18 00:52 . 2001-10-28 12:07 114124 ----a-w- c:\windows\system32\perfc016.dat

2010-06-13 20:41 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Babylon

2010-06-13 20:24 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-06-11 21:05 . 2009-03-14 20:23 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-06-07 21:27 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-05-19 21:47 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-19 01:09 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-05-18 20:51 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-05-18 15:00 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-16 21:54 . 2010-05-16 21:48 -------- d-----w- c:\arquivos de programas\TIM Web Banda Larga

2010-05-08 19:29 . 2010-03-10 14:56 -------- d-----w- c:\arquivos de programas\Cool2000

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 19:48 . 2010-05-01 19:33 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2010-05-01 19:36 . 2010-05-01 19:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-01 19:36 . 2010-05-01 19:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-01 19:35 . 2010-05-01 19:35 -------- d-----w- c:\arquivos de programas\Applian Director

2010-05-01 19:10 . 2010-05-01 18:57 -------- d-----w- c:\arquivos de programas\Save Flash

2010-04-29 18:39 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-02 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:48 . 2010-04-15 18:22 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-25 13:56 . 2010-05-18 15:06 131360 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2010-06-17 01:04 2736736 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2010-02-27 654648]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

"Nero PhotoShow Media Manager"="c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-A7UA6.lnk

backup=c:\windows\pss\is-A7UA6.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-D8KDB.lnk

backup=c:\windows\pss\is-D8KDB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-QR2A2.lnk

backup=c:\windows\pss\is-QR2A2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-UEHSS.lnk

backup=c:\windows\pss\is-UEHSS.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-VD0FU.lnk

backup=c:\windows\pss\is-VD0FU.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]

2009-09-22 18:09 156672 ----a-w- c:\arquivos de programas\Replay Media Catcher\FLVSrvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 719392]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-20 13:15

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(600)

c:\windows\system32\COMRes.dll

 

- - - - - - - > 'explorer.exe'(1816)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\SCardSvr.exe

c:\arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

c:\admig\Firebird\bin\fbserver.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\HPZipm12.exe

c:\arquivos de programas\CyberLink\Shared files\RichVideo.exe

c:\arquivos de programas\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-06-20 13:22:49 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-06-20 16:22

ComboFix2.txt 2010-06-20 01:45

 

Pré-execução: 4.514.725.888 bytes disponíveis

Pós execução: 4.429.713.408 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - A385BDF2911C7D98EF8E40E0A310DC4A

 

 

 

PS: A barra de programas no Menu Iniciar não está aparecendo, o q devo fazer?

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

a-squared Free - Versão 4.5

Última atualização 8/8/2009 11:35:40

 

Configurações da análise:

 

Scan type: smart

Objetos: Memória, Rastros, Cookies, C:\WINDOWS\, C:\Arquivos de programas

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado

 

Início da análise: 20/6/2010 14:54:33

 

c:\arquivos de programas\bittorrent detectado: Trace.Directory.Bittorrent 5.0!A2

Value: HKEY_USERS\S-1-5-21-1844237615-1606980848-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order detectado: Trace.Registry.Emule 5.0!A2

c:\arquivos de programas\bittorrent\bittorrent.exe detectado: Trace.File.Bittorrent 5.0!A2

c:\documents and settings\lan-04\desktop\bittorrent.lnk detectado: Trace.File.Bittorrent 5.0!A2

Key: HKEY_CLASSES_ROOT\capturescreens.capturescreen detectado: Trace.Registry.NetSpyKeyLogger!A2

Key: HKEY_LOCAL_MACHINE\software\classes\capturescreens.capturescreen detectado: Trace.Registry.NetSpyKeyLogger!A2

C:\Documents and Settings\lan-04\Cookies\lan-04@atdmt[1].txt detectado: Trace.TrackingCookie.atdmt!A2

C:\Documents and Settings\lan-04\Cookies\lan-04@bs.serving-sys[1].txt detectado: Trace.TrackingCookie.bs.serving-sys!A2

C:\Documents and Settings\lan-04\Cookies\lan-04@serving-sys[2].txt detectado: Trace.TrackingCookie.serving-sys!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273262267046000 detectado: Trace.TrackingCookie.doubleclick.net!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273285868546000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273285868546002 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273286079000000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273286879250001 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425021359001 detectado: Trace.TrackingCookie.myspace.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425023234000 detectado: Trace.TrackingCookie.myspace.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425023234003 detectado: Trace.TrackingCookie.myspace.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425028281003 detectado: Trace.TrackingCookie.demr.opt.fimserve.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425028281004 detectado: Trace.TrackingCookie.demr.opt.fimserve.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273425028281005 detectado: Trace.TrackingCookie.demr.opt.fimserve.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273554786937000 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273554786953000 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273554786953001 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273554786953002 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273554786953003 detectado: Trace.TrackingCookie.web2.checkm8.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273555356468000 detectado: Trace.TrackingCookie.ads.us.e-planning.net!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273813245687001 detectado: Trace.TrackingCookie.ads.crakmedia.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273816576515000 detectado: Trace.TrackingCookie.casalemedia.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273816576515001 detectado: Trace.TrackingCookie.casalemedia.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273816576515002 detectado: Trace.TrackingCookie.casalemedia.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1273816585171000 detectado: Trace.TrackingCookie.pmetrics.performancing.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274203907359000 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274203907359002 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274211105609000 detectado: Trace.TrackingCookie.tribalfusion.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274211535937000 detectado: Trace.TrackingCookie.azjmp.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274214913984000 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274214913984001 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274214923484000 detectado: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274214923484003 detectado: Trace.TrackingCookie.zedo.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274215386062002 detectado: Trace.TrackingCookie.myspace.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274564664718000 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1274995647765000 detectado: Trace.TrackingCookie.myspace.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275186936671000 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275186936671002 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275241503843000 detectado: Trace.TrackingCookie.be.sitestat.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275241503843001 detectado: Trace.TrackingCookie.be.sitestat.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275343533937001 detectado: Trace.TrackingCookie.ad.adnetwork.com.br!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1275961979046004 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1276358931015000 detectado: Trace.TrackingCookie.adserv!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1276471487968001 detectado: Trace.TrackingCookie.adbrite.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1276900843656002 detectado: Trace.TrackingCookie.searchportal.information.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1276992944859001 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Documents and Settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\cookies.sqlite:1276992944859003 detectado: Trace.TrackingCookie.ad.yieldmanager.com!A2

C:\Arquivos de programas\CyberLink\PowerDVD\Trial\PowerDVD/CR-PDV70 by SYED ZAKI AHMED.exe detectado: Riskware.Hacktool.Keygen.Acronis!IK

C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\smh.exe detectado: Trojan-Dropper!IK

C:\Arquivos de programas\eMule Acceleration Patch\eMule Acceleration Patch.exe detectado: Virus.Win32.Agent.aj!IK

C:\Arquivos de programas\Megacubo\components\bin\HTML.dll detectado: Trojan.Generic!IK

C:\Arquivos de programas\Programas RFB\Dirf2009\rmvdirf.exe detectado: Trojan-Downloader.Win32.Banload!IK

C:\Arquivos de programas\UsbFix\UsbFix.exe detectado: Trojan.Win32.KillAV.ko!IK

C:\Arquivos de programas\UsbFix.exe/DevP.exe detectado: IM-Worm.Win32.Prex.D!IK

 

Analisado

 

Arquivos: 132133

Objetos: 627733

Cookies: 1590

Processos: 39

 

Encontrado

 

Arquivos: 7

Objetos: 6

Cookies: 48

Processos: 0

Chaves do registro: 0

 

Fim da análise: 20/6/2010 15:51:48

Duração da análise: 0:57:15

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sat Jun 19 12:30:33 2010

 

Found and removed: C:\Arquivos de programas\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\lan-04\Dados de aplicativos\Sun\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\lan-04\Dados de aplicativos\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\lan-04\Dados de aplicativos\Sun\Java\jre1.6.0_12

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sun Jun 20 14:52:13 2010

 

------------------------------------

 

Finished reporting.

 

 

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sun Jun 20 14:52:28 2010

 

------------------------------------

 

Finished reporting.

 

 

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sun Jun 20 14:52:53 2010

 

------------------------------------

 

Finished reporting.

 

 

 

JavaRa 1.15 Removal Log.

 

Report follows after line.

 

------------------------------------

 

The JavaRa removal process was started on Sun Jun 20 20:32:25 2010

 

------------------------------------

 

Finished reporting.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! esdrasyave

 

c:\windows\system32\vbzlib1.dll . . . está faltando!!

<!> Ps: ComboFix,removeu um arquivo legítimo,alocando-o na pasta Qoobox.

<!> Ps: O ficheiro ( vbzlib1.dll ),para não ser detectado,foi renomeado: vbzlib1.dll.vir

<!> Eis o caminho: C:\QooBox\Quarantine\C\WINDOWS\system32\vbzlib1.dll.vir <--

<!> Busque copiá-lo,sem a extensão .vir,para este diretório:

 

<1> c:\windows\system32\dllcache <--

 

<!> Onde,se corretamente executado,teremos o caminho: c:\windows\system32\dllcache\vbzlib1.dll

<!> Conclua sua restauração,pelo script da ferramenta ComboFix.

00000000000000000000

oooooooooooooooooooo

<@> Selecione e copie,esta informação que está no campo,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RESTORE::c:\windows\system32\vbzlib1.dll

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt

 

PS: A barra de programas no Menu Iniciar não está aparecendo, o q devo fazer?

Obrigado!

<!> Se a correção anterior não resolver,tente este Fix: < xptaskbar >

<!> Salve-o no desktop e execute-o aí mesmo.

<!> Reinicie o computador,ao concluir!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei os 2 metodos mas nenhum deu certo a barra continua sem aparecer

ai está o log do combofix.

 

 

ComboFix 10-06-19.01 - lan-04 20/06/2010 21:24:37.18.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.639 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\lan-04\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Thumbs.db

c:\windows\system32\inmbox

c:\windows\system32\inmbox\iData\2967795014\levi_cunha3781753073.xml

c:\windows\system32\inmbox\iData\2967795014\MessageLog.xsl

c:\windows\system32\inmbox\iData\2967795014\ninagatapoderosa4230355267.xml

c:\windows\system32\inmbox\iData\2967795014\paloma-loureiro791419679.xml

c:\windows\system32\inmbox\iData\2967795014\susyloka_841328117961.xml

 

c:\windows\system32\vbzlib1.dll . . . está infectado!!

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-21 to 2010-06-21 ))))))))))))))))))))))))))))

.

 

2010-06-19 15:30 . 2010-06-19 15:30 503808 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcp71.dll

2010-06-19 15:30 . 2010-06-19 15:30 499712 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\jmc.dll

2010-06-19 15:30 . 2010-06-19 15:30 348160 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcr71.dll

2010-06-19 15:29 . 2010-06-19 15:29 61440 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-sse.dll

2010-06-19 15:29 . 2010-06-19 15:29 12800 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-d3d.dll

2010-06-19 15:29 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 22:01 . 2010-06-18 22:02 148257995 ----a-w- C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

2010-06-18 21:15 . 2010-06-18 22:02 -------- d-----w- C:\UsbFix

2010-06-18 21:12 . 2010-06-18 21:14 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 01:55 . 2010-06-17 01:55 -------- d-----w- C:\Toll Bar

2010-06-12 23:12 . 2010-06-18 22:03 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\PriceGong

2010-06-11 22:53 . 2010-06-20 02:58 -------- d-----w- C:\cc9c4f68ee2f300ab00cbff2dd

2010-06-11 21:06 . 2010-06-20 02:58 -------- d-----w- C:\d1cc57b52de34df7644a

2010-06-11 20:59 . 2010-06-18 21:57 -------- d-----w- C:\Pen drive

2010-06-11 20:57 . 2008-08-26 00:39 -------- d-----w- C:\327882R2FWJFW

2010-06-10 22:35 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-21 00:19 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-06-21 00:19 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-06-20 21:19 . 2009-03-14 20:23 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-06-20 16:14 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-20 16:14 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-19 15:30 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Java

2010-06-19 15:29 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-19 15:15 . 2008-07-10 20:54 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2010-06-19 15:14 . 2009-01-11 15:18 -------- d-----w- c:\arquivos de programas\XviD

2010-06-19 15:14 . 2008-06-28 16:01 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-06-19 15:14 . 2009-03-15 15:23 -------- d-----w- c:\arquivos de programas\TVUPlayer

2010-06-19 15:14 . 2009-04-30 19:11 -------- d-----w- c:\arquivos de programas\PhotoScape

2010-06-19 15:14 . 2008-06-20 17:24 -------- d-----w- c:\arquivos de programas\mobile PhoneTools

2010-06-19 15:14 . 2008-09-23 17:22 -------- d-----w- c:\arquivos de programas\LiveUpdate

2010-06-19 15:14 . 2008-06-29 13:22 -------- d-----w- c:\arquivos de programas\LimeWire

2010-06-19 15:14 . 2008-07-21 22:31 -------- d-----w- c:\arquivos de programas\eMule Acceleration Patch

2010-06-18 00:52 . 2001-10-28 12:07 584300 ----a-w- c:\windows\system32\perfh016.dat

2010-06-18 00:52 . 2001-10-28 12:07 114124 ----a-w- c:\windows\system32\perfc016.dat

2010-06-13 20:41 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Babylon

2010-06-13 20:24 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-06-07 21:27 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-05-19 21:47 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-19 01:09 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-05-18 20:51 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-05-18 15:00 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-16 21:54 . 2010-05-16 21:48 -------- d-----w- c:\arquivos de programas\TIM Web Banda Larga

2010-05-08 19:29 . 2010-03-10 14:56 -------- d-----w- c:\arquivos de programas\Cool2000

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 19:48 . 2010-05-01 19:33 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2010-05-01 19:36 . 2010-05-01 19:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-01 19:36 . 2010-05-01 19:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-01 19:35 . 2010-05-01 19:35 -------- d-----w- c:\arquivos de programas\Applian Director

2010-05-01 19:10 . 2010-05-01 18:57 -------- d-----w- c:\arquivos de programas\Save Flash

2010-04-29 18:39 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-02 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:48 . 2010-04-15 18:22 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-25 13:56 . 2010-05-18 15:06 131360 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-06-20_01.36.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-20 22:48 . 2010-06-20 22:48 16384 c:\windows\temp\Perflib_Perfdata_75c.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2010-06-17 01:04 2736736 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2010-02-27 654648]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

"Nero PhotoShow Media Manager"="c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-A7UA6.lnk

backup=c:\windows\pss\is-A7UA6.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-D8KDB.lnk

backup=c:\windows\pss\is-D8KDB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-QR2A2.lnk

backup=c:\windows\pss\is-QR2A2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-UEHSS.lnk

backup=c:\windows\pss\is-UEHSS.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-VD0FU.lnk

backup=c:\windows\pss\is-VD0FU.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]

2009-09-22 18:09 156672 ----a-w- c:\arquivos de programas\Replay Media Catcher\FLVSrvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 1872320]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - plugin: c:\arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\arquivos de programas\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npkimi.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-20 21:33

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-20 21:36:22

ComboFix-quarantined-files.txt 2010-06-21 00:36

ComboFix2.txt 2010-06-20 16:22

ComboFix3.txt 2010-06-20 01:45

 

Pré-execução: 4.253.872.128 bytes disponíveis

Pós execução: 4.205.621.248 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - CC0D55DC72E1500FC0E9EFA96D247599

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! esdrasyave

 

Tentei os 2 metodos mas nenhum deu certo a barra continua sem aparecer

ai está o log do combofix.

<!> Você possui o CD de instalação do Windows-XP?

0000000000000000000000

oooooooooooooooooooooo

<@> Baixe: < SystemLook > ( ...by jpshortstuff )

<@> Salve-o no desktop.

<@> Execute SystemLook.exe e,no campo,cole estas informações:

 

:filefindvbzlib1.dll

<@> Clique,à seguir,em Look --> Aguarde!

<@> Terminando,clique em Exit.

<@> Poste o relatório: SystemLook.txt <--

000000000000000000000

ooooooooooooooooooooo

<@> Vá em Iniciar --> Executar --> Digite: sfc /scannow --> Clique OK.

 

< 2.jpg >

 

<@> Será pedido a colocação do CD-ROM,do Windows XP,no drive.

<@> Será,portanto,acionada a "Proteção de arquivo do Windows".

 

Ps: Aguarde enquanto o Windows verifica se todos os arquivos protegidos do Windows estão intactos e em suas versões originais.

<@> Aguarde a conclusão do reparo!

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola´..

brother infelizmente não tenho o cdpois nao fui eu kem instalei o windows aki. será q tem alguma outra forma de resolver isso?

abraços

//////////////\\\\\\\\\\\\\\

Boa Noite! esdrasyave

 

<!> Tentaremos por outros meios!

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < Taskbar Repair Tool Plus! >

<@> Retire o executável do zip!

<@> Rode a ferramenta e,em Taskbar Problems,corrija a função "Taskbar is Missing".

<@> Existem outras,mas...essa correção lhe será adequada.

0000000000000000000

ooooooooooooooooooo

<@> Baixe: < vbzlib1.dll >

<@> Salve-o neste endereço: c:\windows\system32\dllcache <--

<@> Ps: Selecione e copie,esta informação que está no campo,para o Bloco de Notas.

<@> Salve-o,no Desktop,com o nome: CFScript.txt

 

RESTORE::c:\windows\system32\vbzlib1.dll

<@> Ps: É recomendável que esteja desconectado,ao rodar o script.

<@> Ps: Desabilite,temporariamente,seu antivírus.

<@> Ps: Não utilizem este script em outra máquina!

<@> Arraste,o CFScript.txt para o ícone/interior do ComboFix.

<@> Veja a demonstração!

 

2872959479_997d4500c4_o.gif

 

<@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix.

<@> Ps: Faça o arraste,até surgir essa solicitação! ( janela )

<@> Terminando,poste: C:\ComboFix.txt

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 10-06-19.01 - lan-04 24/06/2010 21:08:28.20.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.990.606 [GMT -3:00]

Executando de: c:\documents and settings\lan-04\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\lan-04\Desktop\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Firewall pessoal do ESET *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Thumbs.db

c:\windows\system32\Thumbs.db

 

c:\windows\system32\vbzlib1.dll . . . está infectado!!

 

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-25 to 2010-06-25 ))))))))))))))))))))))))))))

.

 

2010-06-24 23:48 . 2004-07-17 01:42 176128 ----a-w- C:\TaskbarRepairToolPlus!.exe

2010-06-24 23:07 . 2010-06-24 23:07 73728 -c--a-w- c:\windows\system32\dllcache\vbzlib1.dll

2010-06-24 23:07 . 2010-06-24 23:07 49875 ----a-w- C:\TaskbarRepairToolPlus!.zip

2010-06-23 23:27 . 2010-06-23 23:27 -------- d-----w- c:\arquivos de programas\DCSAurelio

2010-06-23 23:09 . 2010-06-23 23:09 148251245 ----a-w- C:\UsbFix_Upload_Me_BEGA-4078FCC43.zip

2010-06-23 20:53 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-06-19 15:30 . 2010-06-19 15:30 503808 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcp71.dll

2010-06-19 15:30 . 2010-06-19 15:30 499712 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\jmc.dll

2010-06-19 15:30 . 2010-06-19 15:30 348160 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3b15d4d7-n\msvcr71.dll

2010-06-19 15:29 . 2010-06-19 15:29 61440 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-sse.dll

2010-06-19 15:29 . 2010-06-19 15:29 12800 ----a-w- c:\documents and settings\lan-04\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7229e527-n\decora-d3d.dll

2010-06-19 15:29 . 2010-04-12 20:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-18 21:15 . 2010-06-23 23:09 -------- d-----w- C:\UsbFix

2010-06-18 21:12 . 2010-06-18 21:14 1225123 ----a-w- c:\arquivos de programas\UsbFix.exe

2010-06-17 01:55 . 2010-06-17 01:55 -------- d-----w- C:\Toll Bar

2010-06-12 23:12 . 2010-06-23 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\PriceGong

2010-06-11 22:53 . 2010-06-20 02:58 -------- d-----w- C:\cc9c4f68ee2f300ab00cbff2dd

2010-06-11 21:06 . 2010-06-20 02:58 -------- d-----w- C:\d1cc57b52de34df7644a

2010-06-11 20:59 . 2010-06-18 21:57 -------- d-----w- C:\Pen drive

2010-06-11 20:57 . 2008-08-26 00:39 -------- d-----w- C:\327882R2FWJFW

2010-06-10 22:35 . 2010-05-06 10:34 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-25 00:03 . 2009-03-03 23:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\SolidDocuments

2010-06-25 00:03 . 2009-04-11 19:12 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\BitTorrent

2010-06-24 16:17 . 2009-04-01 15:31 -------- d-----w- c:\windows\system32\config\systemprofile\Dados de aplicativos\SolidDocuments

2010-06-23 20:54 . 2008-06-28 15:46 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack

2010-06-21 22:59 . 2009-03-14 20:23 -------- d-----w- c:\arquivos de programas\a-squared Free

2010-06-20 16:14 . 2009-03-14 04:09 62357984 -csha-w- c:\windows\system32\drivers\fidbox.idx

2010-06-20 16:14 . 2009-03-14 04:09 4294966272 -csha-w- c:\windows\system32\drivers\fidbox.dat

2010-06-19 15:30 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Java

2010-06-19 15:29 . 2008-09-05 15:59 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-06-19 15:15 . 2008-07-10 20:54 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Image Zone Express

2010-06-19 15:14 . 2009-01-11 15:18 -------- d-----w- c:\arquivos de programas\XviD

2010-06-19 15:14 . 2008-06-28 16:01 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2

2010-06-19 15:14 . 2009-03-15 15:23 -------- d-----w- c:\arquivos de programas\TVUPlayer

2010-06-19 15:14 . 2009-04-30 19:11 -------- d-----w- c:\arquivos de programas\PhotoScape

2010-06-19 15:14 . 2008-06-20 17:24 -------- d-----w- c:\arquivos de programas\mobile PhoneTools

2010-06-19 15:14 . 2008-09-23 17:22 -------- d-----w- c:\arquivos de programas\LiveUpdate

2010-06-19 15:14 . 2008-06-29 13:22 -------- d-----w- c:\arquivos de programas\LimeWire

2010-06-19 15:14 . 2008-07-21 22:31 -------- d-----w- c:\arquivos de programas\eMule Acceleration Patch

2010-06-18 00:52 . 2001-10-28 12:07 584300 ----a-w- c:\windows\system32\perfh016.dat

2010-06-18 00:52 . 2001-10-28 12:07 114124 ----a-w- c:\windows\system32\perfc016.dat

2010-06-13 20:41 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Babylon

2010-06-13 20:24 . 2009-04-30 21:53 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon

2010-06-07 21:27 . 2009-01-07 14:15 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight

2010-06-02 08:00 . 2008-06-12 18:36 108032 ----a-w- c:\windows\system32\ff_vfw.dll

2010-05-19 21:47 . 2009-12-21 14:47 -------- d-----w- c:\arquivos de programas\DVDVideoSoft

2010-05-18 20:51 . 2008-07-27 13:19 -------- d-----w- c:\documents and settings\lan-04\Dados de aplicativos\Orbit

2010-05-18 15:00 . 2009-08-02 14:22 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2010-05-16 21:54 . 2010-05-16 21:48 -------- d-----w- c:\arquivos de programas\TIM Web Banda Larga

2010-05-08 19:29 . 2010-03-10 14:56 -------- d-----w- c:\arquivos de programas\Cool2000

2010-05-06 10:34 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-02 08:08 . 2004-08-04 03:38 1851392 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 19:48 . 2010-05-01 19:33 -------- d-----w- c:\arquivos de programas\Replay Media Catcher

2010-05-01 19:36 . 2010-05-01 19:36 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe

2010-05-01 19:36 . 2010-05-01 19:36 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll

2010-05-01 19:35 . 2010-05-01 19:35 -------- d-----w- c:\arquivos de programas\Applian Director

2010-05-01 19:10 . 2010-05-01 18:57 -------- d-----w- c:\arquivos de programas\Save Flash

2010-04-29 18:39 . 2009-08-02 14:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 18:39 . 2009-08-02 14:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-28 01:48 . 2010-04-15 18:22 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-04-20 05:31 . 2004-08-04 03:44 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-03-31 01:49 . 2008-06-28 15:47 94208 ----a-w- c:\windows\system32\dpl100.dll

2009-08-05 12:20 . 2009-08-05 13:28 41063272 ----a-w- c:\arquivos de programas\Caspo.exe

2008-06-19 20:56 . 2008-06-19 20:56 4450382 ----a-w- c:\arquivos de programas\nero_photoshow_express_4_us_row.exe

2008-06-19 20:42 . 2008-06-19 20:42 6104632 ----a-w- c:\arquivos de programas\picasaweb-current-setup.exe

2004-07-22 13:51 . 2004-07-22 13:51 3432656 ----a-w- c:\arquivos de programas\ManagedDX.CAB

2004-07-20 01:58 . 2004-07-20 01:58 1156363 ----a-w- c:\arquivos de programas\BDANT.cab

2004-07-20 01:53 . 2004-07-20 01:53 976020 ----a-w- c:\arquivos de programas\BDAXP.cab

2004-07-09 17:17 . 2004-07-09 17:17 13265040 ----a-w- c:\arquivos de programas\dxnt.cab

2004-07-09 12:13 . 2004-07-09 12:13 15493481 -c--a-w- c:\arquivos de programas\DirectX.cab

2004-07-09 12:13 . 2004-07-09 12:13 703080 -c--a-w- c:\arquivos de programas\BDA.cab

2004-07-09 07:08 . 2004-07-09 07:08 472576 ----a-w- c:\arquivos de programas\dxsetup.exe

2004-07-09 07:08 . 2004-07-09 07:08 2242560 ----a-w- c:\arquivos de programas\dsetup32.dll

2004-07-09 06:03 . 2004-07-09 06:03 62976 ----a-w- c:\arquivos de programas\DSETUP.dll

2009-03-14 04:18 . 2009-03-14 04:09 352288 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

 

((((((((((((((((((((((((((((( SnapShot@2010-06-20_01.36.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-24 23:37 . 2010-06-24 23:37 16384 c:\windows\temp\Perflib_Perfdata_73c.dat

+ 2010-06-23 23:27 . 2010-06-23 23:27 45056 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\NewShortcut1.exe

- 2009-01-08 22:48 . 2009-01-08 22:48 45056 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\NewShortcut1.exe

+ 2010-06-23 23:27 . 2010-06-23 23:27 3638 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe

- 2009-01-08 22:48 . 2009-01-08 22:48 3638 c:\windows\Installer\{498B4BF1-AD73-4AA8-99EB-18D400E42482}\ARPPRODUCTICON.exe

+ 2009-07-12 04:12 . 2009-07-12 04:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 04:09 . 2009-07-12 04:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 04:08 . 2009-07-12 04:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2008-06-28 15:47 . 2004-01-25 16:18 217088 c:\windows\system32\yv12vfw.dll

+ 2008-06-28 15:47 . 2009-05-29 21:37 205824 c:\windows\system32\xvidvfw.dll

+ 2008-06-28 15:47 . 2009-05-29 21:31 881664 c:\windows\system32\xvidcore.dll

+ 2008-06-28 15:47 . 2010-06-02 08:00 185920 c:\windows\system32\rmoc3260.dll

+ 2010-06-19 18:06 . 2010-06-24 00:37 319544 c:\windows\system32\FNTCACHE.DAT

- 2010-06-19 18:06 . 2010-06-20 01:02 319544 c:\windows\system32\FNTCACHE.DAT

+ 2008-06-28 15:47 . 2010-02-19 19:27 720384 c:\windows\system32\divx.dll

+ 2010-06-23 20:53 . 2010-06-23 20:53 169472 c:\windows\Installer\4ad8ab.msi

+ 2010-06-23 23:27 . 2010-06-23 23:27 1150464 c:\windows\Installer\d1f44b.msi

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

2010-06-17 01:04 2736736 ----a-w- c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\arquivos de programas\DVDVideoSoft\tbDVD0.dll" [2010-06-17 2736736]

 

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BitTorrent"="c:\arquivos de programas\BitTorrent\bittorrent.exe" [2010-02-27 654648]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-27 39408]

"Nero PhotoShow Media Manager"="c:\arquiv~1\Nero\NEROPH~1\data\xtras\mssysmgr.exe" [2006-05-10 249856]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Discador Oi Internet.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Discador Oi Internet.lnk

backup=c:\windows\pss\Discador Oi Internet.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-A7UA6.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-A7UA6.lnk

backup=c:\windows\pss\is-A7UA6.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-D8KDB.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-D8KDB.lnk

backup=c:\windows\pss\is-D8KDB.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-QR2A2.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-QR2A2.lnk

backup=c:\windows\pss\is-QR2A2.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-UEHSS.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-UEHSS.lnk

backup=c:\windows\pss\is-UEHSS.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^lan-04^Menu Iniciar^Programas^Inicializar^is-VD0FU.lnk]

path=c:\documents and settings\lan-04\Menu Iniciar\Programas\Inicializar\is-VD0FU.lnk

backup=c:\windows\pss\is-VD0FU.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]

2009-09-22 18:09 156672 ----a-w- c:\arquivos de programas\Replay Media Catcher\FLVSrvc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

2008-10-31 22:20 3563232 ----a-w- c:\arquivos de programas\Babylon\Babylon-Pro\Babylon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]

2008-04-14 02:21 110592 ----a-w- c:\windows\system32\bthprops.cpl

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

2006-04-01 20:32 1581056 ----a-r- c:\windows\mixer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51 691656 ----a-w- c:\arquivos de programas\DAEMON Tools Lite\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMule Acceleration Patch]

2008-07-21 22:31 1888 ----a-w- c:\documents and settings\All Users\Menu Iniciar\Programas\eMule Acceleration Patch\eMule Acceleration Patch.lnk

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]

2009-12-02 15:40 122880 ----a-w- c:\arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2009-06-30 15:30 133104 ----atw- c:\documents and settings\lan-04\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

2005-01-07 20:07 61952 ------w- c:\windows\system32\HdAShCut.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-12-15 14:18 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]

2006-05-18 14:29 49152 ----a-w- c:\arquivos de programas\CyberLink\PowerDVD\Language\Language.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 02:21 1695232 ----a-w- c:\arquivos de programas\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 19:44 3883840 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]

2006-05-10 19:52 249856 ----a-w- c:\arquiv~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2006-04-01 20:33 7110656 ----a-w- c:\windows\system32\nvcpl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2006-04-01 20:33 86016 ----a-w- c:\windows\system32\nvmctray.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

2005-12-08 01:57 30208 ------w- c:\arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

2006-10-10 00:43 729088 ----a-w- c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-06-27 11:06 39408 ----a-w- c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2009-01-13 14:09 270128 ----a-w- c:\arquivos de programas\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]

2005-03-08 03:33 53248 ----a-r- c:\windows\system32\VTTimer.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]

2005-11-01 04:15 163840 ----a-r- c:\windows\system32\VTTrayp.exe

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Arquivos de programas\\Orbitdownloader\\orbitdm.exe"=

"c:\\Arquivos de programas\\Orbitdownloader\\orbitnet.exe"=

"c:\\Arquivos de programas\\eMule\\emule.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=

"c:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\River Past\\Wave@MP3\\WaveAtMp3.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\Megacubo\\megacubo.exe"=

"c:\\Documents and Settings\\lan-04\\Meus documentos\\Meus arquivos recebidos\\TeamViewer.exe"=

"c:\\WINDOWS\\system32\\ftp.exe"=

 

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/5/2009 15:47 107256]

R2 a2free;a-squared Free Service;c:\arquivos de programas\a-squared Free\a2service.exe [14/3/2009 17:23 1872320]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe [14/5/2009 15:47 731840]

R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance --> c:\admig\Firebird\bin\fbserver.exe -s DefaultInstance [?]

S2 gupdate1c9d8de2812eabc;Google Update Service (gupdate1c9d8de2812eabc);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [19/5/2009 21:01 133104]

S3 ListOpenedFileDrv;System Explorer Opened File Info;\??\c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys --> c:\docume~1\lan-04\CONFIG~1\Temp\ListOpenedFileDrvXP.sys [?]

S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]

S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]

S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]

S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]

S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]

S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]

S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]

S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]

S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]

S3 Sony_EricssonWWSC;Sony Ericsson SIM Card Reader;c:\windows\system32\DRIVERS\sesc.sys --> c:\windows\system32\DRIVERS\sesc.sys [?]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/9/2009 18:09 721904]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

 

2010-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2009-05-20 00:01]

.

.

------- Scan Suplementar -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mWindow Title =

uInternet Settings,ProxyOverride = local

IE: &Download by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: Translate with &Babylon - c:\arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

Trusted Zone: ufc.br\www.sofia

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/plugin/GbpDist.cab

FF - ProfilePath - c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.orkut.com

FF - prefs.js: keyword.URL - hxxp://websearch.qbyrd.com/redirect?client=ff&src=kw&tb=ATU-QBD&o=102357&locale=pt_US&apn_uid=008E5851-1AF5-4935-A8BD-CAC218AE132F&apn_ptnrs=Q7&apn_sauid=5DB2595C-15C0-4EEA-94BE-2E8F560E8428&apn_dtid=YYYYYYQ2US&q=

FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\lan-04\Dados de aplicativos\Mozilla\Firefox\Profiles\5hnkqff0.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-24 21:16

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-06-24 21:21:08

ComboFix-quarantined-files.txt 2010-06-25 00:21

ComboFix2.txt 2010-06-23 20:28

ComboFix3.txt 2010-06-21 00:36

ComboFix4.txt 2010-06-20 16:22

ComboFix5.txt 2010-06-25 00:04

 

Pré-execução: 686.764.032 bytes disponíveis

Pós execução: 637.145.088 bytes disponíveis

 

Current=11 Default=11 Failed=10 LastKnownGood=12 Sets=1,2,3,4,5,6,7,8,10,11,12

- - End Of File - - 94A75BAFAEC9B6EBBD3996AFCEFE9C2F

 

Ah a barra continua sem aparecer brother.

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.