[Resolvido] &nbspminha area de trabalho ficou preta

gvidaletti · Dezembro 7, 2010

Boa Noite Amigos,

Meu PC começou a dar um monte de erros, dizendo que nao conseguia achar as memorias (HD e RAM) e o avira ficava dando um amensagem chata. Desativei e baixei o Kaspesky. Ele até que corrigiu esses erros, mas meu pc continua toda errado. A Area de trabalho esta preta (nao consigo mudar), o diretorio C aparece no everest como TRIAL VERSON, ele le dvd onde so tem entrada de usb, etc

Abaixo vou postar o relatorio do hijackthis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:02:32, on 6/12/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\idt\wdm\winxp\STacSV.exe

C:\WINDOWS\system32\FsUsbExService.Exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\IDT\WDM\sttray.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Arquivos de programas\AllerCalc\AllerCalc.exe

C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

C:\ARQUIV~1\ARQUIV~1\PCSuite\DATALA~1\DATALA~1.EXE

C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\ARQUIV~1\FREEDO~1\fdm.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngin0.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: mipony-plugin Toolbar - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngin0.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\ARQUIV~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [MFARestart] "C:\Documents and Settings\All Users\Dados de aplicativos\MFAData\pack\avgrunasx.exe" /usereg

O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [AllerCalc] "C:\Arquivos de programas\AllerCalc\AllerCalc.exe" /i

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [dFUJWstgdd.exe] C:\DOCUME~1\Dulce\CONFIG~1\Temp\dFUJWstgdd.exe

O4 - HKCU\..\Run: [10109078] C:\DOCUME~1\Dulce\CONFIG~1\Temp\10109078.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Baixar com Mipony - file://C:\Arquivos de programas\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.bancobrasil.com.br

O15 - Trusted Zone: http://www.bb.com.br

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} (CAtmCap Object) -

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} (InternetIDX5 Class) - https://ww8.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (file missing)

O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (file missing)

O23 - Service: avp - Kaspersky Lab ZAO - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe

O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate1ca84b6e021097a) (gupdate1ca84b6e021097a) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\idt\wdm\winxp\STacSV.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

--

End of file - 13279 bytes

Espero que possam me ajudar, Abçs...

wings · Dezembro 7, 2010

Olá gvidaletti

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [Clean] e aguarde o término.

2.

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Selecione [Verificação completa] e clique [Verificar] > [Verificar]

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados]

*Clique [Remover Selecionados]

*Cole o relatório apresentado e o relatório C:\Ad-Report-CLEAN.log

gvidaletti · Dezembro 7, 2010

la vai...

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Versão da Base de Dados: 5258

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/12/2010 23:22:43

mbam-log-2010-12-06 (23-22-43).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)

Objetos escaneados: 205044

Tempo decorrido: 15 minuto(s), 40 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 0

Arquivos Infectados: 1

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10109078 (Trojan.FakeAlert) -> Value: 10109078 -> Quarantined and deleted successfully.

Itens de Dados no Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

c:\documents and settings\Dulce\meus documentos\Mipony\adobe.photoshop.cs5.pt.br.www.therebels.biz.gengis.khan\keygen ps cs5.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

e o outro

======= REPORT FROM AD-REMOVER 2.0.0.2,B | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 11/11/10 at 11:40

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

website: http://www.teamxscript.org

C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:58:12 on 06/12/2010, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)

Dulce@GUSTAVO ( )

============== ACTION(S) ==============

Folder deleted: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Everest Poker

Folder deleted: C:\Arquivos de programas\Everest Poker

Folder deleted: C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\Conduit

Folder deleted: C:\Arquivos de programas\Conduit

Folder deleted: C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\ConduitEngine

Folder deleted: C:\Arquivos de programas\ConduitEngine

(!) -- Temporary files deleted.

Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key deleted: HKLM\Software\Classes\CLSID\{ABFD0301-5B3A-48FE-A763-3DAE4629C338}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ABFD0301-5B3A-48FE-A763-3DAE4629C338}

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ABFD0301-5B3A-48FE-A763-3DAE4629C338}

Key deleted: HKLM\Software\Classes\Toolbar.CT2465030

Key deleted: HKLM\Software\AskBarDis

Key deleted: HKLM\Software\Conduit

Key deleted: HKLM\Software\conduitEngine

Key deleted: HKCU\Software\Conduit

Key deleted: HKCU\Software\conduitEngine

Key deleted: HKCU\Software\Grand Virtual

Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Everest Poker

Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20E32BE1-88AE-4559-A086-5329795F77BF}

Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker

Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

-- C:\Documents and Settings\Dulce\Dados de aplicativos\Mozilla\FireFox\Profiles\3aqja42o.default\Prefs.js --

browser.search.selectedEngine, DAEMON Search

browser.startup.homepage, hxxp://www.globo.com/|hxxp://www.clicrbs.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Local Page: C:\WINDOWS\system32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Arquivos de programas\Ad-Remover\Quarantine: 149 File(s)

C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)

C:\Ad-Report-CLEAN[1].txt - 06/12/2010 (1847 Byte(s))

End at: 22:58:51, 06/12/2010

============== E.O.F ==============

wings · Dezembro 7, 2010

1.

*Execute o AD-Remover

*Clique [uninstall]

2.

*Se você não paga uma licença pelo antivírus Kaspersky, desinstale-o.

3.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avira ao lado do relógio

Clique na opção "Antivir Guard enable".

*Baixe o ComboFix e salve-o no desktop

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique [sIM] para instalar e depois [sIM] para continuar.

*Aguarde a conclusão de todas as etapas

*Não use o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

*Cole o relatório C:\combofix.txt

gvidaletti · Dezembro 7, 2010

Nao sei se é normal, mas ele reiniciou o computador e apareceu uma janela do windows dizendo que se recuperou de um erro grave, executei o combofix novamente e fez a mesma coisa. É assim mesmo?

Se for como acho os relatorios?

wings · Dezembro 7, 2010

OK....

Pode haver algum problema de hardware no seu PC.

1.

*Clique [iniciar] > [Executar] > copie e cole: Combofix /uninstall

*Clique [OK] > [Executar]

*Aguarde surgir a mensagem: "ComboFix está desinstalado"

*Clique [OK]

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

*Instale o programa

*Selecione a opção:

[X] Meu Computador

*Clique [start scan]. Caso encontre algo, clique [skip]

*Ao finalizar, clique [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos

*Clique com o botão direito do mouse em Autoscan e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório log.txt salvo no desktop

gvidaletti · Dezembro 7, 2010

sim

o resultado dp kapersky foi esse

Verificação automática: concluído 6 minutos atrás (eventos: 2, objetos: 148050, hora: 00:24:36)

7/12/2010 21:16:50 Tarefa iniciada Ação padrão selecionada

7/12/2010 21:41:26 Tarefa concluída Ação padrão selecionada

wings · Dezembro 8, 2010

1.

*Abra a pasta Virus Removal Tool, localizada no desktop, execute o atalho Start

*Clique em [Exit] > [Yes] > [sim] > [sim]

*O PC será reiniciado

*Delete os arquivos setup do Kaspersky e log.txt salvos no desktop

2.

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções abaixo:

[X] Verificar All Users
Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Lop

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

netsvcs

C:\DOCUME~1\Dulce\CONFIG~1\Temp\*.*

msconfig

/md5start

acpi.sys

cdrom.sys

imapi.sys

ipsec.sys

tcpip.sys

ndis.sys

midimap.dll

atapi.sys

/md5stop

%SYSTEMDRIVE%\*.*

%USERPROFILE%\*.exe

%systemroot%\system32\config\*.*

*Clique [Verificar] e aguarde o término

*Cole o relatório (OTL.txt) apresentado

gvidaletti · Dezembro 9, 2010

OTL logfile created on: 8/12/2010 23:16:14 - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dulce\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 78,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 75,13 Gb Total Space | 39,73 Gb Free Space | 52,89% Space Free | Partition Type: NTFS

Drive D: | 195,31 Gb Total Space | 144,48 Gb Free Space | 73,97% Space Free | Partition Type: NTFS

Drive E: | 195,32 Gb Total Space | 183,67 Gb Free Space | 94,04% Space Free | Partition Type: NTFS

Computer Name: GUSTAVO | User Name: Dulce | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 23:13:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dulce\Desktop\OTL.exe

PRC - [2010/11/17 11:21:26 | 000,052,824 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2009/11/04 19:20:14 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/10/11 04:17:31 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\java.exe

PRC - [2009/08/24 13:04:48 | 003,899,688 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de programas\TeamViewer\Version4\TeamViewer.exe

PRC - [2009/08/24 12:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2009/04/27 23:18:11 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2009/04/23 12:15:34 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe

PRC - [2009/04/07 10:39:44 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe

PRC - [2009/01/31 04:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Arquivos de programas\Free Download Manager\fdm.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

PRC - [2008/03/25 12:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) -- c:\Drivers\Audio\IDT\WDM\WinXP\stacsv.exe

PRC - [2008/03/25 12:26:58 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Arquivos de programas\IDT\WDM\sttray.exe

PRC - [2007/04/13 16:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) -- C:\WINDOWS\system32\SnMgrSvc.exe

PRC - [2006/03/22 15:01:08 | 000,851,968 | ---- | M] (Nokia Mobile Phones Ltd.) -- C:\Arquivos de programas\Arquivos comuns\PCSuite\DataLayer\DataLayer.exe

PRC - [2000/08/22 20:09:28 | 000,560,408 | ---- | M] (AllerSoft) -- C:\Arquivos de programas\AllerCalc\AllerCalc.exe

========== Modules (SafeList) ==========

MOD - [2010/12/08 23:13:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dulce\Desktop\OTL.exe

MOD - [2010/11/17 11:17:12 | 000,349,472 | ---- | M] (Banco do Brasil) -- C:\Arquivos de programas\GbPlugin\gbieh.dll

MOD - [2010/08/23 14:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/13 19:20:30 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/11/17 11:21:26 | 000,052,824 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/10/24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de programas\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/08/24 12:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2009/04/07 10:39:44 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2008/11/04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2008/03/25 12:29:42 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Drivers\Audio\IDT\WDM\WinXP\stacsv.exe -- (STacSV)

SRV - [2007/04/13 16:57:06 | 000,280,712 | ---- | M] (Open Communications Security S/A) [Auto | Running] -- C:\WINDOWS\System32\SnMgrSvc.exe -- (SNMgrSvc)

SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dulce\CONFIG~1\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb)

DRV - File not found [Kernel | System | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2010/11/17 11:19:38 | 000,047,008 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2010/10/14 20:32:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009/12/19 16:22:01 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)

DRV - [2009/12/17 20:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009/11/25 13:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009/04/07 10:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)

DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)

DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)

DRV - [2009/02/05 01:00:00 | 000,026,224 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)

DRV - [2008/04/13 12:40:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)

DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/03/25 12:32:12 | 001,292,888 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2008/01/26 14:40:46 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2008/01/26 14:32:18 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/04/13 16:58:10 | 000,034,440 | ---- | M] (Open Communications Security S/A) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSMS.SYS -- (SNSMS)

DRV - [2007/04/13 16:48:32 | 000,022,272 | ---- | M] (Open Communications Security) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SNSID.SYS -- (SNSID)

DRV - [2007/04/13 16:46:56 | 000,015,048 | ---- | M] (Open Communications Security SA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\psseckbd.sys -- (Ps2KSecureKeyboard)

DRV - [2007/04/13 16:46:56 | 000,012,464 | ---- | M] (Open Communications Security SA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vhsecmou.sys -- (vhidmini)

DRV - [2006/06/14 12:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

DRV - [2006/03/24 09:32:00 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)

DRV - [2006/03/24 09:32:00 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)

DRV - [2006/03/24 09:32:00 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)

DRV - [2006/03/24 09:32:00 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)

DRV - [2005/09/01 13:03:04 | 000,127,488 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)

DRV - [2004/04/30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)

DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globo.coml/

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..\URLSearchHook: {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..browser.startup.homepage: "http://www.globo.com/|http://www.clicrbs.com.br/"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/12/06 20:12:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/12/06 20:12:55 | 000,000,000 | ---D | M]

[2009/09/08 20:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Mozilla\Extensions

[2010/12/06 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Mozilla\Firefox\Profiles\3aqja42o.default\extensions

[2010/07/17 13:01:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dulce\Dados de aplicativos\Mozilla\Firefox\Profiles\3aqja42o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/10/14 20:33:06 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\Mozilla\Firefox\Profiles\3aqja42o.default\searchplugins\daemon-search.xml

[2010/12/07 00:00:52 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2007/04/13 17:01:52 | 000,546,952 | ---- | M] (Open Communications Security S/A) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npAtmCap.dll

[2007/04/13 17:02:02 | 000,067,720 | ---- | M] (Open Communications Security S/A) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npSnInstall.dll

[2009/10/26 16:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010/07/22 22:54:55 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/07/22 22:54:55 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/07/22 22:54:55 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/07/22 22:54:55 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2001/09/06 13:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll (Conduit Ltd.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Unibanco)

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (mipony-plugin Toolbar) - {90d46c30-9f25-4104-aea9-35c3f84477ff} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..\Toolbar\WebBrowser: (mipony-plugin Toolbar) - {90D46C30-9F25-4104-AEA9-35C3F84477FF} - C:\Arquivos de programas\mipony-plugin\tbmip2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Arquivos de programas\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Arquivos de programas\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [switchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [sysTrayApp] C:\Arquivos de programas\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003..\Run: [AllerCalc] C:\Arquivos de programas\AllerCalc\AllerCalc.exe (AllerSoft)

O4 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003..\Run: [AutoStartNPSAgent] C:\Arquivos de programas\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: Baixar com Mipony - C:\Arquivos de programas\MiPony\Browser\IEContext.htm ()

O8 - Extra context menu item: Baixar com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dllink.htm ()

O8 - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlall.htm ()

O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlfvideo.htm ()

O8 - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlselected.htm ()

O15 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..Trusted Domains: bancobrasil.com.br ([www] http in Sites confiáveis)

O15 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..Trusted Domains: bancobrasil.com.br ([www14] https in Sites confiáveis)

O15 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis)

O15 - HKU\S-1-5-21-484763869-1644491937-1801674531-1003\..Trusted Domains: bb.com.br ([www] http in Sites confiáveis)

O16 - DPF: {3C8B9651-4E3E-424D-B51C-54544ABF536B} Reg Error: Value error. (CAtmCap Object)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {76295885-F8F4-48B7-A180-C50496FE6DF6} https://ww8.banrisul.com.br/bsd/link/BSDSI6XW_IIDBrowserPluginCOM.CAB (InternetIDX5 Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://www14.bancobrasil.com.br/plugin/GbpDist.cab (GbpDistObj Class)

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.21.192.133 201.21.192.132

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Arquivos de programas\GbPlugin\gbieh.dll - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\ARQUIV~1\GbPlugin\gbiehUni.dll - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Unibanco)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Arquivos de programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Unibanco)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/04/24 00:47:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 23:13:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dulce\Desktop\OTL.exe

[2010/12/08 22:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Desktop\Virus Removal Tool

[2010/12/08 22:24:10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dulce\Recent

[2010/12/08 21:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Dados de aplicativos\AVG10

[2010/12/08 21:53:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2010/12/08 21:50:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG10

[2010/12/07 20:54:25 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/12/07 00:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2010/12/07 00:05:57 | 000,000,000 | ---D | C] -- C:\Downloads

[2010/12/06 23:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Malwarebytes

[2010/12/06 23:05:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/12/06 23:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2010/12/06 23:05:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/12/06 23:05:01 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2010/12/06 22:58:12 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ad-Remover

[2010/12/06 22:01:40 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/12/06 21:39:19 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG

[2010/12/06 21:39:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Alwil Software

[2010/12/05 21:45:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/12/05 20:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

[2010/12/04 20:24:14 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/12/04 20:22:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/12/04 20:22:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/11/13 23:15:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Desktop\Games

[2010/11/13 23:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Desktop\Programas PC

[2010/11/13 23:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Desktop\downloads

[2010/11/13 23:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dulce\Desktop\Programas de Cine

[2010/10/14 20:44:31 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[2010/10/14 20:44:30 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2009/05/02 21:36:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dulce\Dados de aplicativos\pcouffin.sys

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/08 23:14:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{23B864BF-7E6A-4CA2-BCD9-85E23DF2AA1D}.job

[2010/12/08 23:13:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dulce\Desktop\OTL.exe

[2010/12/08 23:10:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/08 23:10:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-484763869-1644491937-1801674531-1003.job

[2010/12/08 23:09:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/08 23:09:51 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/08 22:20:01 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/12/08 21:47:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/06 23:05:05 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/06 22:01:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/12/06 20:44:35 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/12/06 20:34:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2010/12/06 19:43:17 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-484763869-1644491937-1801674531-1003.job

[2010/12/05 23:17:34 | 000,000,156 | -HS- | M] () -- C:\WINDOWS\KLIF.spi

[2010/12/05 22:14:12 | 000,002,969 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2010/12/05 19:42:00 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\Dulce\Desktop\firefox.lnk

[2010/12/05 19:41:46 | 000,000,348 | ---- | M] () -- C:\Documents and Settings\Dulce\Desktop\Meus documentos (2).lnk

[2010/12/04 20:24:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2010/11/30 20:07:45 | 000,000,748 | -H-- | M] () -- C:\WINDOWS\System32\SNRULE.SNP

[2010/11/30 20:07:45 | 000,000,748 | -H-- | M] () -- C:\WINDOWS\System32\SNRULE.SNC

[2010/11/30 20:07:45 | 000,000,172 | -H-- | M] () -- C:\WINDOWS\System32\SNRULE.SNS

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/27 13:02:03 | 000,019,524 | ---- | M] () -- C:\Documents and Settings\Dulce\Desktop\Planilha Gastos.xlsx

[2010/11/17 22:13:41 | 000,034,180 | ---- | M] () -- C:\Documents and Settings\Dulce\Desktop\ir gustavo.pdf

[2010/11/17 11:19:38 | 000,047,008 | ---- | M] (GAS Tecnologia) -- C:\WINDOWS\System32\drivers\gbpkm.sys

[2010/11/15 14:02:17 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\vso_ts_preview.xml

[2010/11/14 02:00:00 | 000,000,364 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GUSTAVO-Dulce.job

[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/06 23:05:05 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/12/05 23:17:34 | 000,000,156 | -HS- | C] () -- C:\WINDOWS\KLIF.spi

[2010/12/05 22:38:38 | 000,000,750 | ---- | C] () -- C:\Documents and Settings\Dulce\Desktop\CCleaner.lnk

[2010/12/05 19:41:39 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Dulce\Desktop\firefox.lnk

[2010/12/05 19:41:39 | 000,000,348 | ---- | C] () -- C:\Documents and Settings\Dulce\Desktop\Meus documentos (2).lnk

[2010/12/04 20:24:14 | 000,261,856 | RHS- | C] () -- C:\cmldr

[2010/12/04 19:32:42 | 001,440,054 | R--- | C] () -- C:\WINDOWS\fz_papel6.bmp

[2010/12/04 19:27:23 | 001,440,054 | R--- | C] () -- C:\WINDOWS\fz_papel1.bmp

[2010/11/17 22:13:41 | 000,034,180 | ---- | C] () -- C:\Documents and Settings\Dulce\Desktop\ir gustavo.pdf

[2010/10/14 20:32:55 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2010/06/14 23:37:32 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll

[2010/06/14 23:37:32 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys

[2010/06/14 23:37:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\$_hpcst$.hpc

[2010/02/17 20:47:48 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\SNLINK.DLL

[2010/01/30 22:51:29 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.zreglib

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/15 21:33:09 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll

[2009/06/14 21:03:04 | 000,007,641 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log

[2009/06/10 12:29:56 | 000,000,498 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2009/06/03 21:00:50 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini

[2009/06/03 20:59:44 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll

[2009/06/03 20:59:44 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv

[2009/05/25 14:21:43 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/05/23 18:09:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2009/05/02 21:36:23 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\vso_ts_preview.xml

[2009/05/02 21:36:08 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\pcouffin.log

[2009/05/02 21:36:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\inst.exe

[2009/05/02 21:36:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\pcouffin.cat

[2009/05/02 21:36:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\pcouffin.inf

[2009/05/02 20:05:51 | 000,006,346 | ---- | C] () -- C:\Documents and Settings\Dulce\Dados de aplicativos\NMM-MetaData.db

[2009/04/30 21:47:13 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2009/04/30 21:47:13 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2009/04/30 21:47:13 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2009/04/30 21:47:13 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2009/04/28 20:36:19 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dulce\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/26 18:12:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2009/04/26 14:26:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2009/04/24 20:15:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2009/04/23 21:39:39 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2009/01/28 16:50:44 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/05/27 00:02:50 | 000,016,478 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008/05/27 00:02:48 | 000,022,300 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008/05/27 00:02:46 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008/04/13 11:40:32 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys

[2005/12/07 13:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

[2001/07/07 04:00:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

========== LOP Check ==========

[2010/12/05 21:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

[2010/12/08 22:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG10

[2010/12/08 21:53:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files

[2010/10/14 20:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

[2009/04/26 16:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Downloaded Installations

[2009/04/24 20:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG

[2010/12/08 22:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/12/06 21:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

[2010/06/14 23:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite

[2009/06/03 21:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\pdf995

[2010/08/21 01:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe

[2010/07/09 20:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Rumbic Studio

[2010/01/30 22:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SlySoft

[2009/05/02 19:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp

[2009/05/23 23:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2010/07/09 19:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

[2010/12/08 21:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\AVG10

[2010/09/11 19:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\AVI ReComp

[2010/10/14 20:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\DAEMON Tools Lite

[2009/05/02 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Datalayer

[2009/06/15 14:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\EBookSys

[2010/12/08 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Free Download Manager

[2009/05/28 14:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Kazaa Lite

[2010/12/06 21:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Mipony

[2009/05/02 19:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Nokia

[2009/05/16 13:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Nokia Multimedia Player

[2009/04/26 16:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\PC Suite

[2009/06/03 21:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\pdf995

[2010/06/14 23:37:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Samsung

[2009/09/06 22:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\TeamViewer

[2010/08/27 00:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\uTorrent

[2010/11/15 14:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Vso

[2009/04/25 19:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Windows Desktop Search

[2009/04/25 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Windows Search

[2010/07/14 21:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dulce\Dados de aplicativos\Zylom

[2009/11/08 23:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Softland

[2009/11/20 18:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\TeamViewer

[2010/12/08 23:14:00 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{23B864BF-7E6A-4CA2-BCD9-85E23DF2AA1D}.job

========== Purity Check ==========

========== Custom Scans ==========

< C:\DOCUME~1\Dulce\CONFIG~1\Temp\*.* >

[2010/12/08 23:10:14 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Temp\C2AC217CBABB4CF9B3B2C9D7D5BFCCA6

[2010/12/08 23:08:45 | 000,048,518 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Temp\hpodvd09.log

[2010/12/08 23:12:25 | 000,001,081 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Temp\java_install_reg.log

[2010/12/08 23:15:27 | 000,002,787 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Temp\jusched.log

[2010/12/08 21:53:44 | 000,027,706 | ---- | M] () -- C:\Documents and Settings\Dulce\Configurações locais\Temp\PDApp.log

[19 C:\DOCUME~1\Dulce\CONFIG~1\Temp\*.tmp files -> C:\DOCUME~1\Dulce\CONFIG~1\Temp\*.tmp -> ]

< MD5 for: ACPI.SYS >

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:acpi.sys

[2008/04/13 18:50:06 | 000,188,416 | ---- | M] (Microsoft Corporation) MD5=CFCB02E103E44AC7080CA04C1B5C2D7C -- C:\WINDOWS\system32\drivers\acpi.sys

< MD5 for: ATAPI.SYS >

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/13 12:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2008/04/13 12:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

[2008/04/13 12:40:32 | 000,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2008/04/13 11:40:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: IMAPI.SYS >

[2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:imapi.sys

[2008/04/13 11:41:00 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINDOWS\system32\drivers\imapi.sys

< MD5 for: IPSEC.SYS >

[2008/04/13 12:19:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\dllcache\ipsec.sys

[2008/04/13 12:19:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys

< MD5 for: MIDIMAP.DLL >

[2008/04/13 19:20:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F70CCB59E0A325896D679A4935E4F835 -- C:\WINDOWS\system32\dllcache\midimap.dll

[2008/04/13 19:20:32 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=F70CCB59E0A325896D679A4935E4F835 -- C:\WINDOWS\system32\midimap.dll

< MD5 for: NDIS.SYS >

[2008/04/13 12:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys

[2008/04/13 12:20:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: TCPIP.SYS >

[2008/06/20 09:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 09:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2008/06/20 09:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< %SYSTEMDRIVE%\*.* >

[2009/04/24 00:47:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/12/04 20:24:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2001/09/06 13:00:00 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2004/08/03 23:00:16 | 000,261,856 | RHS- | M] () -- C:\cmldr

[2009/04/24 00:47:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010/12/08 23:09:51 | 3212,103,680 | -HS- | M] () -- C:\hiberfil.sys

[2010/12/06 22:01:44 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2010/12/06 22:02:32 | 000,013,281 | ---- | M] () -- C:\hijackthis.log

[2009/04/24 00:47:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2009/04/24 00:47:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/04/13 09:43:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/04/13 11:31:44 | 000,251,696 | RHS- | M] () -- C:\ntldr

[2010/12/08 23:09:51 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %USERPROFILE%\*.exe >

< %systemroot%\system32\config\*.* >

[2010/12/08 23:08:54 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\AppEvent.Evt

[2010/12/08 23:09:15 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default

[2010/12/08 23:13:00 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\default.LOG

[2009/04/23 21:37:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2009/05/13 22:10:57 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\config\Internet.evt

[2009/04/24 01:58:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\config\ODiag.evt

[2010/11/30 00:37:56 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\config\OSession.evt

[2010/12/08 23:09:15 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\SAM

[2010/12/08 23:09:55 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\SAM.LOG

[2009/04/23 21:38:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\config\SecEvent.Evt

[2010/12/08 23:09:15 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\SECURITY

[2010/12/08 23:10:53 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\SECURITY.LOG

[2010/12/08 23:09:15 | 031,457,280 | ---- | M] () -- C:\WINDOWS\system32\config\software

[2010/12/08 23:17:40 | 000,020,480 | -H-- | M] () -- C:\WINDOWS\system32\config\software.LOG

[2009/04/23 21:37:41 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010/12/08 23:08:54 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\SysEvent.Evt

[2010/12/08 23:09:51 | 008,388,608 | ---- | M] () -- C:\WINDOWS\system32\config\system

[2010/12/08 23:14:12 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\system.LOG

[2009/04/23 21:37:41 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[2009/04/23 21:37:41 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\TempKey.LOG

[2009/04/23 21:37:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\userdiff

[2009/04/23 21:37:42 | 000,001,024 | -H-- | M] () -- C:\WINDOWS\system32\config\userdiff.LOG

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 404 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

< End of report >

wings · Dezembro 9, 2010

OK...o log está limpo.

Informe se o problema foi resolvido antes de procedermos com a limpeza do PC.

gvidaletti · Dezembro 9, 2010

A area de trabalho voltou ao normal, e a principio esta tudo funcionando normalmente.

wings · Dezembro 9, 2010

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

Um abraço e Feliz Natal.

wings · Dezembro 9, 2010

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido] &nbspminha area de trabalho ficou preta

Recommended Posts

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

gvidaletti 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

PHP+Codeigniter - Adicionar Registro Plano de Contas

Javascript - Passar Parâmetros para uma Função.

PHP - Consulta MySql para prazo de dias

Fóruns

Tempo Real

Informação importante