[Resolvido] &nbspPC demora para desligar, antivirus está estranho, etc

[Annluciap 0]

Segue log do hijackthis. Obrigada.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:10:11, on 17/11/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17103)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\FSGK32.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\WINDOWS\system32\wdfmgr.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Arquivos de programas\F-Secure\Common\FSM32.EXE

C:\Arquivos de programas\F-Secure\Common\FSHDLL32.EXE

C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\Arquivos de programas\F-Secure\Common\FIH32.EXE

C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [statusClient] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto

O4 - HKLM\..\Run: [TomcatStartup] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

O4 - HKLM\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [soundMax] "C:\Arquivos de programas\Analog Devices\SoundMAX\smax4.exe" /tray

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: tvtnetwk - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

 

--

End of file - 10685 bytes

[wings 22]

Olá Annluciap

 

 

*Baixe o OTL e salve-o no desktop

 

*Execute-o e selecione as opções:

Verificar All Users

Usar WhiteList para Nomes de Companhias

Ignorar Arquivos Microsoft

Verificar LOP

Verificar Purity

*Cole o código, em marrom, no espaço abaixo de Exames Personalizados/Correções

CREATERESTOREPOINT

*Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt localizados no desktop

 

Caso o relatório OTL.txt fique demasiadamente grande...

 

*Acesse este link

*Selecione 4 jours

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

[Annluciap 0]

Olá, seguem logs.

 

Obrigada.

 

OTL logfile created on: 18/11/2011 12:30:54 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Aperte enter\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1,96 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 71,40% Memory free

3,81 Gb Paging File | 3,29 Gb Available in Paging File | 86,52% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 145,57 Gb Total Space | 102,65 Gb Free Space | 70,51% Space Free | Partition Type: NTFS

 

Computer Name: DAMATTA | User Name: Aperte enter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/08/05 12:08:16 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

PRC - [2012/08/05 12:06:52 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

PRC - [2012/08/05 12:06:51 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32.exe

PRC - [2011/11/18 12:26:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

PRC - [2011/08/30 14:55:14 | 000,062,152 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

PRC - [2011/08/30 14:55:02 | 000,189,128 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FNRB32.exe

PRC - [2011/08/30 14:55:02 | 000,131,784 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FIH32.exe

PRC - [2011/08/30 14:54:56 | 000,303,816 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSM32.EXE

PRC - [2011/08/30 14:54:56 | 000,189,128 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSMA32.EXE

PRC - [2011/08/30 14:54:56 | 000,090,824 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSHDLL32.EXE

PRC - [2011/08/30 14:54:38 | 000,582,344 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\FWES\program\fsdfwd.exe

PRC - [2011/08/30 14:54:14 | 000,221,896 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Arquivos de programas\Lenovo\System Update\SUService.exe

PRC - [2011/02/24 12:39:12 | 000,057,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2010/09/21 16:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

PRC - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2007/07/11 20:32:06 | 000,022,016 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

PRC - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

PRC - [2007/01/30 01:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe

PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2005/09/12 22:22:44 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE

PRC - [2005/04/13 14:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe

PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2002/12/16 17:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

PRC - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/08/05 12:07:32 | 000,030,888 | ---- | M] () -- C:\Arquivos de programas\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll

MOD - [2011/10/13 12:27:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

MOD - [2011/10/13 12:27:07 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

MOD - [2011/10/13 12:23:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

MOD - [2011/10/13 12:21:52 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

MOD - [2011/10/13 12:21:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011/08/30 14:54:24 | 000,086,016 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\strres.eng

MOD - [2011/08/30 14:54:22 | 000,553,672 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\gres.dll

MOD - [2011/08/30 14:54:22 | 000,143,360 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\flyerres.eng

MOD - [2011/08/30 14:54:22 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\fsavures.eng

MOD - [2011/08/30 14:54:20 | 000,443,080 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\about.dll

MOD - [2011/08/30 14:54:20 | 000,090,824 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\aboutres.dll

MOD - [2011/08/30 14:54:14 | 000,036,864 | ---- | M] () -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsavhres.eng

MOD - [2009/02/27 20:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2008/02/19 00:54:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

MOD - [2007/07/11 20:32:06 | 000,022,016 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

MOD - [2007/07/11 20:31:30 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\CDRecord.dll

MOD - [2007/07/11 20:31:30 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\CDRecord.dll

MOD - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

MOD - [2003/08/29 07:21:59 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

MOD - [2001/05/06 12:14:24 | 000,765,952 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll

MOD - [2001/05/06 12:14:22 | 000,086,093 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll

MOD - [2001/05/06 12:14:22 | 000,053,326 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll

MOD - [2001/05/06 12:14:22 | 000,053,319 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll

MOD - [2001/05/06 12:14:22 | 000,032,841 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll

MOD - [2001/05/06 12:14:22 | 000,028,753 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll

MOD - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/08/30 14:55:14 | 000,062,152 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2011/08/30 14:55:02 | 000,189,128 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)

SRV - [2011/08/30 14:54:56 | 000,189,128 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE -- (FSMA)

SRV - [2011/08/30 14:54:38 | 000,582,344 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2011/08/30 14:54:14 | 000,221,896 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Arquivos de programas\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011/02/24 12:39:12 | 000,057,120 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2007/01/30 01:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005/10/06 19:12:52 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

SRV - [2002/08/01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2012/08/05 12:10:26 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)

DRV - [2011/08/30 14:54:38 | 000,083,304 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)

DRV - [2011/08/30 14:54:14 | 000,149,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2011/02/24 12:38:56 | 000,047,008 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2007/05/22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007/05/22 05:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007/05/11 09:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/05/01 10:29:20 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)

DRV - [2006/11/06 06:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006/03/17 08:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/02/02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/02/02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/02/02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/02/02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/02/02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/02/02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/02/02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)

DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)

DRV - [2001/09/06 00:21:46 | 000,322,560 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.ufrgs.br/ufrgs/"

FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Arquivos de programas\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Arquivos de programas\F-Secure\NRS\litmus-ff@f-secure.com [2012/08/05 12:06:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/11/10 10:55:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/08/05 11:38:27 | 000,000,000 | ---D | M]

 

[2008/10/28 11:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Extensions

[2011/11/07 12:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions

[2010/06/02 14:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/26 18:07:25 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2011/11/07 12:13:53 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2011/08/15 11:05:47 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\coralietab@mozdev.org

[2011/11/10 10:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2011/11/10 10:55:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/30 13:43:27 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2011/09/30 13:43:26 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/10 10:55:05 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2011/09/30 13:43:26 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/09/30 13:43:26 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/09/09 16:11:59 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [F-Secure Manager] C:\Arquivos de programas\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)

O4 - HKLM..\Run: [statusClient] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TomcatStartup] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Aleph 500.14.2 Version Check.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 143.54.1.52 143.54.1.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F9F920-6F6F-48E6-9699-8D20A918C3F3}: DhcpNameServer = 143.54.1.52 143.54.1.53

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/02/16 06:27:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/12/05 16:58:00 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/05 14:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Sonic

[2012/08/05 14:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Leadertech

[2012/08/05 12:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\F-Secure Client Security

[2012/08/05 12:03:54 | 000,083,304 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys

[2012/08/05 12:02:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\F-Secure

[2012/08/05 11:38:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe

[2011/11/18 12:27:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

[2011/11/17 15:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aperte enter\Recent

[2011/10/27 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Transferências de registros BC

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/08/05 18:40:22 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Cutter.INI

[2012/08/05 12:10:26 | 000,042,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2012/08/05 12:03:54 | 000,687,682 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/08/05 12:03:54 | 000,632,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/08/05 12:03:54 | 000,176,928 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/08/05 12:03:54 | 000,148,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/18 12:26:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

[2011/11/18 12:22:27 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/11/18 12:21:07 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/18 12:19:45 | 000,025,285 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2011/11/18 12:19:29 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2011/11/18 12:19:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/18 12:19:09 | 2102,706,176 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/17 16:19:42 | 000,655,360 | ---- | M] () -- C:\alertlog.dat

[2011/11/17 15:28:59 | 000,282,296 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111117_152856.reg

[2011/11/10 10:50:14 | 000,009,462 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Desktop\Relatorio Eleicao CIS 2011.pdf

[2011/11/04 13:49:14 | 000,328,278 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111104_134908.reg

[2011/10/20 10:48:20 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Desktop\Atalho para NOME Profs PI Atualizada em 20102011.lnk

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/08/06 11:44:53 | 2102,706,176 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/05 11:38:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader 9.lnk

[2011/11/17 15:28:57 | 000,282,296 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111117_152856.reg

[2011/11/10 10:50:14 | 000,009,462 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Desktop\Relatorio Eleicao CIS 2011.pdf

[2011/11/04 13:49:11 | 000,328,278 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111104_134908.reg

[2011/10/20 10:48:20 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Desktop\Atalho para NOME Profs PI Atualizada em 20102011.lnk

[2010/03/24 19:28:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll

[2010/03/24 19:28:07 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe

[2010/03/15 12:04:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2010/02/22 14:09:21 | 000,018,353 | ---- | C] () -- C:\WINDOWS\hplj1010.ini

[2010/01/04 13:44:54 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/04 14:02:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll

[2009/11/26 10:51:30 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/12/02 12:51:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008/12/02 12:51:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008/12/02 12:51:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008/12/02 12:51:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008/11/11 15:02:04 | 000,000,560 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/10/07 15:03:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Cutter.INI

[2008/09/30 11:43:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/09/29 15:54:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\UniCType.dll

[2008/09/29 15:54:30 | 000,036,926 | ---- | C] () -- C:\WINDOWS\System32\Log2Vis.dll

[2008/09/29 15:44:57 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\fusioncache.dat

[2008/02/19 04:49:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2008/02/19 01:24:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/02/19 01:08:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2008/02/19 01:04:15 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/02/19 01:02:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/02/19 01:02:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/02/19 01:02:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/02/19 01:02:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/02/19 01:02:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/02/19 01:02:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/02/19 00:58:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL

[2008/02/19 00:58:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE

[2008/02/19 00:58:19 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini

[2008/02/19 00:58:19 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini

[2008/02/19 00:54:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config

[2007/07/27 04:37:40 | 000,025,285 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/07/27 04:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2007/01/16 13:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2006/02/17 03:35:45 | 000,002,338 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/02/16 10:08:53 | 000,687,682 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

[2006/02/16 10:08:53 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

[2006/02/16 10:08:53 | 000,176,928 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

[2006/02/16 10:08:53 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

[2006/02/16 10:08:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/16 10:08:29 | 000,632,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/16 10:08:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/16 10:08:29 | 000,148,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/16 10:08:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/16 10:08:28 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/16 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/16 10:08:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/02/16 10:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/16 10:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/16 10:08:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/16 10:08:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/02/16 06:32:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/02/16 06:23:35 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/02/16 03:16:54 | 000,004,405 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/02/16 03:15:55 | 000,370,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/08/29 07:21:59 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2001/07/26 16:41:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\winifs.dll

[2001/01/07 13:10:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\intl.dll

[1999/11/03 14:01:04 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\libjcc.dll

[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2009/12/14 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admcsh\Dados de aplicativos\Houaiss3

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admcsh\Dados de aplicativos\Lenovo

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Lenovo

[2010/05/06 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nvu

[2010/06/16 19:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PDFCreator

[2012/08/05 12:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\F-Secure

[2009/11/26 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\fssg

[2011/05/03 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/03/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Innovative Solutions

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lenovo

[2010/09/09 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp

[2010/01/07 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\.purple

[2011/03/01 16:43:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\InstallJammer Registry

[2008/10/28 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\InterVideo

[2012/08/05 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Leadertech

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Lenovo

[2010/06/16 19:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\PDFcreator

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\Lenovo

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatiane\Dados de aplicativos\Lenovo

[2011/11/18 12:22:27 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:0C986105_Bb.gbp

 

< End of report >

 

OTL Extras logfile created on: 18/11/2011 12:30:55 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Aperte enter\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1,96 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 71,40% Memory free

3,81 Gb Paging File | 3,29 Gb Available in Paging File | 86,52% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 145,57 Gb Total Space | 102,65 Gb Free Space | 70,51% Space Free | Partition Type: NTFS

 

Computer Name: DAMATTA | User Name: Aperte enter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0 Beta 2

"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data

"{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 20

"{292C47B2-8DB7-47BF-896C-C3C5EE8108C4}" = hp LaserJet 1010 Series

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15

"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{76C5CB62-53D5-4F95-95DC-4ED9D8D355EB}" = Winbond TPM Device Driver

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{7D5C6E28-17D0-4DF7-B779-151A2A8E5A2F}" = F-Secure Client Security

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{8618F932-5FFA-48BE-B39A-2F606761EBDC}" = Arquivos de Suporte da Instalação do Microsoft SQL Server (Inglês)

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{977979FA-09FD-4163-871C-3DBF23D86808}" = OCLC Dewey Cutter Program

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio

"{AC76BA86-7AD7-1046-7B44-A92000000001}" = Adobe Reader 9.2 - Português

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2A1286C-D823-4076-AA5E-FECCF45344D1}" = F-Secure Client Security

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B4002E0F-AF82-40C0-9EAB-F1D05C072F31}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Ajuda de Acesso

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = Centro de Produtividade do ThinkVantage

"{D2BC2B4E-F8E5-4EAB-8062-C9EF2578FF40}" = F-Secure Client Security 9.20

"{D728E945-256D-4477-B377-6BBA693714AC}" = Complemento do Centro de Produtividade para ThinkCentre

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery

"{F398B059-0711-490E-8552-1453FF04098F}" = Microsoft SQL Server Native Client

"{F5C549C0-8A49-4911-A9B5-EE94C627A177}" = Gravador do Microsoft SQL Server VSS

"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Aleph 500" = Aleph 500 20.1

"AwayTask" = Maintenance Manager

"CCleaner" = CCleaner (remove only)

"Dicionário eletrônico Houaiss da língua portuguesa_is1" = Dicionário eletrônico Houaiss 3.0

"DMX5_is1" = DriverMax 5

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"F-Secure Anti-Virus" = F-Secure Client Security - Proteção contra vírus e spyware

"F-Secure E-mail Scanning" = F-Secure Client Security - Verificação de e-mail

"F-Secure ExploitShield" = F-Secure Client Security - Proteção de navegação

"F-Secure Internet Shield" = F-Secure Client Security - Escudo da Internet

"F-Secure Protocol Scanner" = F-Secure Client Security - Verificação do tráfego da web

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

"Lenovo Registration" = Lenovo Registration

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MouseSuite98" = Mouse Suite

"Mozilla Firefox 8.0 (x86 pt-BR)" = Mozilla Firefox 8.0 (x86 pt-BR)

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Nvu_is1" = Nvu 1.0PR

"PROSet" = Intel® PRO Network Connections Drivers

"Receitanet Java 2010.02a" = Receitanet Java 2010.02a

"Remove Multimedia Center" = Remove Multimedia Center

"VLC media player" = VLC media player 1.0.5

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WMCSetup" = Windows Media Connect

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GTK 2.0" = Ambiente de tempo de execução do GTK+ 2.14.6 rev a (apenas remover)

"IRPF2011" = IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

"Pidgin" = Pidgin

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 6/8/2012 09:45:59 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 6/8/2012 09:45:59 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 6/8/2012 09:46:00 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 6/8/2012 09:55:27 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 6/8/2012 09:55:27 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 6/8/2012 09:55:28 | Computer Name = DAMATTA | Source = crypt32 | ID = 131083

Description = Falha ao extrair lista de raízes de terceiros do CAB de atualização

automática em: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

com erro: Um certificado necessário não está no seu período de validade ao ser

verificado em relação à hora atual do sistema ou ao carimbo de data/hora no arquivo

assinado.

 

Error - 17/11/2011 13:33:19 | Computer Name = DAMATTA | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Erro ao mapear índices do objeto/contador de desempenho do SQL Server

para nomes de objeto/contador. Os contadores de desempenho do SQL Server estão

desabilitados.

 

Error - 17/11/2011 13:33:19 | Computer Name = DAMATTA | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Falha na configuração da memória compartilhada do contador de desempenho

com o erro -1. Reinstale o arquivo sqlctr.ini nessa instância e verifique se a

conta de logon da instância tem permissões corretas de Registro.

 

Error - 18/11/2011 10:19:36 | Computer Name = DAMATTA | Source = MSSQL$SQLEXPRESS | ID = 8313

Description = Erro ao mapear índices do objeto/contador de desempenho do SQL Server

para nomes de objeto/contador. Os contadores de desempenho do SQL Server estão

desabilitados.

 

Error - 18/11/2011 10:19:36 | Computer Name = DAMATTA | Source = MSSQL$SQLEXPRESS | ID = 3409

Description = Falha na configuração da memória compartilhada do contador de desempenho

com o erro -1. Reinstale o arquivo sqlctr.ini nessa instância e verifique se a

conta de logon da instância tem permissões corretas de Registro.

 

[ System Events ]

Error - 5/8/2012 14:26:01 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador Buganville, utilizando

um dos protocolos configurados.

 

Error - 5/8/2012 14:26:34 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador CELI, utilizando

um dos protocolos configurados.

 

Error - 5/8/2012 14:26:34 | Computer Name = DAMATTA | Source = DCOM | ID = 10006

Description = Erro "%2147942405" no DCOM do computador PALMA ao tentar ativar o servidor:

{5A5AA0AA-1DEB-4683-96B0-B43301E83971}

 

Error - 5/8/2012 14:26:35 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador 143.54.232.54,

utilizando um dos protocolos configurados.

 

Error - 5/8/2012 14:26:37 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador Buganville, utilizando

um dos protocolos configurados.

 

Error - 5/8/2012 14:27:09 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador CELI, utilizando

um dos protocolos configurados.

 

Error - 5/8/2012 14:27:09 | Computer Name = DAMATTA | Source = DCOM | ID = 10006

Description = Erro "%2147942405" no DCOM do computador PALMA ao tentar ativar o servidor:

{5A5AA0AA-1DEB-4683-96B0-B43301E83971}

 

Error - 5/8/2012 14:27:10 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador 143.54.232.54,

utilizando um dos protocolos configurados.

 

Error - 5/8/2012 14:27:13 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador Buganville, utilizando

um dos protocolos configurados.

 

Error - 5/8/2012 14:27:45 | Computer Name = DAMATTA | Source = DCOM | ID = 10009

Description = Não foi possível comunicar o DCOM com o computador CELI, utilizando

um dos protocolos configurados.

 

 

< End of report >

[wings 22]

1.

*Baixe o ERUNT

*Crie uma pasta em C:\ chamada ERUNT e extraia para ela

*Execute o arquivo C:\ERUNT\ERUNT.exe

*Clique [OK] > [OK] > [sim] > [OK]

 

2.

*Execute o OTL

*Cole o código, em vermelho, no espaço abaixo de Exames Personalizados/Correções:

:OTL

O4 - HKLM..\Run: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Aleph 500.14.2 Version Check.lnk = File not found

 

:Commands

[emptytemp]

[reboot]

*Clique [Consertar] e o PC será reiniciado

*Cole o relatório apresentado

 

3.

*Baixe o Win32kDiag e salve-o no desktop

*Execute-o e ao término tecle [ENTER]

*Cole o relatório Win32kDiag.txt localizado no desktop

[Annluciap 0]

Olá, seguem logs.

 

Obrigada.

 

OTL logfile created on: 18/11/2011 16:07:17 - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Aperte enter\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

 

1,96 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 71,96% Memory free

3,81 Gb Paging File | 3,31 Gb Available in Paging File | 87,05% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 145,57 Gb Total Space | 102,61 Gb Free Space | 70,49% Space Free | Partition Type: NTFS

 

Computer Name: DAMATTA | User Name: Aperte enter | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/08/05 12:08:16 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsav32.exe

PRC - [2012/08/05 12:06:52 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fssm32.exe

PRC - [2012/08/05 12:06:51 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32.exe

PRC - [2011/11/18 12:26:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

PRC - [2011/08/30 14:55:14 | 000,062,152 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

PRC - [2011/08/30 14:55:02 | 000,189,128 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FNRB32.exe

PRC - [2011/08/30 14:55:02 | 000,131,784 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FIH32.exe

PRC - [2011/08/30 14:54:56 | 000,303,816 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSM32.EXE

PRC - [2011/08/30 14:54:56 | 000,189,128 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSMA32.EXE

PRC - [2011/08/30 14:54:56 | 000,090,824 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\common\FSHDLL32.EXE

PRC - [2011/08/30 14:54:38 | 000,582,344 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\FWES\program\fsdfwd.exe

PRC - [2011/08/30 14:54:14 | 000,221,896 | ---- | M] (F-Secure Corporation) -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

PRC - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Arquivos de programas\Lenovo\System Update\SUService.exe

PRC - [2011/02/24 12:39:12 | 000,057,120 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe

PRC - [2010/09/21 16:37:40 | 000,932,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/03/04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

PRC - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2007/07/11 20:32:06 | 000,022,016 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

PRC - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

PRC - [2007/01/30 01:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE

PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe

PRC - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006/05/18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2005/09/12 22:22:44 | 000,135,168 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE

PRC - [2005/04/13 14:34:28 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe

PRC - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

PRC - [2002/12/16 17:51:24 | 000,036,864 | ---- | M] (Hewlett-Packard) -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

PRC - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/08/05 12:07:32 | 000,030,888 | ---- | M] () -- C:\Arquivos de programas\F-Secure\Anti-Virus\minifilter\hashlib_x86.dll

MOD - [2011/10/13 12:27:38 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll

MOD - [2011/10/13 12:27:07 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll

MOD - [2011/10/13 12:23:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll

MOD - [2011/10/13 12:21:52 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll

MOD - [2011/10/13 12:21:44 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll

MOD - [2011/08/30 14:54:24 | 000,086,016 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\strres.eng

MOD - [2011/08/30 14:54:22 | 000,553,672 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\gres.dll

MOD - [2011/08/30 14:54:22 | 000,143,360 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\flyerres.eng

MOD - [2011/08/30 14:54:22 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\fsavures.eng

MOD - [2011/08/30 14:54:20 | 000,443,080 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\about.dll

MOD - [2011/08/30 14:54:20 | 000,090,824 | ---- | M] () -- C:\Arquivos de programas\F-Secure\FSGUI\aboutres.dll

MOD - [2011/08/30 14:54:14 | 000,036,864 | ---- | M] () -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsavhres.eng

MOD - [2009/02/27 20:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB

MOD - [2008/02/19 00:54:29 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_pt-BR_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll

MOD - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

MOD - [2007/07/11 20:32:06 | 000,022,016 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\Logger\logmon.exe

MOD - [2007/07/11 20:31:30 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\CDRecord.dll

MOD - [2007/07/11 20:31:30 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Lenovo\CDRecord.dll

MOD - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe

MOD - [2007/05/22 10:59:22 | 000,128,512 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll

MOD - [2003/11/06 15:51:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE

MOD - [2003/08/29 07:21:59 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL

MOD - [2001/10/28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll

MOD - [2001/05/06 12:14:24 | 000,765,952 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hotspot\jvm.dll

MOD - [2001/05/06 12:14:22 | 000,086,093 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\java.dll

MOD - [2001/05/06 12:14:22 | 000,053,326 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\zip.dll

MOD - [2001/05/06 12:14:22 | 000,053,319 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\verify.dll

MOD - [2001/05/06 12:14:22 | 000,032,841 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\net.dll

MOD - [2001/05/06 12:14:22 | 000,028,753 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\hpi.dll

MOD - [2001/05/06 12:14:22 | 000,020,549 | ---- | M] () -- C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/08/30 14:55:14 | 000,062,152 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)

SRV - [2011/08/30 14:55:02 | 000,189,128 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)

SRV - [2011/08/30 14:54:56 | 000,189,128 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE -- (FSMA)

SRV - [2011/08/30 14:54:38 | 000,582,344 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)

SRV - [2011/08/30 14:54:14 | 000,221,896 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)

SRV - [2011/07/26 00:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Arquivos de programas\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2011/02/24 12:39:12 | 000,057,120 | ---- | M] ( ) [unknown | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)

SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/07/11 20:38:44 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2007/07/11 19:19:00 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)

SRV - [2007/01/30 01:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)

SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2006/05/23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Arquivos de programas\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

SRV - [2005/10/06 19:12:52 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

SRV - [2002/08/01 11:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2012/08/05 12:10:26 | 000,042,672 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)

DRV - [2011/08/30 14:54:38 | 000,083,304 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)

DRV - [2011/08/30 14:54:14 | 000,149,704 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)

DRV - [2011/02/24 12:38:56 | 000,047,008 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\gbpkm.sys -- (GbpKm)

DRV - [2007/05/22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007/05/22 05:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2007/05/11 09:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2007/05/01 10:29:20 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)

DRV - [2006/11/06 06:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006/03/17 08:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)

DRV - [2006/02/02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/02/02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/02/02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/02/02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/02/02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/02/02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/02/02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/11/18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/11/18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2003/02/11 13:25:14 | 000,009,216 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf)

DRV - [2003/01/10 13:55:32 | 000,016,384 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse)

DRV - [2001/09/06 00:21:46 | 000,322,560 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/ufrgs/

IE - HKU\S-1-5-21-10588400-916604807-3186006447-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.ufrgs.br/ufrgs/"

FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.7.8

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Arquivos de programas\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Arquivos de programas\F-Secure\NRS\litmus-ff@f-secure.com [2012/08/05 12:06:34 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2011/11/10 10:55:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/08/05 11:38:27 | 000,000,000 | ---D | M]

 

[2008/10/28 11:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Extensions

[2011/11/07 12:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions

[2010/06/02 14:03:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/26 18:07:25 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2011/11/07 12:13:53 | 000,000,000 | ---D | M] (Modulo de Protecao - Banco do Brasil) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

[2011/08/15 11:05:47 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\extensions\coralietab@mozdev.org

[2011/11/10 10:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2011/11/10 10:55:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll

[2010/04/12 18:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\mozilla firefox\plugins\npdeployJava1.dll

[2011/09/30 13:43:27 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\buscape.xml

[2011/09/30 13:43:26 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\mercadolivre.xml

[2011/11/10 10:55:05 | 000,002,040 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

[2011/09/30 13:43:26 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\wikipedia-br.xml

[2011/09/30 13:43:26 | 000,000,952 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2010/09/09 16:11:59 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [F-Secure Manager] C:\Arquivos de programas\F-Secure\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)

O4 - HKLM..\Run: [statusClient] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TomcatStartup] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Aleph 500.14.2 Version Check.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)

O15 - HKU\S-1-5-21-10588400-916604807-3186006447-1008\..Trusted Domains: bb.com.br ([www] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 143.54.1.52 143.54.1.53

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7F9F920-6F6F-48E6-9699-8D20A918C3F3}: DhcpNameServer = 143.54.1.52 143.54.1.53

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Arquivos de programas\Windows Defender\MpShHook.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/02/16 06:27:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/12/05 16:58:00 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/08/05 14:17:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Sonic

[2012/08/05 14:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Leadertech

[2012/08/05 12:06:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\F-Secure Client Security

[2012/08/05 12:03:54 | 000,083,304 | ---- | C] (F-Secure Corporation) -- C:\WINDOWS\System32\drivers\fsdfw.sys

[2012/08/05 12:02:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\F-Secure

[2012/08/05 11:38:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Adobe

[2011/11/18 16:02:28 | 000,000,000 | ---D | C] -- C:\Erunt

[2011/11/18 13:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aperte enter\Desktop\Logs

[2011/11/18 12:27:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

[2011/11/17 15:28:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Aperte enter\Recent

[2011/10/27 16:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\Transferências de registros BC

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012/08/05 18:40:22 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Cutter.INI

[2012/08/05 12:10:26 | 000,042,672 | ---- | M] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2012/08/05 12:03:54 | 000,687,682 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2012/08/05 12:03:54 | 000,632,232 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/08/05 12:03:54 | 000,176,928 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2012/08/05 12:03:54 | 000,148,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/18 16:02:54 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Desktop\Win32kDiag.exe

[2011/11/18 16:01:59 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/11/18 15:59:32 | 000,025,285 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2011/11/18 15:59:30 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/18 15:59:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2011/11/18 15:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/18 15:58:41 | 2102,706,176 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/18 14:41:17 | 000,655,360 | ---- | M] () -- C:\alertlog.dat

[2011/11/18 12:26:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aperte enter\Desktop\OTL.exe

[2011/11/17 15:28:59 | 000,282,296 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111117_152856.reg

[2011/11/04 13:49:14 | 000,328,278 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111104_134908.reg

[2011/10/20 10:48:20 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Aperte enter\Desktop\Atalho para NOME Profs PI Atualizada em 20102011.lnk

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012/08/06 11:44:53 | 2102,706,176 | -HS- | C] () -- C:\hiberfil.sys

[2012/08/05 11:38:27 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader 9.lnk

[2011/11/18 16:03:10 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Desktop\Win32kDiag.exe

[2011/11/17 15:28:57 | 000,282,296 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111117_152856.reg

[2011/11/04 13:49:11 | 000,328,278 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Meus documentos\cc_20111104_134908.reg

[2011/10/20 10:48:20 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Desktop\Atalho para NOME Profs PI Atualizada em 20102011.lnk

[2010/03/24 19:28:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll

[2010/03/24 19:28:07 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe

[2010/03/15 12:04:38 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll

[2010/02/22 14:09:21 | 000,018,353 | ---- | C] () -- C:\WINDOWS\hplj1010.ini

[2010/01/04 13:44:54 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/04 14:02:50 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll

[2009/11/26 10:51:30 | 000,042,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/12/02 12:51:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2008/12/02 12:51:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2008/12/02 12:51:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2008/12/02 12:51:29 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe

[2008/11/11 15:02:04 | 000,000,560 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/10/07 15:03:53 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Cutter.INI

[2008/09/30 11:43:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2008/09/29 15:54:30 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\UniCType.dll

[2008/09/29 15:54:30 | 000,036,926 | ---- | C] () -- C:\WINDOWS\System32\Log2Vis.dll

[2008/09/29 15:44:57 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Aperte enter\Configurações locais\Dados de aplicativos\fusioncache.dat

[2008/02/19 04:49:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll

[2008/02/19 01:24:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/02/19 01:08:09 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2008/02/19 01:04:15 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2008/02/19 01:02:58 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/02/19 01:02:58 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/02/19 01:02:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/02/19 01:02:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/02/19 01:02:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/02/19 01:02:58 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/02/19 00:58:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL

[2008/02/19 00:58:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE

[2008/02/19 00:58:19 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini

[2008/02/19 00:58:19 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini

[2008/02/19 00:54:32 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config

[2007/07/27 04:37:40 | 000,025,285 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/07/27 04:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2007/01/16 13:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/09/05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL

[2006/02/17 03:35:45 | 000,002,338 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/02/16 10:08:53 | 000,687,682 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

[2006/02/16 10:08:53 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

[2006/02/16 10:08:53 | 000,176,928 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

[2006/02/16 10:08:53 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

[2006/02/16 10:08:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/02/16 10:08:29 | 000,632,232 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/02/16 10:08:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/02/16 10:08:29 | 000,148,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/02/16 10:08:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/02/16 10:08:28 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/02/16 10:08:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/02/16 10:08:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/02/16 10:08:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/02/16 10:08:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/02/16 10:08:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/02/16 10:08:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/02/16 06:32:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/02/16 06:23:35 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/02/16 03:16:54 | 000,004,405 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/02/16 03:15:55 | 000,370,488 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003/08/29 07:21:59 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL

[2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2001/10/28 17:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll

[2001/07/26 16:41:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\winifs.dll

[2001/01/07 13:10:06 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\intl.dll

[1999/11/03 14:01:04 | 000,232,448 | ---- | C] () -- C:\WINDOWS\System32\libjcc.dll

[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2009/12/14 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admcsh\Dados de aplicativos\Houaiss3

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admcsh\Dados de aplicativos\Lenovo

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Lenovo

[2010/05/06 17:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nvu

[2010/06/16 19:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PDFCreator

[2012/08/05 12:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\F-Secure

[2009/11/26 10:50:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\fssg

[2011/05/03 15:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

[2010/03/12 11:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Innovative Solutions

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Lenovo

[2010/09/09 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp

[2010/01/07 15:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\.purple

[2011/03/01 16:43:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\InstallJammer Registry

[2008/10/28 16:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\InterVideo

[2012/08/05 14:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Leadertech

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\Lenovo

[2010/06/16 19:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aperte enter\Dados de aplicativos\PDFcreator

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Dados de aplicativos\Lenovo

[2008/02/19 01:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tatiane\Dados de aplicativos\Lenovo

[2011/11/18 16:01:59 | 000,000,346 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 204 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\WINDOWS\system32:0C986105_Bb.gbp

 

< End of report >

 

 

Running from: C:\Documents and Settings\Aperte enter\Desktop\Win32kDiag.exe

 

Log file at : C:\Documents and Settings\Aperte enter\Desktop\Win32kDiag.txt

 

WARNING: Could not get backup privileges!

 

Searching 'C:\WINDOWS'...

 

 

 

 

 

Finished!

[wings 22]

Acho que você não leu e não fez corretamente o procedimento que solicitei para o OTL. Leia com atenção e faça-o.

[Annluciap 0]

Acho que você não leu e não fez corretamente o procedimento que solicitei para o OTL. Leia com atenção e faça-o.

 

Refiz de novo os procedimento para o OTL.

 

Segue log.

 

Espero que agora esteja certo.

 

Obrigada.

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

File move failed. C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Aleph 500.14.2 Version Check.lnk scheduled to be moved on reboot.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admcsh

->Temp folder emptied: 149912 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Aperte enter

->Temp folder emptied: 151711 bytes

->Temporary Internet Files folder emptied: 2315413 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 26594322 bytes

->Flash cache emptied: 685 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 912 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Tatiane

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3829 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 28,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_175116

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Aleph 500.14.2 Version Check.lnk not found!

File\Folder C:\Documents and Settings\NetworkService\Configurações locais\Temp\Perflib_Perfdata_438.dat not found!

 

Registry entries deleted on Reboot...

[wings 22]

1.

*Delete o Win32kDiag e o relatório Win32kDiag.txt localizados no desktop.

 

2.

*Desative temporariamente seu antivírus

 

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

 

Algumas observações:

1) Não use o mouse nem o teclado durante as etapas!!

2) Para interromper o scan, tecle N

 

*Cole o relatório apresentado

[Annluciap 0]

Segue log.

 

Obrigada de novo.

 

ComboFix 11-11-18.02 - Aperte enter 18/11/2011 18:41:56.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2005.1308 [GMT -2:00]

Executando de: c:\documents and settings\Aperte enter\Desktop\ComboFix.exe

AV: F-Secure Client Security 9.20 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

FW: F-Secure Client Security 9.20 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 204 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Admcsh\WINDOWS

c:\documents and settings\Administrador\WINDOWS

c:\documents and settings\All Users\Dados de aplicativos\TEMP

c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_ie_bb_setup.exe

c:\documents and settings\All Users\Dados de aplicativos\TEMP\gbplugin_mz_bb_setup.xpi

c:\documents and settings\Aperte enter\WINDOWS

c:\documents and settings\Tatiane\WINDOWS

c:\windows\CSC\d6

c:\windows\IsUn0416.exe

c:\windows\system32\resdll.dll

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-10-18 to 2011-11-18 ))))))))))))))))))))))))))))

.

.

2012-08-05 16:17 . 2012-08-05 16:17 -------- d-----w- c:\documents and settings\Aperte enter\Dados de aplicativos\Sonic

2012-08-05 16:15 . 2012-08-05 16:15 -------- d-----w- c:\documents and settings\Aperte enter\Dados de aplicativos\Leadertech

2012-08-05 14:03 . 2011-08-30 16:54 83304 ----a-w- c:\windows\system32\drivers\fsdfw.sys

2012-08-05 14:02 . 2012-08-05 14:10 -------- d-----w- c:\arquivos de programas\F-Secure

2011-11-18 18:14 . 2011-11-18 19:52 56200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{6B0E5B0F-B96F-49C5-BE26-F27587F6A27F}\offreg.dll

2011-11-18 18:13 . 2011-11-18 18:13 -------- d-----w- C:\_OTL

2011-11-18 18:02 . 2011-11-18 18:05 -------- d-----w- C:\Erunt

2011-11-18 14:23 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\{6B0E5B0F-B96F-49C5-BE26-F27587F6A27F}\mpengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-05 14:10 . 2009-11-26 12:51 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys

2011-10-10 14:22 . 2006-02-16 08:24 692736 ------w- c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2008-12-02 14:46 6668624 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2011-09-28 07:06 . 2006-02-16 12:08 605184 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 14:41 . 2008-07-29 22:59 613376 ------w- c:\windows\system32\uiautomationcore.dll

2011-09-26 14:41 . 2006-02-16 12:08 22016 ------w- c:\windows\system32\oleaccrc.dll

2011-09-26 14:41 . 2006-02-16 12:08 220160 ------w- c:\windows\system32\oleacc.dll

2011-09-06 14:10 . 2006-02-16 12:07 1859072 ------w- c:\windows\system32\win32k.sys

2011-11-10 12:55 . 2011-08-12 13:15 134104 ------w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMax"="c:\arquivos de programas\Analog Devices\SoundMAX\smax4.exe" [2007-04-03 839680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TVT Scheduler Proxy"="c:\arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"StatusClient"="c:\arquivos de programas\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]

"TomcatStartup"="c:\arquivos de programas\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"F-Secure Manager"="c:\arquivos de programas\F-Secure\Common\FSM32.EXE" [2011-08-30 303816]

"F-Secure TNB"="c:\arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" [2011-08-30 1655496]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2011-02-24 14:38 494880 ------w- c:\arquivos de programas\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"c:\\Arquivos de programas\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [26/11/2009 10:51 42672]

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [5/8/2012 12:03 83304]

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [9/9/2010 16:12 47008]

R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [9/9/2010 16:12 57120]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe [11/7/2007 20:38 569344]

R2 WinDefend;Windows Defender;c:\arquivos de programas\Windows Defender\MsMpEng.exe [3/11/2006 19:19 13592]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys [5/8/2012 12:03 149704]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/5/2007 15:59 30336]

S3 FSORSPClient;F-Secure ORSP Client;c:\arquivos de programas\F-Secure\ORSP Client\fsorsp.exe [5/8/2012 12:03 62152]

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-11-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\arquivos de programas\Windows Defender\MpCmdRun.exe [2006-11-03 21:20]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.ufrgs.br/ufrgs/

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 143.54.1.52 143.54.1.53

FF - ProfilePath - c:\documents and settings\Aperte enter\Dados de aplicativos\Mozilla\Firefox\Profiles\bi2tbzhv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.ufrgs.br/ufrgs/

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-18 18:44

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(960)

c:\arquivos de programas\GbPlugin\gbieh.dll

.

Tempo para conclusão: 2011-11-18 18:45:22

ComboFix-quarantined-files.txt 2011-11-18 20:45

ComboFix2.txt 2008-12-15 12:54

ComboFix3.txt 2008-12-05 17:59

ComboFix4.txt 2008-12-02 14:53

.

Pré-execução: 26 pasta(s) 110.552.268.800 bytes disponíveis

Pós execução: 28 pasta(s) 110.648.537.088 bytes disponíveis

.

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 1CEF33FE57737E76BAA678894405272B

[wings 22]

OK...o PC está limpo....:)

 

 

1.

*Clique [iniciar] > [Executar] > copie e cole:

 

c:\documents and settings\Aperte enter\Desktop\ComboFix.exe /uninstall

 

*Clique [OK], aguarde a mensagem "ComboFix está desinstalado" e clique [OK]

 

2.

*Delete a pasta C:\ERUNT

 

3.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

 

Um abraço.

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.