Rallz 0 Denunciar post Postado Dezembro 9, 2010 Olá, andei lendo alguns tópicos no fórum sobre como resolver esse problema, mas ainda estou com duvidas se estou infectado. Segue o log do HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:47:11, on 09/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe C:\Users\Raoni\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD6712F-6C1F-4C48-9B65-1ED06AB46CF6}: NameServer = 192.168.0.253 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) -- End of file - 10416 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 Olá Rallz O log não mostra a presença desta URL *No IE, clique em [Ferramentas] > [Opções da Internet] *Na aba "Conexões", clique [Configurações da Lan] *Verifique em “Usar script de configuração automática” verifique se existe a URL http://www.cearainfo.com/0xf04.pac Caso use Firefox... *Clique [Ferramentas] > [Opções] *Na aba "Avançado" clique [Rede] > [Configurar Conexão] *Em “Endereço para configuração automática de proxy” verifique se existe a URL http://www.cearainfo.com/0xf04.pac Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Acabei de verificar, sim, existe no IE, embora não esteja marcada a caixa e no Firefox(utilizo ambos) está marcado sem proxy. Qual próximo passo ? (PS: Desculpa a demora, tive que sair da empresa.). Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 Acesse a internet pelo IE e faça um novo log do hijack com o IE aberto. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Log do HijackThis com o Internet Explorer ligado: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:11:12, on 09/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe C:\Users\Raoni\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD6712F-6C1F-4C48-9B65-1ED06AB46CF6}: NameServer = 192.168.0.253 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) -- End of file - 10526 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 *No IE, clique em [Ferramentas] > [Opções da Internet] *Na aba "Conexões", clique [Configurações da Lan] *Em “Usar script de configuração automática” delete a referida URL *Reinicie o IE Informe se desapareceu. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Não desapareceu. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Ok... Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:37:16, on 09/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe C:\Users\Raoni\Desktop\HijackThis.exe C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD6712F-6C1F-4C48-9B65-1ED06AB46CF6}: NameServer = 192.168.0.253 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Agendamento (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe (file missing) -- End of file - 10219 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 *Abra o bloco de notas e cole nele o código abaixo: reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" > C:\internet.txt notepad C:\internet.txt *Salve o arquivo, no desktop, como Internet.bat *Execute o Internet.bat *Ao término, o bloco de notas será aberto. Cole o relatório Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Segue o relatório: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings IE5_UA_Backup_Flag REG_SZ 5.0 User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32) EmailName REG_SZ User@ PrivDiscUiShown REG_DWORD 0x1 EnableHttp1_1 REG_DWORD 0x1 WarnOnIntranet REG_DWORD 0x1 MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges AutoConfigProxy REG_SZ UseSchannelDirectly REG_BINARY 01000000 WarnOnPost REG_BINARY 01000000 UrlEncoding REG_DWORD 0x0 SecureProtocols REG_DWORD 0xa0 PrivacyAdvanced REG_DWORD 0x0 ZonesSecurityUpgrade REG_BINARY DBD1C5785565CB01 DisableCachingOfSSLPages REG_DWORD 0x0 WarnonZoneCrossing REG_DWORD 0x0 CertificateRevocation REG_DWORD 0x1 EnableNegotiate REG_DWORD 0x1 MigrateProxy REG_DWORD 0x1 ProxyEnable REG_DWORD 0x0 GlobalUserOffline REG_DWORD 0x0 ProxyOverride REG_SZ local EnableAutodial REG_DWORD 0x0 NoNetAutodial REG_DWORD 0x0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\CACHE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Http Filters HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones Qual o próximo passo? Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 Não encontrei nada.... 1. *Delete o arquivo C:\internet.txt 2. No Internet Explorer, acesse o menu [Ferramentas] > [Opções da Internet]. Na aba "Conexões", clique sobre o botão [Configurações da Lan]. Na opção “Usar script de configuração automática”, delete a URL. Selecione a opção: [x] Detectar automaticamente as configurações 3. Reinicie o IE e veja se desapareceu. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Não desaparece, embora a caixa não esteja selecionada, a url sempre volta. Fica assim: foto Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 *Baixe o OTL e salve-o no desktop *Execute o OTL e selecione as opções: [X] Verificar All Users Exame Extra do Registro: [X] Nenhum [X] Ignorar Arquivos Microsoft [X] Usar WhiteList para Nomes de Companhias [X] Verificar Purity *Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código: %UserProfile%\*.dll *Clique [Verificar] *Cole o relatório OTL.txt apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Ok... Aqui está o log: OTL logfile created on: 09/12/2010 14:18:57 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Raoni\Downloads 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 82,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 154,24 Gb Free Space | 63,20% Space Free | Partition Type: NTFS Drive D: | 454,49 Gb Total Space | 431,20 Gb Free Space | 94,87% Space Free | Partition Type: NTFS Drive P: | 232,76 Gb Total Space | 127,98 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Drive S: | 232,76 Gb Total Space | 127,98 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Drive Z: | 232,76 Gb Total Space | 127,98 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Computer Name: RAONI-EVN00 | User Name: Raoni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/09 14:17:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Raoni\Downloads\OTL.exe PRC - [2010/10/27 04:21:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe PRC - [2010/10/27 04:21:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe PRC - [2010/10/25 09:42:20 | 000,055,072 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010/09/03 15:44:21 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/09/03 15:44:21 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2010/08/01 12:55:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010/08/01 12:55:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010/08/01 12:55:04 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010/08/01 12:54:52 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2010/08/01 11:39:16 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010/04/01 07:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010/04/01 07:16:12 | 000,275,776 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe ========== Modules (SafeList) ========== MOD - [2010/12/09 14:17:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Raoni\Downloads\OTL.exe MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100) SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010/09/17 11:54:04 | 000,153,600 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV:64bit: - [2010/09/17 11:53:56 | 005,624,320 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/10/25 09:42:20 | 000,055,072 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2010/09/03 15:44:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/09/03 15:44:21 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/08/01 12:55:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010/08/01 12:55:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010/08/01 12:55:04 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010/08/01 11:39:16 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010/04/27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener) SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xpvcom.sys -- (xpvcom) DRV:64bit: - [2010/11/12 09:29:55 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/10/08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2010/09/03 15:44:33 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010/09/03 15:44:33 | 000,081,584 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/08/01 12:55:46 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010/08/01 12:55:46 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010/08/01 12:54:00 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010/08/01 12:53:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010/08/01 11:39:10 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010/08/01 09:18:24 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010/08/01 09:18:24 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010/07/21 18:02:00 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/07/07 19:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010/06/30 01:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/19 10:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 22:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 18:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 18:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Driver do Intel® DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2010/10/25 09:42:20 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/04/27 16:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 81 16 AE 0C 7C CB 01 [binary data] IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.autoconfig_url: "http://www.cearainfo.com/0xf04.pac" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/09 10:13:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2010/11/30 08:50:57 | 000,000,000 | ---D | M] [2010/11/12 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Extensions [2010/12/09 09:08:08 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions [2010/11/17 10:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/11/26 08:14:00 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions\ebit@toolbar [2010/11/12 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\ud7bb9i6.default\extensions [2010/11/12 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\ud7bb9i6.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/11/12 16:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/10/21 08:53:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} O1 HOSTS File: ([2010/11/12 16:52:37 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.253 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{466b230e-ee50-11df-bb73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{466b230e-ee50-11df-bb73-005056c00008}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/09 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\backups [2010/12/09 11:15:48 | 046,632,336 | ---- | C] (Norman ASA) -- C:\Users\Raoni\Desktop\Norman_Malware_Cleaner.exe [2010/12/09 11:10:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Raoni\Desktop\HijackThis.exe [2010/12/09 10:01:42 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Roaming\Avira [2010/12/09 09:52:50 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010/12/09 09:52:50 | 000,081,584 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010/12/09 09:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/12/09 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010/12/09 09:46:44 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\ElevatedDiagnostics [2010/12/08 13:39:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/12/07 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Fabio Julio [2010/12/03 08:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\In The Hand Ltd [2010/11/30 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Desenvolvimento GPS [2010/11/30 09:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator [2010/11/30 09:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mobile 6 SDK [2010/11/30 09:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Windows Mobile 6 Professional Images (USA) [2010/11/30 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.android [2010/11/30 08:52:31 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.netbeans [2010/11/30 08:52:30 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.netbeans-registration [2010/11/30 08:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetBeans 6.9.1 [2010/11/30 08:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/11/30 08:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/11/30 08:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010/11/30 08:50:12 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.nbi [2010/11/29 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stonex [2010/11/29 13:02:41 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2010/11/29 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\C# TIps [2010/11/29 08:56:02 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Visual Studio 2008 [2010/11/29 08:39:17 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\WINDOWS MOBILE [2010/11/26 08:34:24 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Z ETC [2010/11/25 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Integration Services Script Component [2010/11/25 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Integration Services Script Task [2010/11/25 11:42:43 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2005 [2010/11/25 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\Microsoft_Corporation [2010/11/25 11:20:08 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\ISO SQL [2010/11/24 13:36:52 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Microsoft Press [2010/11/22 10:15:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Zune [2010/11/22 10:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2010/11/22 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F# [2010/11/22 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop [2010/11/22 10:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2010/11/22 09:56:04 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Raoni C# Codes [2010/11/19 17:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio [2010/11/19 17:07:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2010/11/19 17:03:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Sync Framework [2010/11/19 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2010/11/19 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS [2010/11/19 17:01:15 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\IIS [2010/11/19 17:00:47 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2008 [2010/11/19 16:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2010/11/19 16:55:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2010/11/19 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2010/11/19 15:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WPF Toolkit [2010/11/19 15:02:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010/11/19 15:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010/11/19 15:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2010/11/19 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XDE [2010/11/18 09:30:23 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\assembly [2010/11/17 08:08:01 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\E-Books [2010/11/16 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dimensor_1.0.15_MONO [2010/11/16 11:38:46 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Roaming\Microsoft Corporation [2010/11/12 16:52:53 | 000,045,472 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\GbpKm.sys [2010/11/12 16:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin [2010/11/12 16:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7 [2010/11/12 09:39:07 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2010 [2010/11/12 09:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio 10.0 [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Help Viewer [2010/11/12 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010/11/12 09:29:26 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Roaming\DAEMON Tools Lite [2010/11/12 09:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010/11/12 08:46:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft [1 C:\Users\Raoni\Documents\*.tmp files -> C:\Users\Raoni\Documents\*.tmp -> ] [1 C:\Users\Raoni\*.tmp files -> C:\Users\Raoni\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/09 14:20:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/09 14:03:46 | 000,018,183 | ---- | M] () -- C:\Users\Raoni\Desktop\Sem título.png [2010/12/09 13:47:34 | 000,000,119 | ---- | M] () -- C:\Users\Raoni\Desktop\Internet.bat [2010/12/09 13:41:21 | 000,014,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/09 13:41:21 | 000,014,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/09 13:34:15 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/09 13:33:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/09 13:33:45 | 534,966,271 | -HS- | M] () -- C:\hiberfil.sys [2010/12/09 11:36:38 | 000,000,131 | ---- | M] () -- C:\Users\Raoni\Desktop\Infecção por 0xf04.pac - iMasters Fóruns.URL [2010/12/09 11:17:18 | 046,632,336 | ---- | M] (Norman ASA) -- C:\Users\Raoni\Desktop\Norman_Malware_Cleaner.exe [2010/12/09 11:10:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Raoni\Desktop\HijackThis.exe [2010/12/09 10:07:36 | 001,920,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/12/09 10:07:36 | 000,805,288 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2010/12/09 10:07:36 | 000,753,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/12/09 10:07:36 | 000,188,572 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2010/12/09 10:07:36 | 000,163,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/12/09 09:52:55 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Centro de controle do Avira AntiVir.lnk [2010/12/02 10:50:34 | 002,830,327 | ---- | M] () -- C:\Users\Raoni\Desktop\User_Guide_BD970_ENG.pdf [2010/11/30 08:51:48 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010/11/29 14:30:42 | 000,000,163 | ---- | M] () -- C:\Users\Raoni\Desktop\CONFIG.INI_COLETORA.INI [2010/11/29 13:07:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010/11/25 11:48:00 | 000,585,728 | ---- | M] () -- C:\Users\Raoni\Desktop\SpatialData.doc [2010/11/25 11:45:36 | 000,314,052 | ---- | M] () -- C:\Users\Raoni\Desktop\SQLServer2008_SpatialData_Datasheet.pdf [2010/11/25 10:52:34 | 003,998,297 | ---- | M] () -- C:\Users\Raoni\Desktop\et-adgv_v1.01.pdf [2010/11/22 10:15:05 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2010/11/22 09:29:37 | 000,000,162 | -H-- | M] () -- C:\Users\Raoni\Documents\~$gração de Linguagens.docx [2010/11/19 15:20:34 | 000,436,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/11/17 13:04:49 | 001,605,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/12 17:00:20 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/12 16:52:37 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010/11/12 16:44:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/12 09:30:00 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010/11/12 09:29:55 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/11/11 17:28:09 | 000,000,083 | ---- | M] () -- C:\Users\Raoni\Desktop\Cadastro de Cartório do Brasil.URL [1 C:\Users\Raoni\Documents\*.tmp files -> C:\Users\Raoni\Documents\*.tmp -> ] [1 C:\Users\Raoni\*.tmp files -> C:\Users\Raoni\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/09 14:03:46 | 000,018,183 | ---- | C] () -- C:\Users\Raoni\Desktop\Sem título.png [2010/12/09 13:47:33 | 000,000,119 | ---- | C] () -- C:\Users\Raoni\Desktop\Internet.bat [2010/12/09 11:36:38 | 000,000,131 | ---- | C] () -- C:\Users\Raoni\Desktop\Infecção por 0xf04.pac - iMasters Fóruns.URL [2010/12/09 11:25:56 | 003,998,297 | ---- | C] () -- C:\Users\Raoni\Desktop\et-adgv_v1.01.pdf [2010/12/09 11:25:56 | 002,830,327 | ---- | C] () -- C:\Users\Raoni\Desktop\User_Guide_BD970_ENG.pdf [2010/12/09 11:25:56 | 000,000,163 | ---- | C] () -- C:\Users\Raoni\Desktop\CONFIG.INI_COLETORA.INI [2010/12/09 11:25:56 | 000,000,128 | ---- | C] () -- C:\Users\Raoni\Desktop\Envio de E-mail usando o componente indy usando SMTP Gmail.URL [2010/12/09 11:25:55 | 000,000,083 | ---- | C] () -- C:\Users\Raoni\Desktop\Cadastro de Cartório do Brasil.URL [2010/12/09 11:25:55 | 000,000,062 | ---- | C] () -- C:\Users\Raoni\Desktop\Caio Oliveira » Arquivo do Blog » Tabela de Municípios (IBGE).URL [2010/12/09 09:52:55 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Centro de controle do Avira AntiVir.lnk [2010/12/08 13:39:18 | 000,000,163 | ---- | C] () -- C:\Users\Raoni\i.txt [2010/11/30 08:51:48 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010/11/29 13:07:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010/11/25 11:47:59 | 000,585,728 | ---- | C] () -- C:\Users\Raoni\Desktop\SpatialData.doc [2010/11/25 11:45:33 | 000,314,052 | ---- | C] () -- C:\Users\Raoni\Desktop\SQLServer2008_SpatialData_Datasheet.pdf [2010/11/22 10:15:05 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2010/11/22 09:29:37 | 000,000,162 | -H-- | C] () -- C:\Users\Raoni\Documents\~$gração de Linguagens.docx [2010/11/12 17:00:20 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/12 16:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/12 09:30:00 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010/11/12 09:29:55 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/11/03 09:20:18 | 001,605,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009/12/20 23:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Purity Check ========== ========== Custom Scans ========== < %UserProfile%\*.dll > ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 *Execute o OTL *Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código: :OTL FF - prefs.js..network.proxy.autoconfig_url: "http://www.cearainfo.com/0xf04.pac" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.type: 2 :Files C:\Users\Raoni\Desktop\Internet.bat :Commands [emptytemp] [reboot] *Clique [Consertar] *O PC será reiniciado *Cole o relatório C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos Informe se resolveu. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Ainda não resolveu. Segue o log. All processes killed ========== OTL ========== Prefs.js: "http://www.cearainfo.com/0xf04.pac" removed from network.proxy.autoconfig_url Prefs.js: 80 removed from network.proxy.socks_port Prefs.js: 2 removed from network.proxy.type ========== FILES ========== C:\Users\Raoni\Desktop\Internet.bat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Raoni ->Temp folder emptied: 757912888 bytes ->Temporary Internet Files folder emptied: 4408095 bytes ->Java cache emptied: 5828 bytes ->FireFox cache emptied: 108904941 bytes ->Flash cache emptied: 53242 bytes User: Todos os Usuários User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4660542 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50521 bytes RecycleBin emptied: 747991902 bytes Total Files Cleaned = 1.549,00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12092010_143948 Files\Folders moved on Reboot... C:\Users\Raoni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SISTEMA\vmware-usbarb-SISTEMA-2056.log moved successfully. Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 *Baixe o RegSeeker e salve-o no desktop *Extraia o conteúdo para o desktop *Execute o RegSeeker *Clique em "Languages" e selecione "Português do Brasil" *Clique em "Procurar por..." e na caixa digite: ceara.com/0xf04.pac e clique em [Procurar] *Selecione os valores encontrados *Clique com o botão direito do mouse e selecione "Apagar entradas selecionadas". *Reinicie o PC Informe. Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Não apareceu nenhum registro. Bom , obrigado pela ajuda, eu queria evitar de formatar a máquina, mas vejo que não tenho outra solução mesmo. Obrigado pelo apoio mesmo assim. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Dezembro 9, 2010 OK...vamos a mais uma. 1. *Delete o RegSeeker 2. *Execute o OTL e selecione as opções: [X] Verificar All Users Exame Extra do Registro: [X] Nenhum [X] Ignorar Arquivos Microsoft [X] Usar WhiteList para Nomes de Companhias [X] Verificar Purity *Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código: C:\Users\Raoni\*.dll *Clique [Verificar] *Cole o relatório OTL.txt apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Rallz 0 Denunciar post Postado Dezembro 9, 2010 Ok. aí esta o log: OTL logfile created on: 09/12/2010 15:27:07 - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Raoni\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 73,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,04 Gb Total Space | 154,59 Gb Free Space | 63,34% Space Free | Partition Type: NTFS Drive D: | 454,49 Gb Total Space | 431,91 Gb Free Space | 95,03% Space Free | Partition Type: NTFS Drive P: | 232,76 Gb Total Space | 127,96 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Drive S: | 232,76 Gb Total Space | 127,96 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Drive Z: | 232,76 Gb Total Space | 127,96 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Computer Name: RAONI-EVN00 | User Name: Raoni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010/12/09 14:17:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Raoni\Desktop\OTL.exe PRC - [2010/10/27 04:21:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe PRC - [2010/10/27 04:21:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe PRC - [2010/10/25 09:42:20 | 000,055,072 | ---- | M] ( ) -- C:\PROGRA~2\GbPlugin\GbpSv.exe PRC - [2010/08/01 12:55:22 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010/08/01 12:55:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010/08/01 12:55:04 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010/08/01 12:54:52 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe PRC - [2010/08/01 11:39:16 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010/04/01 07:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE PRC - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) -- c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe ========== Modules (SafeList) ========== MOD - [2010/12/09 14:17:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Raoni\Desktop\OTL.exe MOD - [2010/08/21 03:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/07/13 23:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnat.exe -- (VMware NAT Service) SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\vmnetdhcp.exe -- (VMnetDHCP) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100) SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV:64bit: - [2010/09/24 13:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2010/09/24 13:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2010/09/24 13:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010/09/17 11:54:04 | 000,153,600 | ---- | M] (Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance) SRV:64bit: - [2010/09/17 11:53:56 | 005,624,320 | ---- | M] (Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe -- (FirebirdServerDefaultInstance) SRV:64bit: - [2009/07/13 23:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP) SRV - [2010/10/25 09:42:20 | 000,055,072 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2010/08/01 12:55:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010/08/01 12:55:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010/08/01 12:55:04 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010/08/01 11:39:16 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010/04/27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 19:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2006/02/02 00:51:06 | 000,045,056 | ---- | M] () [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent) SRV - [2006/02/02 00:49:14 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener) SRV - [2006/02/02 00:47:28 | 000,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService) SRV - [2006/02/02 00:44:06 | 000,102,400 | ---- | M] () [Disabled | Stopped] -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE) SRV - [2006/02/02 00:43:44 | 059,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\xpvcom.sys -- (xpvcom) DRV:64bit: - [2010/12/09 15:15:34 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2010/11/12 09:29:55 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/10/08 15:52:38 | 000,144,784 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2010/09/08 15:42:16 | 000,295,272 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VMM.sys -- (vmm) DRV:64bit: - [2010/08/01 12:55:46 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010/08/01 12:55:46 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010/08/01 12:54:00 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010/08/01 12:53:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010/08/01 11:39:10 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010/08/01 09:18:24 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010/08/01 09:18:24 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010/07/21 18:02:00 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/07/07 19:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2010/06/30 01:10:58 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2010/06/09 16:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2010/06/09 16:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2010/04/22 18:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2009/11/02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/08/19 10:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 23:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 23:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 23:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 23:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 23:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 23:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 22:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 18:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 18:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Driver do Intel® DRV:64bit: - [2009/06/10 18:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 18:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 18:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 18:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2010/10/25 09:42:20 | 000,045,472 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gbpkm.sys -- (GbpKm) DRV - [2010/04/27 16:41:34 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB 81 16 AE 0C 7C CB 01 [binary data] IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..network.proxy.autoconfig_url: "" FF - prefs.js..network.proxy.socks_port: "" FF - prefs.js..network.proxy.type: "" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2010/12/09 10:13:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2010/11/30 08:50:57 | 000,000,000 | ---D | M] [2010/11/12 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Extensions [2010/12/09 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions [2010/11/17 10:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/11/26 08:14:00 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\orulgd7u.default\extensions\ebit@toolbar [2010/11/12 16:52:55 | 000,000,000 | ---D | M] -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\ud7bb9i6.default\extensions [2010/11/12 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raoni\AppData\Roaming\mozilla\Firefox\Profiles\ud7bb9i6.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/11/12 16:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/10/21 08:53:55 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} O1 HOSTS File: ([2010/11/12 16:52:37 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKU\S-1-5-21-3809690115-1314342177-3266010912-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.253 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files (x86)\GbPlugin\gbieh.dll - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{466b230e-ee50-11df-bb73-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{466b230e-ee50-11df-bb73-005056c00008}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/12/09 15:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010/12/09 15:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2010/12/09 15:15:34 | 000,556,120 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010/12/09 15:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2010/12/09 15:08:11 | 115,842,960 | ---- | C] (Kaspersky Lab) -- C:\Users\Raoni\Desktop\kav11.0.2.556en.exe [2010/12/09 14:39:48 | 000,000,000 | ---D | C] -- C:\_OTL [2010/12/09 14:17:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Raoni\Desktop\OTL.exe [2010/12/09 11:36:25 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\backups [2010/12/09 11:15:48 | 046,632,336 | ---- | C] (Norman ASA) -- C:\Users\Raoni\Desktop\Norman_Malware_Cleaner.exe [2010/12/09 11:10:11 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Raoni\Desktop\HijackThis.exe [2010/12/09 09:46:44 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\ElevatedDiagnostics [2010/12/08 13:39:10 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010/12/07 10:44:42 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Fabio Julio [2010/12/03 08:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\In The Hand Ltd [2010/11/30 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Desenvolvimento GPS [2010/11/30 09:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Device Emulator [2010/11/30 09:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mobile 6 SDK [2010/11/30 09:01:49 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Windows Mobile 6 Professional Images (USA) [2010/11/30 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.android [2010/11/30 08:52:31 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.netbeans [2010/11/30 08:52:30 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.netbeans-registration [2010/11/30 08:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetBeans 6.9.1 [2010/11/30 08:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/11/30 08:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/11/30 08:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010/11/30 08:50:12 | 000,000,000 | ---D | C] -- C:\Users\Raoni\.nbi [2010/11/29 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stonex [2010/11/29 13:02:41 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2010/11/29 11:53:32 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\C# TIps [2010/11/29 08:56:02 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\Visual Studio 2008 [2010/11/29 08:39:17 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\WINDOWS MOBILE [2010/11/26 08:34:24 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Z ETC [2010/11/25 11:57:12 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Integration Services Script Component [2010/11/25 11:56:43 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Integration Services Script Task [2010/11/25 11:42:43 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2005 [2010/11/25 11:28:23 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\Microsoft_Corporation [2010/11/25 11:20:08 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Desktop\ISO SQL [2010/11/24 13:36:52 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Microsoft Press [2010/11/22 10:15:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Zune [2010/11/22 10:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions [2010/11/22 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F# [2010/11/22 10:03:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop [2010/11/22 10:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules [2010/11/22 09:56:04 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Raoni C# Codes [2010/11/19 17:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio [2010/11/19 17:07:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx [2010/11/19 17:03:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Sync Framework [2010/11/19 17:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET [2010/11/19 17:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS [2010/11/19 17:01:15 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\IIS [2010/11/19 17:00:47 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2008 [2010/11/19 16:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033 [2010/11/19 16:55:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033 [2010/11/19 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2010/11/19 15:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WPF Toolkit [2010/11/19 15:02:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2010/11/19 15:02:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2010/11/19 15:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2010/11/19 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XDE [2010/11/18 09:30:23 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Local\assembly [2010/11/17 08:08:01 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\E-Books [2010/11/16 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dimensor_1.0.15_MONO [2010/11/16 11:38:46 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Roaming\Microsoft Corporation [2010/11/12 16:52:53 | 000,045,472 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\GbpKm.sys [2010/11/12 16:52:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin [2010/11/12 16:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7 [2010/11/12 09:39:07 | 000,000,000 | ---D | C] -- C:\Users\Raoni\Documents\Visual Studio 2010 [2010/11/12 09:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0 [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Windows\symbols [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio 10.0 [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2010/11/12 09:38:22 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Help Viewer [2010/11/12 09:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2010/11/12 09:29:26 | 000,000,000 | ---D | C] -- C:\Users\Raoni\AppData\Roaming\DAEMON Tools Lite [2010/11/12 09:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2010/11/12 08:46:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft [1 C:\Users\Raoni\Documents\*.tmp files -> C:\Users\Raoni\Documents\*.tmp -> ] [1 C:\Users\Raoni\*.tmp files -> C:\Users\Raoni\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/09 15:25:05 | 000,000,114 | -HS- | M] () -- C:\Windows\KLIF.spi [2010/12/09 15:22:40 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2010/12/09 15:22:39 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2010/12/09 15:21:41 | 000,014,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/12/09 15:21:41 | 000,014,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/12/09 15:20:04 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/12/09 15:15:34 | 000,556,120 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2010/12/09 15:14:17 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/12/09 15:14:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/12/09 15:13:59 | 534,966,271 | -HS- | M] () -- C:\hiberfil.sys [2010/12/09 15:11:35 | 115,842,960 | ---- | M] (Kaspersky Lab) -- C:\Users\Raoni\Desktop\kav11.0.2.556en.exe [2010/12/09 14:17:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Raoni\Desktop\OTL.exe [2010/12/09 11:36:38 | 000,000,131 | ---- | M] () -- C:\Users\Raoni\Desktop\Infecção por 0xf04.pac - iMasters Fóruns.URL [2010/12/09 11:17:18 | 046,632,336 | ---- | M] (Norman ASA) -- C:\Users\Raoni\Desktop\Norman_Malware_Cleaner.exe [2010/12/09 11:10:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Raoni\Desktop\HijackThis.exe [2010/12/09 10:07:36 | 001,920,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/12/09 10:07:36 | 000,805,288 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2010/12/09 10:07:36 | 000,753,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/12/09 10:07:36 | 000,188,572 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2010/12/09 10:07:36 | 000,163,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/12/02 10:50:34 | 002,830,327 | ---- | M] () -- C:\Users\Raoni\Desktop\User_Guide_BD970_ENG.pdf [2010/11/30 08:51:48 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010/11/29 14:30:42 | 000,000,163 | ---- | M] () -- C:\Users\Raoni\Desktop\CONFIG.INI_COLETORA.INI [2010/11/29 13:07:03 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010/11/25 11:48:00 | 000,585,728 | ---- | M] () -- C:\Users\Raoni\Desktop\SpatialData.doc [2010/11/25 11:45:36 | 000,314,052 | ---- | M] () -- C:\Users\Raoni\Desktop\SQLServer2008_SpatialData_Datasheet.pdf [2010/11/25 10:52:34 | 003,998,297 | ---- | M] () -- C:\Users\Raoni\Desktop\et-adgv_v1.01.pdf [2010/11/22 10:15:05 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2010/11/22 09:29:37 | 000,000,162 | -H-- | M] () -- C:\Users\Raoni\Documents\~$gração de Linguagens.docx [2010/11/19 15:20:34 | 000,436,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/11/17 13:04:49 | 001,605,746 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/12 17:00:20 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/12 16:52:37 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010/11/12 16:44:37 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/12 09:30:00 | 000,001,954 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010/11/12 09:29:55 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/11/11 17:28:09 | 000,000,083 | ---- | M] () -- C:\Users\Raoni\Desktop\Cadastro de Cartório do Brasil.URL [1 C:\Users\Raoni\Documents\*.tmp files -> C:\Users\Raoni\Documents\*.tmp -> ] [1 C:\Users\Raoni\*.tmp files -> C:\Users\Raoni\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/09 15:25:05 | 000,000,114 | -HS- | C] () -- C:\Windows\KLIF.spi [2010/12/09 15:16:24 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat [2010/12/09 15:16:24 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat [2010/12/09 11:36:38 | 000,000,131 | ---- | C] () -- C:\Users\Raoni\Desktop\Infecção por 0xf04.pac - iMasters Fóruns.URL [2010/12/09 11:25:56 | 003,998,297 | ---- | C] () -- C:\Users\Raoni\Desktop\et-adgv_v1.01.pdf [2010/12/09 11:25:56 | 002,830,327 | ---- | C] () -- C:\Users\Raoni\Desktop\User_Guide_BD970_ENG.pdf [2010/12/09 11:25:56 | 000,000,163 | ---- | C] () -- C:\Users\Raoni\Desktop\CONFIG.INI_COLETORA.INI [2010/12/09 11:25:56 | 000,000,128 | ---- | C] () -- C:\Users\Raoni\Desktop\Envio de E-mail usando o componente indy usando SMTP Gmail.URL [2010/12/09 11:25:55 | 000,000,083 | ---- | C] () -- C:\Users\Raoni\Desktop\Cadastro de Cartório do Brasil.URL [2010/12/09 11:25:55 | 000,000,062 | ---- | C] () -- C:\Users\Raoni\Desktop\Caio Oliveira » Arquivo do Blog » Tabela de Municípios (IBGE).URL [2010/12/08 13:39:18 | 000,000,163 | ---- | C] () -- C:\Users\Raoni\i.txt [2010/11/30 08:51:48 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk [2010/11/29 13:07:03 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2010/11/25 11:47:59 | 000,585,728 | ---- | C] () -- C:\Users\Raoni\Desktop\SpatialData.doc [2010/11/25 11:45:33 | 000,314,052 | ---- | C] () -- C:\Users\Raoni\Desktop\SQLServer2008_SpatialData_Datasheet.pdf [2010/11/22 10:15:05 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2010/11/22 09:29:37 | 000,000,162 | -H-- | C] () -- C:\Users\Raoni\Documents\~$gração de Linguagens.docx [2010/11/12 17:00:20 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/12 16:44:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/12 09:30:00 | 000,001,954 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2010/11/12 09:29:55 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010/11/03 09:20:18 | 001,605,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009/12/20 23:42:18 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini [2009/07/13 21:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 19:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== Purity Check ========== ========== Custom Scans ========== < C:\Users\Raoni\*.dll > ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
