[Resolvido] &nbsppendrive infectado passou para o pc

Edvan · Maio 17, 2011

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:21:42, on 17/05/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6c07e2470000000000000015831216c9&tlver=1.4.19.19&ss=1&affID=17394

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [uSB Security] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--

End of file - 7044 bytes

wings · Maio 18, 2011

Olá Edvan

*Baixe o OTL e salve-o no desktop

*Execute-o e selecione as opções:

[X] Verificar All Users

Exame Extra do Registro: [X] Usar SafeList

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

%AllDrive%

%AllDrive%\RECYCLER\*.*

%AppData%

%Local Appdata%

%ProgramData%

%Startup%

%systemdrive%\*.*

%Temp%

%UserProfile%\*.*

%windir%\Temp\*.*

*Clique [Verificar]

*Cole o relatório apresentado OTL.txt

Edvan · Maio 18, 2011

OTL logfile created on: 18/05/2011 20:42:07 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Edvan\Desktop

An unknown product (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51,49 Gb Total Space | 20,56 Gb Free Space | 39,93% Space Free | Partition Type: NTFS

Drive D: | 34,33 Gb Total Space | 7,34 Gb Free Space | 21,37% Space Free | Partition Type: NTFS

Drive E: | 14,85 Gb Total Space | 1,45 Gb Free Space | 9,80% Space Free | Partition Type: NTFS

Drive F: | 24,67 Gb Total Space | 4,10 Gb Free Space | 16,62% Space Free | Partition Type: NTFS

Drive G: | 619,69 Mb Total Space | 561,37 Mb Free Space | 90,59% Space Free | Partition Type: NTFS

Computer Name: EDVAN-PC | User Name: Edvan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 20:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edvan\Desktop\OTL.exe

PRC - [2011/05/16 00:33:32 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2011/05/10 09:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastUI.exe

PRC - [2011/05/10 09:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/04/29 10:38:36 | 001,843,000 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de Programas\Orbitdownloader\orbitdm.exe

PRC - [2011/04/28 19:20:28 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de Programas\Orbitdownloader\orbitnet.exe

PRC - [2011/04/15 06:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version6\TeamViewer.exe

PRC - [2011/04/15 06:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/03/16 07:10:48 | 001,101,824 | ---- | M] (The Document Foundation) -- C:\Arquivos de Programas\LibreOffice 3\program\soffice.exe

PRC - [2011/03/16 07:10:48 | 001,094,144 | ---- | M] (The Document Foundation) -- C:\Arquivos de Programas\LibreOffice 3\program\soffice.bin

PRC - [2011/03/16 07:10:48 | 000,037,376 | ---- | M] (The Document Foundation) -- C:\Arquivos de Programas\LibreOffice 3\program\swriter.exe

PRC - [2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/24 02:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Internet Explorer\iexplore.exe

PRC - [2011/02/24 02:27:38 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

PRC - [2011/01/29 15:52:10 | 000,623,520 | ---- | M] (Zbshareware Lab) -- C:\Arquivos de Programas\USB Disk Security\USBGuard.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de Programas\Common Files\Java\Java Update\jucheck.exe

PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Arquivos de Programas\Panda USB Vaccine\USBVaccine.exe

PRC - [2009/07/18 00:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe

PRC - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 22:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe

PRC - [2008/02/28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Nero\Lib\NMIndexStoreSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/05/18 20:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edvan\Desktop\OTL.exe

MOD - [2011/05/10 09:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\AVAST Software\Avast\snxhk.dll

MOD - [2010/08/21 02:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/05/14 00:51:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2011/05/10 09:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/04/15 06:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2009/07/13 22:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011/05/10 09:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/05/10 09:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/05/10 09:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/05/10 08:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/05/10 08:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/05/10 08:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 19:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6c07e2470000000000000015831216c9&tlver=1.4.19.19&ss=1&affID=17394

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D D7 D7 19 CF 11 CC 01 [binary data]

IE - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[2011/05/16 11:55:13 | 000,002,428 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de Programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de Programas\Orbitdownloader\GrabPro.dll ()

O3 - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de Programas\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [uSB Security] C:\Arquivos de Programas\USB Disk Security\USBGuard.exe (Zbshareware Lab)

O4 - HKU\S-1-5-21-3402164469-1559782933-1922221369-1001..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/06/03 11:31:16 | 000,000,000 | ---D | M] - F:\Autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2010/06/03 11:31:17 | 000,000,000 | R--D | M] - G:\Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 20:37:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Edvan\Desktop\OTL.exe

[2011/05/18 19:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

[2011/05/18 19:26:17 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Works

[2011/05/18 19:25:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio

[2011/05/18 19:25:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\DESIGNER

[2011/05/18 19:22:30 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Office

[2011/05/18 19:21:20 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2011/05/18 17:36:46 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Desktop\Professora Kivian- Economia

[2011/05/17 23:55:07 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\LibreOffice

[2011/05/17 23:53:37 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrOffice 3.3

[2011/05/17 23:51:31 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\LibreOffice 3

[2011/05/17 23:06:05 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\TeamViewer

[2011/05/17 23:02:47 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\TeamViewer

[2011/05/17 21:51:44 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Microsoft Help

[2011/05/17 21:51:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help

[2011/05/17 21:26:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt

[2011/05/17 21:13:05 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Desktop\Direito Administrativo

[2011/05/17 11:37:47 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Desktop\Legislação de transito

[2011/05/17 03:01:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MSXML 4.0

[2011/05/17 00:23:50 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Documents\backup geral fafa

[2011/05/17 00:20:08 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2011/05/16 23:04:11 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Recuva

[2011/05/16 22:07:20 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Zbshareware Lab

[2011/05/16 22:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Zbshareware Lab

[2011/05/16 22:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security

[2011/05/16 22:07:17 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\USB Disk Security

[2011/05/16 21:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security

[2011/05/16 21:57:23 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Panda USB Vaccine

[2011/05/16 21:57:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

[2011/05/16 21:25:46 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Documents\Meus arquivos recebidos

[2011/05/16 17:27:57 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Desktop\João Antônio-br office

[2011/05/16 12:02:01 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\OpenOffice.org

[2011/05/16 12:01:00 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\OpenOffice.org 3

[2011/05/16 12:00:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011/05/16 12:00:37 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Java

[2011/05/16 12:00:12 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Java

[2011/05/16 11:55:13 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Mozilla Firefox

[2011/05/16 00:31:19 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\PhotoScape

[2011/05/16 00:30:56 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Google

[2011/05/16 00:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape

[2011/05/16 00:30:48 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Google

[2011/05/16 00:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2011/05/16 00:29:51 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Google

[2011/05/16 00:29:41 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\PhotoScape

[2011/05/16 00:28:08 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\WinRAR

[2011/05/15 23:16:28 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Ahead

[2011/05/15 23:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8

[2011/05/15 23:14:56 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Nero

[2011/05/15 23:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2011/05/15 23:12:43 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Nero

[2011/05/15 23:12:43 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Nero

[2011/05/15 14:14:25 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Diagnostics

[2011/05/14 14:28:19 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Documents\VANIA

[2011/05/14 14:28:02 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Adobe

[2011/05/14 13:57:53 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Velocidade Do PC

[2011/05/14 13:57:24 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\OpenCandy

[2011/05/14 13:57:21 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\ProgSense

[2011/05/14 13:57:17 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\GrabPro

[2011/05/14 13:57:17 | 000,000,000 | ---D | C] -- C:\downloads

[2011/05/14 13:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit

[2011/05/14 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\OpenCandy

[2011/05/14 13:57:14 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Orbitdownloader

[2011/05/14 13:57:14 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Orbit

[2011/05/14 11:16:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2011/05/14 00:31:50 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Macromedia

[2011/05/14 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Adobe

[2011/05/14 00:31:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2011/05/14 00:31:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MSECache

[2011/05/14 00:29:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft.NET

[2011/05/14 00:07:19 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft

[2011/05/14 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2011/05/14 00:07:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Live SkyDrive

[2011/05/14 00:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2011/05/14 00:06:47 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Live

[2011/05/14 00:06:31 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2011/05/13 23:50:58 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Auslogics

[2011/05/13 23:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

[2011/05/13 23:50:56 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Auslogics

[2011/05/13 23:50:15 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011/05/13 23:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2011/05/13 23:50:13 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\WinRAR

[2011/05/13 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

[2011/05/13 23:49:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Adobe

[2011/05/13 23:49:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Adobe

[2011/05/13 23:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/05/13 23:36:50 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\CCleaner

[2011/05/13 23:27:02 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011/05/13 23:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2011/05/13 23:27:01 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/05/13 23:27:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/05/13 23:26:59 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/05/13 23:26:58 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011/05/13 23:26:56 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/05/13 23:26:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/05/13 23:26:15 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/05/13 23:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2011/05/13 23:26:09 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\AVAST Software

[2011/05/13 23:17:58 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\{E07EF66B-CF14-433F-BE50-05407C70F377}

[2011/05/13 23:17:45 | 000,000,000 | ---D | C] -- C:\Users\Edvan\Tracing

[2011/05/13 22:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011/05/13 22:58:46 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Silverlight

[2011/05/13 22:58:41 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2011/05/13 22:09:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang

[2011/05/13 22:09:46 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Intel

[2011/05/13 21:48:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64

[2011/05/13 21:35:48 | 000,000,000 | R--D | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2011/05/13 21:35:48 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Searches

[2011/05/13 21:35:48 | 000,000,000 | R--D | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2011/05/13 21:35:39 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Identities

[2011/05/13 21:35:38 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Contacts

[2011/05/13 21:35:32 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\VirtualStore

[2011/05/13 21:35:31 | 000,000,000 | --SD | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Videos

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Saved Games

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Pictures

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Music

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Links

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Favorites

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Downloads

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Documents

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\Desktop

[2011/05/13 21:35:31 | 000,000,000 | R--D | C] -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\AppData\Local\Temporary Internet Files

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\SendTo

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Recent

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Modelos

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Documents\Minhas músicas

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Documents\Minhas imagens

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Documents\Meus vídeos

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Meus documentos

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Menu Iniciar

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\AppData\Local\Histórico

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Dados de aplicativos

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\AppData\Local\Dados de aplicativos

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Cookies

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Configurações locais

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Ambiente de rede

[2011/05/13 21:35:31 | 000,000,000 | -HSD | C] -- C:\Users\Edvan\Ambiente de impressão

[2011/05/13 21:35:31 | 000,000,000 | -H-D | C] -- C:\Users\Edvan\AppData

[2011/05/13 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Temp

[2011/05/13 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Local\Microsoft

[2011/05/13 21:35:31 | 000,000,000 | ---D | C] -- C:\Users\Edvan\AppData\Roaming\Media Center Programs

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Common Files\Sistema

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Recovery

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas

[2011/05/13 21:35:18 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Arquivos Comuns

[2011/05/13 21:28:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2011/05/13 21:25:26 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2011/05/13 21:25:07 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2011/05/13 21:24:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther

========== Files - Modified Within 30 Days ==========

[2011/05/18 20:37:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Edvan\Desktop\OTL.exe

[2011/05/18 20:36:17 | 032,807,731 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-31.mp4

[2011/05/18 20:36:10 | 030,344,842 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-32.mp4

[2011/05/18 20:35:21 | 043,994,766 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-33.mp4

[2011/05/18 20:35:00 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/18 20:31:52 | 051,406,265 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-29.mp4

[2011/05/18 20:31:47 | 042,502,799 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-36.mp4

[2011/05/18 20:31:27 | 036,426,094 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-34.mp4

[2011/05/18 20:30:53 | 033,818,748 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-35.mp4

[2011/05/18 20:25:48 | 039,353,432 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-37.mp4

[2011/05/18 20:12:03 | 037,336,395 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-38.mp4

[2011/05/18 20:11:00 | 038,758,461 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-39.mp4

[2011/05/18 20:09:45 | 039,111,070 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-40.mp4

[2011/05/18 20:05:19 | 031,860,075 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-41.mp4

[2011/05/18 19:53:27 | 041,413,604 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-42.mp4

[2011/05/18 19:49:28 | 036,010,332 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-43.mp4

[2011/05/18 19:48:47 | 031,311,145 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-44.mp4

[2011/05/18 19:43:40 | 040,413,144 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-45.mp4

[2011/05/18 19:35:46 | 031,984,692 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-46.mp4

[2011/05/18 19:28:33 | 035,719,258 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-49.mp4

[2011/05/18 19:25:59 | 025,595,918 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-47.mp4

[2011/05/18 19:24:03 | 047,218,591 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-50.mp4

[2011/05/18 19:23:02 | 030,948,722 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-48.mp4

[2011/05/18 19:02:34 | 031,400,595 | ---- | M] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-54.mp4.ob!

[2011/05/18 06:46:51 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/18 06:46:51 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/18 06:45:02 | 000,663,606 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2011/05/18 06:45:02 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/05/18 06:45:02 | 000,127,896 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2011/05/18 06:45:02 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/05/18 06:39:38 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/18 06:39:14 | 000,369,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/05/18 06:39:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/18 06:38:44 | 1601,052,672 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/17 23:53:37 | 000,001,090 | ---- | M] () -- C:\Users\Edvan\Desktop\BrOffice 3.3.lnk

[2011/05/17 23:02:52 | 000,001,133 | ---- | M] () -- C:\Users\Edvan\Desktop\TeamViewer 6.lnk

[2011/05/17 11:04:05 | 000,036,544 | ---- | M] () -- C:\Users\Edvan\Desktop\ED_19_CORREIOS_2011_NM___RETIFICAO_4.pdf

[2011/05/17 04:12:07 | 000,089,609 | ---- | M] () -- C:\Users\Edvan\Desktop\Gab_Preliminar_COR11_001_11.pdf

[2011/05/17 00:41:15 | 000,381,624 | ---- | M] () -- C:\Users\Edvan\Desktop\COR11_001_11.pdf

[2011/05/17 00:20:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2011/05/16 23:04:12 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk

[2011/05/16 22:07:18 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\USB Disk Security.lnk

[2011/05/16 11:19:37 | 001,061,449 | ---- | M] () -- C:\Users\Edvan\Desktop\Aula 08 - Estudo da combustão - 15.04.11.pdf

[2011/05/16 11:14:36 | 000,312,482 | ---- | M] () -- C:\Users\Edvan\Desktop\Aula de revisão para a 2a prova - 13.05.2011.pdf

[2011/05/16 00:30:56 | 000,001,002 | ---- | M] () -- C:\Users\Edvan\Desktop\PhotoScape.lnk

[2011/05/15 23:16:16 | 000,002,732 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2011/05/15 23:14:34 | 000,001,024 | ---- | M] () -- C:\Users\Edvan\.rnd

[2011/05/15 14:32:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/05/15 00:47:19 | 000,399,618 | ---- | M] () -- C:\Users\Edvan\Desktop\Edital12_2011_Docente_publicado.pdf

[2011/05/14 13:57:16 | 000,001,022 | ---- | M] () -- C:\Users\Edvan\Desktop\Orbit.lnk

[2011/05/14 00:30:38 | 000,000,418 | ---- | M] () -- C:\Windows\ODBC.INI

[2011/05/14 00:12:09 | 000,002,079 | ---- | M] () -- C:\Users\Edvan\Desktop\Windows Live Messenger .lnk

[2011/05/13 23:50:56 | 000,001,217 | ---- | M] () -- C:\Users\Edvan\Desktop\Auslogics Disk Defrag.lnk

[2011/05/13 23:49:29 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/05/13 23:36:50 | 000,000,978 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/05/13 23:27:02 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/05/13 23:26:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011/05/13 21:29:16 | 000,051,938 | ---- | M] () -- C:\Windows\System32\license.rtf

[2011/05/10 09:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011/05/10 09:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011/05/10 09:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011/05/10 09:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011/05/10 09:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011/05/10 08:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011/05/10 08:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011/05/10 08:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

========== Files Created - No Company Name ==========

[2011/05/18 18:18:18 | 031,400,595 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-54.mp4.ob!

[2011/05/18 18:18:11 | 047,218,591 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-50.mp4

[2011/05/18 18:18:08 | 035,719,258 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-49.mp4

[2011/05/18 18:18:08 | 031,984,692 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-46.mp4

[2011/05/18 18:18:06 | 030,948,722 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-48.mp4

[2011/05/18 18:18:05 | 025,595,918 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-47.mp4

[2011/05/18 18:18:00 | 040,413,144 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-45.mp4

[2011/05/18 18:17:58 | 031,311,145 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-44.mp4

[2011/05/18 18:17:57 | 036,010,332 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-43.mp4

[2011/05/18 18:17:55 | 041,413,604 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-42.mp4

[2011/05/18 18:17:53 | 031,860,075 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-41.mp4

[2011/05/18 18:17:51 | 039,111,070 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-40.mp4

[2011/05/18 18:17:50 | 033,818,748 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-35.mp4

[2011/05/18 18:17:49 | 038,758,461 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-39.mp4

[2011/05/18 18:17:47 | 037,336,395 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-38.mp4

[2011/05/18 18:17:45 | 039,353,432 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-37.mp4

[2011/05/18 18:17:45 | 036,426,094 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-34.mp4

[2011/05/18 18:17:43 | 042,502,799 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-36.mp4

[2011/05/18 18:16:14 | 043,994,766 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-33.mp4

[2011/05/18 18:11:06 | 030,344,842 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-32.mp4

[2011/05/18 18:08:50 | 032,807,731 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-31.mp4

[2011/05/18 17:48:53 | 051,406,265 | ---- | C] () -- C:\Users\Edvan\Desktop\kilvia-janeiro-2010-bacen-29.mp4

[2011/05/17 23:53:37 | 000,001,090 | ---- | C] () -- C:\Users\Edvan\Desktop\BrOffice 3.3.lnk

[2011/05/17 23:02:52 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk

[2011/05/17 23:02:52 | 000,001,133 | ---- | C] () -- C:\Users\Edvan\Desktop\TeamViewer 6.lnk

[2011/05/17 11:04:13 | 000,036,544 | ---- | C] () -- C:\Users\Edvan\Desktop\ED_19_CORREIOS_2011_NM___RETIFICAO_4.pdf

[2011/05/17 04:12:01 | 000,089,609 | ---- | C] () -- C:\Users\Edvan\Desktop\Gab_Preliminar_COR11_001_11.pdf

[2011/05/17 00:41:15 | 000,381,624 | ---- | C] () -- C:\Users\Edvan\Desktop\COR11_001_11.pdf

[2011/05/16 23:04:12 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk

[2011/05/16 22:13:19 | 000,304,463 | ---- | C] () -- C:\Users\Edvan\Desktop\PenClean.exe

[2011/05/16 22:07:18 | 000,001,041 | ---- | C] () -- C:\Users\Public\Desktop\USB Disk Security.lnk

[2011/05/16 11:19:17 | 001,061,449 | ---- | C] () -- C:\Users\Edvan\Desktop\Aula 08 - Estudo da combustão - 15.04.11.pdf

[2011/05/16 11:14:28 | 000,312,482 | ---- | C] () -- C:\Users\Edvan\Desktop\Aula de revisão para a 2a prova - 13.05.2011.pdf

[2011/05/16 00:30:56 | 000,001,002 | ---- | C] () -- C:\Users\Edvan\Desktop\PhotoScape.lnk

[2011/05/16 00:30:51 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/05/16 00:30:50 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/05/15 23:16:16 | 000,002,732 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk

[2011/05/15 23:14:33 | 000,001,024 | ---- | C] () -- C:\Users\Edvan\.rnd

[2011/05/15 14:32:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2011/05/15 00:47:19 | 000,399,618 | ---- | C] () -- C:\Users\Edvan\Desktop\Edital12_2011_Docente_publicado.pdf

[2011/05/14 13:57:16 | 000,001,022 | ---- | C] () -- C:\Users\Edvan\Desktop\Orbit.lnk

[2011/05/14 00:30:38 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/05/14 00:12:09 | 000,002,079 | ---- | C] () -- C:\Users\Edvan\Desktop\Windows Live Messenger .lnk

[2011/05/13 23:50:56 | 000,001,217 | ---- | C] () -- C:\Users\Edvan\Desktop\Auslogics Disk Defrag.lnk

[2011/05/13 23:49:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2011/05/13 23:49:29 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2011/05/13 23:36:50 | 000,000,978 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/05/13 23:27:02 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2011/05/13 22:09:48 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2011/05/13 22:09:48 | 000,121,232 | ---- | C] () -- C:\Windows\System32\IScrNB.bmp

[2011/05/13 21:36:23 | 000,001,393 | ---- | C] () -- C:\Users\Edvan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2011/05/13 21:29:08 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2011/05/13 21:28:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2011/05/13 21:25:07 | 1601,052,672 | -HS- | C] () -- C:\hiberfil.sys

[2009/07/14 05:31:12 | 000,663,606 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2009/07/14 05:31:12 | 000,323,154 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2009/07/14 05:31:12 | 000,127,896 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2009/07/14 05:31:12 | 000,038,536 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2009/07/14 01:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 01:33:53 | 000,369,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/13 23:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/13 23:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/13 23:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/13 23:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/13 23:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/13 23:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/13 21:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/13 20:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 18:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Purity Check ==========

========== Custom Scans ==========

Invalid Environment Variable: AllDrive

< %AppData% >

Invalid Environment Variable: Local Appdata

< %ProgramData% >

Invalid Environment Variable: Startup

< %systemdrive%\*.* >

[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/05/18 06:38:44 | 1601,052,672 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/17 00:20:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe

[2011/05/18 06:38:44 | 2134,736,896 | -HS- | M] () -- C:\pagefile.sys

< %Temp% >

< %UserProfile%\*.* >

[2011/05/15 23:14:34 | 000,001,024 | ---- | M] () -- C:\Users\Edvan\.rnd

[2011/05/18 20:42:39 | 001,835,008 | -HS- | M] () -- C:\Users\Edvan\NTUSER.DAT

[2011/05/18 20:42:39 | 000,262,144 | -HS- | M] () -- C:\Users\Edvan\ntuser.dat.LOG1

[2011/05/13 21:35:31 | 000,000,000 | -HS- | M] () -- C:\Users\Edvan\ntuser.dat.LOG2

[2011/05/13 22:08:41 | 000,065,536 | -HS- | M] () -- C:\Users\Edvan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2011/05/13 22:08:41 | 000,524,288 | -HS- | M] () -- C:\Users\Edvan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2011/05/13 22:08:41 | 000,524,288 | -HS- | M] () -- C:\Users\Edvan\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2011/05/13 21:35:31 | 000,000,020 | -HS- | M] () -- C:\Users\Edvan\ntuser.ini

[2011/05/16 00:59:11 | 000,024,064 | -HS- | M] () -- C:\Users\Edvan\Thumbs.db

< %windir%\Temp\*.* >

[2011/05/18 11:22:52 | 000,000,088 | ---- | M] () -- C:\Windows\Temp\coinlog.log

[2011/05/18 19:02:19 | 000,000,608 | ---- | M] () -- C:\Windows\Temp\fwtsqmfile00.sqm

[2011/05/18 06:31:46 | 000,000,090 | ---- | M] () -- C:\Windows\Temp\GoogleToolbarInstaller1.log

[2011/05/18 17:23:43 | 000,006,738 | ---- | M] () -- C:\Windows\Temp\MpCmdRun.log

[2011/05/17 10:53:12 | 000,003,332 | ---- | M] () -- C:\Windows\Temp\MpSigStub.log

< >

< End of report >

wings · Maio 18, 2011

1.

*Baixe o USBFix e salve-o no desktop

*Conecte o pen drive no PC

*Execute-o e clique [Pesquisa]

*Ao finalizar, remova o pen drive e cole o relatório apresentado

Edvan · Maio 19, 2011

Bom dia wings.

Então cara, não tenho pendrive aqui em casa, na verdade foi um pendrive que minha irmã conectou aqui no pc, ela trouxe de uma amiga do trabalho.

desde então vejo que o pc está com alguns problemas!

OBS: Inclusive instalei alguns programas aqui, não sei se ajuda em alguma coisa:

1º USB Disk Security

2º Panda USB Vaccine

3º PenClean

Abraço.

wings · Maio 19, 2011

Desconsidere a etapa do pendrive e execute o USBFix.

Edvan · Maio 19, 2011

############################## | UsbFix 7.045 | [Pesquisa]

Usuário: Edvan (Administrador) # EDVAN-PC [ ]

Atualizado em 15/05/2011 por TeamXscript

Começou em 07:38:22 | 19/05/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel® Celeron® CPU E3200 @ 2.40GHz

CPU 2: Intel® Celeron® CPU E3200 @ 2.40GHz

Microsoft Windows 7 Professional (6.1.7600 32-Bit) #

Internet Explorer 8.0.7600.16385

Windows Firewall: Habilitado

RAM -> 2036 Mb

C:\ (%systemdrive%) -> Disco fixo # 51 Gb (21 Mb livre - 40%) [Windows 7] # NTFS

D:\ -> Disco fixo # 34 Gb (7 Mb livre - 21%) [Andreza] # NTFS

E:\ -> Disco fixo # 15 Gb (1 Mb livre - 10%) [Eduardo] # NTFS

F:\ -> Disco fixo # 25 Gb (4 Mb livre - 17%) [MEUS DADOS] # NTFS

G:\ -> Disco fixo # 620 Mb (561 Mb livre - 91%) [Rodar o Crack do Seven] # NTFS

H:\ -> CD-ROM

################## | Ficheiros # pastas infeciosos |

Presente ! F:\MSN

################## | Registro |

################## | Mountpoints2 |

################## | Vaccin |

(!) Este computador não é vacinada!

################## | E.O.F |

wings · Maio 19, 2011

você sabe o que há nesta pasta?

F:\MSN

*Faça um scan online com o NOD32

*Ao término cole o relatório criado em C:\Arquivos de programas\EsetOnlineScanner\log

Edvan · Maio 21, 2011

você sabe o que há nesta pasta?

F:\MSN

Sim, já excluir..

OBS: o scan online do NOD32 pegou 5 virus, mais setei a opção de excluir o virus e o instalador, daí não pude mais pegar o log em:

C:\Arquivos de programas\EsetOnlineScanner\log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 23:27:41, on 20/05/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16766)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TeamViewer\Version6\TeamViewer.exe

C:\Windows\system32\wuauclt.exe

C:\HiJackThis.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\msdt.exe

C:\Windows\System32\sdiagnhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe