Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Skia

Problema vírus HIDDENEXT/Crypted e TR/Crypt.XPACK.Gen

Recommended Posts

Galera, entrei num site aqui e o meu Avira Antivir começou a bipar falando que esses vírus tavam no pc. Dei uma olhada por aí e vi que precisa fazer o log do HijackThis, então já to mandando. Quem puder ajudar, ajuda ae! Uso o Avira, se tiver algum melhor que vocês conheçam, pode falar também que vai ajudar muito.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:19:53, on 23/2/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\WinLogT.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\arquivos de programas\real\realplayer\update\realsched.exe

C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

C:\WINDOWS\system32\sistray.exe

C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\HijackThis\HiJackThis.exe

O1 - Hosts: 209.222.96.91 www2.bancobrasil.com.br

O1 - Hosts: 209.222.96.92 aapj.bb.com.br

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll

O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TkBellExe] "C:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdminSys] C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 8148 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Postes os logs de acordo com Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Desculpa pela demora, fiquei sem mexer no pc esses dias.

    Olha, de uma hora pra outra o Avira foi desinstalado e não quer instalar mais, dizendo que tem algo não permitindo que ele fosse instalado. Queria saber se tem algo a ver com os monte de svchost.exe que roda no gerenciador de tarefas, bem uns 8 acho. Tá aí o log atualizado. Bem grande por sinal, então não coloquei o do GMER porque ia ficar enorme.

    O Attach.txt:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-06-26.01)

    Microsoft Windows XP Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 31/5/2010 18:19:27

    System Uptime: 3/2/2011 22:30:46 (648 hours ago)

    Motherboard: clevo | | M540SS

    Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | uPGA 479M | 2167/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 149 GiB total, 76,318 GiB free.

    D: is CDROM ()

    E: is CDROM ()

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

    Description: Controlador USB (Universal Serial Bus)

    Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_08031558&REV_00\3&267A616A&0&1B

    Manufacturer:

    Name: Controlador USB (Universal Serial Bus)

    PNP Device ID: PCI\VEN_1039&DEV_7002&SUBSYS_08031558&REV_00\3&267A616A&0&1B

    Service:

    ==== System Restore Points ===================

    RP1: 27/2/2011 15:37:20 - Ponto de verificação do sistema

    RP2: 2/3/2011 17:27:42 - Ponto de verificação do sistema

    RP3: 2/3/2011 22:19:18 - Operação de restauração

    RP4: 2/3/2011 22:26:31 - Removed Quake Live Mozilla Plugin

    RP5: 2/3/2011 22:27:06 - Removed Zamzom Wireless

    ==== Installed Programs ======================

    1500

    1500_Help

    1500Trb

    abgx360 v1.0.4

    Adobe Bridge 1.0

    Adobe Common File Installer

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Help Center 1.0

    Adobe Photoshop CS2

    Adobe Shockwave Player 11.5

    Adobe Stock Photos 1.0

    Advanced SystemCare 3

    AiO_Scan

    AiOSoftware

    Arquivo do WinRAR

    Ashampoo Burning Studio 9.10

    Assistente de Conexão do Windows Live

    Atualização de Segurança para o Windows Media Player (KB2378111)

    Atualização de Segurança para o Windows Media Player (KB952069)

    Atualização de Segurança para o Windows Media Player (KB954155)

    Atualização de Segurança para o Windows Media Player (KB973540)

    Atualização de Segurança para o Windows Media Player (KB975558)

    Atualização de Segurança para o Windows Media Player (KB978695)

    Atualização de Segurança para o Windows Media Player 11 (KB954154)

    Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

    Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

    Atualização de Segurança para Windows XP (KB2079403)

    Atualização de Segurança para Windows XP (KB2115168)

    Atualização de Segurança para Windows XP (KB2121546)

    Atualização de Segurança para Windows XP (KB2160329)

    Atualização de Segurança para Windows XP (KB2183461)

    Atualização de Segurança para Windows XP (KB2229593)

    Atualização de Segurança para Windows XP (KB2259922)

    Atualização de Segurança para Windows XP (KB2279986)

    Atualização de Segurança para Windows XP (KB2286198)

    Atualização de Segurança para Windows XP (KB2296011)

    Atualização de Segurança para Windows XP (KB2296199)

    Atualização de Segurança para Windows XP (KB2347290)

    Atualização de Segurança para Windows XP (KB2360131)

    Atualização de Segurança para Windows XP (KB2360937)

    Atualização de Segurança para Windows XP (KB2387149)

    Atualização de Segurança para Windows XP (KB2393802)

    Atualização de Segurança para Windows XP (KB2419632)

    Atualização de Segurança para Windows XP (KB2423089)

    Atualização de Segurança para Windows XP (KB2436673)

    Atualização de Segurança para Windows XP (KB2440591)

    Atualização de Segurança para Windows XP (KB2443105)

    Atualização de Segurança para Windows XP (KB2476687)

    Atualização de Segurança para Windows XP (KB2478960)

    Atualização de Segurança para Windows XP (KB2478971)

    Atualização de Segurança para Windows XP (KB2479628)

    Atualização de Segurança para Windows XP (KB2483185)

    Atualização de Segurança para Windows XP (KB2485376)

    Atualização de Segurança para Windows XP (KB923561)

    Atualização de Segurança para Windows XP (KB941569)

    Atualização de Segurança para Windows XP (KB950760)

    Atualização de Segurança para Windows XP (KB950762)

    Atualização de Segurança para Windows XP (KB950974)

    Atualização de Segurança para Windows XP (KB951376-v2)

    Atualização de Segurança para Windows XP (KB951748)

    Atualização de Segurança para Windows XP (KB952004)

    Atualização de Segurança para Windows XP (KB952954)

    Atualização de Segurança para Windows XP (KB954459)

    Atualização de Segurança para Windows XP (KB955069)

    Atualização de Segurança para Windows XP (KB956572)

    Atualização de Segurança para Windows XP (KB956744)

    Atualização de Segurança para Windows XP (KB956802)

    Atualização de Segurança para Windows XP (KB956803)

    Atualização de Segurança para Windows XP (KB956844)

    Atualização de Segurança para Windows XP (KB958644)

    Atualização de Segurança para Windows XP (KB958869)

    Atualização de Segurança para Windows XP (KB959426)

    Atualização de Segurança para Windows XP (KB960225)

    Atualização de Segurança para Windows XP (KB960803)

    Atualização de Segurança para Windows XP (KB960859)

    Atualização de Segurança para Windows XP (KB961501)

    Atualização de Segurança para Windows XP (KB969059)

    Atualização de Segurança para Windows XP (KB970238)

    Atualização de Segurança para Windows XP (KB970430)

    Atualização de Segurança para Windows XP (KB971468)

    Atualização de Segurança para Windows XP (KB971657)

    Atualização de Segurança para Windows XP (KB971961)

    Atualização de Segurança para Windows XP (KB972270)

    Atualização de Segurança para Windows XP (KB973507)

    Atualização de Segurança para Windows XP (KB973869)

    Atualização de Segurança para Windows XP (KB973904)

    Atualização de Segurança para Windows XP (KB974112)

    Atualização de Segurança para Windows XP (KB974318)

    Atualização de Segurança para Windows XP (KB974392)

    Atualização de Segurança para Windows XP (KB974571)

    Atualização de Segurança para Windows XP (KB975025)

    Atualização de Segurança para Windows XP (KB975467)

    Atualização de Segurança para Windows XP (KB975560)

    Atualização de Segurança para Windows XP (KB975561)

    Atualização de Segurança para Windows XP (KB975562)

    Atualização de Segurança para Windows XP (KB975713)

    Atualização de Segurança para Windows XP (KB977816)

    Atualização de Segurança para Windows XP (KB977914)

    Atualização de Segurança para Windows XP (KB978037)

    Atualização de Segurança para Windows XP (KB978338)

    Atualização de Segurança para Windows XP (KB978542)

    Atualização de Segurança para Windows XP (KB978601)

    Atualização de Segurança para Windows XP (KB978706)

    Atualização de Segurança para Windows XP (KB979309)

    Atualização de Segurança para Windows XP (KB979482)

    Atualização de Segurança para Windows XP (KB979559)

    Atualização de Segurança para Windows XP (KB979683)

    Atualização de Segurança para Windows XP (KB979687)

    Atualização de Segurança para Windows XP (KB980195)

    Atualização de Segurança para Windows XP (KB980218)

    Atualização de Segurança para Windows XP (KB980232)

    Atualização de Segurança para Windows XP (KB980436)

    Atualização de Segurança para Windows XP (KB981322)

    Atualização de Segurança para Windows XP (KB981349)

    Atualização de Segurança para Windows XP (KB981852)

    Atualização de Segurança para Windows XP (KB981957)

    Atualização de Segurança para Windows XP (KB981997)

    Atualização de Segurança para Windows XP (KB982132)

    Atualização de Segurança para Windows XP (KB982214)

    Atualização de Segurança para Windows XP (KB982381)

    Atualização de Segurança para Windows XP (KB982665)

    Atualização de Segurança para Windows XP (KB982802)

    Atualização para Windows XP (KB2141007)

    Atualização para Windows XP (KB2345886)

    Atualização para Windows XP (KB2467659)

    Atualização para Windows XP (KB898461)

    Atualização para Windows XP (KB951978)

    Atualização para Windows XP (KB955759)

    Atualização para Windows XP (KB961503)

    Atualização para Windows XP (KB967715)

    Atualização para Windows XP (KB968389)

    Atualização para Windows XP (KB971737)

    Atualização para Windows XP (KB973687)

    Atualização para Windows XP (KB973815)

    BufferChm

    CCleaner

    ConvertXtoDVD 4.0.10.324

    Counter-Strike CP

    CP_Package_Variety1

    CP_Package_Variety2

    CP_Package_Variety3

    Destinations

    DeviceManagementQFolder

    DocProc

    eSupportQFolder

    Fax

    Ferramenta de Carregamento do Windows Live

    FormatFactory 2.30

    Foxit Reader

    FrostWire 4.21.3

    Game Booster

    Garena 2010

    Google Chrome

    Google Update Helper

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows XP (KB954550-v5)

    Hotfix para o Windows Media Player 11 (KB939683)

    Hotfix para Windows XP (KB2158563)

    Hotfix para Windows XP (KB2443685)

    Hotfix para Windows XP (KB952287)

    Hotfix para Windows XP (KB961118)

    Hotfix para Windows XP (KB981793)

    HP Image Zone Express

    HP Imaging Device Functions 5.3

    HP PSC & OfficeJet 5.3.B

    HP Software Update

    HP Solution Center & Imaging Support Tools 5.3

    HPProductAssistant

    Java Auto Updater

    Java 6 Update 18

    JMicron Flash Media Controller Driver

    Megacubo 7.8.9

    Messenger Plus! Live

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Security Update (KB2416447)

    Microsoft .NET Framework 2.0 Service Pack 2

    Microsoft .NET Framework 3.0 Service Pack 2

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Office Professional Edição 2003

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft XNA Framework Redistributable 3.1

    Mozilla Firefox (3.6.13)

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML4 Parser

    NewCopy

    Orbit Downloader

    Pacote de Compatibilidade para o sistema Office 2007

    Pando Media Booster

    ProductContext

    QuickStores-Toolbar 1.0.0

    Readme

    Real Alternative 2.0.2

    RealNetworks - Microsoft Visual C++ 2008 Runtime

    RealPlayer

    Realtek High Definition Audio Driver

    REALTEK RTL8187 Wireless LAN Driver and Utility

    RealUpgrade 1.1

    San Andreas Mod Installer

    Scan

    ScannerCopy

    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

    Segoe UI

    Seven Remix XP 2.4

    SiS VGA Utilities

    SiSAGP driver

    SolutionCenter

    Sony LCD Driver 1.3.0.0 For Windows XP

    SpeederXP 1.60

    Status

    sXe Injected

    Synaptics Pointing Device Driver

    System Requirements Lab CYRI

    TortoiseSVN 1.6.10.19898 (32 bit)

    TOSHIBA SM56 Data Fax Modem

    TOSHIBA V.92 MoH Application

    Total Immersion D'Fusion @Home Web Plug-In

    TrayApp

    Unity Web Player

    Unload

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Vegas Pro 9.0

    WebFldrs XP

    WebReg

    Windows Genuine Advantage Notifications (KB905474)

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Messenger

    Windows Media Format 11 runtime

    Windows Media Player 11

    Windows XP Service Pack 3

    WinPcap 4.1.1

    XP Codec Pack

    ==== End Of File ===========================

    O DDS.txt:

    DDS (Ver_09-06-26.01) - NTFSx86

    Run by Rafael at 22:49:55,48 on qua 02/03/2011

    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18

    Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.893.401 [GMT -3:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    svchost.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    C:\WINDOWS\System32\svchost.exe -k imgsvc

    C:\WINDOWS\System32\wbem\wmiapsrv.exe

    C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    C:\WINDOWS\WinLogT.exe

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

    C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

    C:\arquivos de programas\real\realplayer\update\realsched.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\SysUtlis.exe

    C:\Documents and Settings\All Users\Dados de aplicativos\Systhree.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

    C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

    C:\WINDOWS\system32\sistray.exe

    C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

    C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

    C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Rafael\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

    BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\arquivos de programas\orbitdownloader\GrabPro.dll

    TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll

    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

    mRun: [WinLogT] c:\windows\WinLogT.exe

    mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

    mRun: [synTPStart] c:\arquivos de programas\synaptics\syntp\SynTPStart.exe

    mRun: [sMSERIAL] c:\arquivos de programas\motorola\smserial\sm56hlpr.exe

    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    mRun: [TkBellExe] "c:\arquivos de programas\real\realplayer\update\realsched.exe" -osboot

    mRun: [sysUtlis.exe] c:\documents and settings\all users\dados de aplicativos\SysUtlis.exe

    mRun: [explorer] c:\documents and settings\all users\dados de aplicativos\Systhree.exe

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\orbit.lnk - c:\arquivos de programas\orbitdownloader\orbitdm.exe

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\realte~1.lnk - c:\arquivos de programas\realtek rtl8187 wireless lan driver and utility\RtWLan.exe

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\utilit~1.lnk - c:\windows\system32\sistray.exe

    IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

    IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

    IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

    IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~3\office11\EXCEL.EXE/3000

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~3\office11\REFIEBAR.DLL

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\rafael\dadosd~1\mozilla\firefox\profiles\t1mituak.default\

    FF - prefs.js: network.proxy.type - 0

    FF - component: c:\arquivos de programas\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll

    FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

    FF - component: c:\documents and settings\all users\dados de aplicativos\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

    FF - component: c:\documents and settings\rafael\dados de aplicativos\mozilla\firefox\profiles\t1mituak.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886d}\components\GbMzhCef.dll

    FF - plugin: c:\arquivos de programas\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdeploytk.dll

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NPDFusionWebFirefox.dll

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npFoxitReaderPlugin.dll

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\NPOFFICE.DLL

    FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npyaxmpb.dll

    FF - plugin: c:\arquivos de programas\pando networks\media booster\npPandoWebPlugin.dll

    FF - plugin: c:\arquivos de programas\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll

    FF - plugin: c:\documents and settings\all users\dados de aplicativos\id software\quakelive\npquakezero.dll

    FF - plugin: c:\documents and settings\rafael\configuraã§ãµes locais\dados de aplicativos\google\update\1.2.183.39\npGoogleOneClick8.dll

    FF - plugin: c:\documents and settings\rafael\configuraã§ãµes locais\dados de aplicativos\unity\webplayer\loader\npUnity3D32.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("media.enforce_same_site_origin", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("media.cache_size", 51200);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("media.ogg.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("media.wave.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("media.autoplay.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("dom.storage.default_quota", 5120);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4f16a", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgba3a4fra", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.proxy.type", 5);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("layout.css.dpi", -1);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("geo.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\arquivos de programas\mozilla firefox 4.0 beta 8\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 ActUsb;ActUsb;c:\windows\system32\drivers\actusb.sys [2010-12-20 17408]

    R1 avgio;avgio;\??\c:\arquivos de programas\avira\antivir desktop\avgio.sys --> c:\arquivos de programas\avira\antivir desktop\avgio.sys [?]

    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-4 56816]

    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-6-2 129136]

    S2 AntiVirSchedulerService;Avira AntiVir Programador;c:\arquivos de programas\avira\antivir desktop\sched.exe []

    S2 AntiVirService;Avira AntiVir Guard;"c:\arquivos de programas\avira\antivir desktop\avguard.exe" --> c:\arquivos de programas\avira\antivir desktop\avguard.exe [?]

    S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-8-7 136176]

    S2 mpbjrolce;Manager Installer;c:\windows\system32\svchost.exe -k netsvcs [2001-10-28 14336]

    S2 Roozz Helper;Roozz Helper;"c:\arquivos de programas\roozz\roozzhelper.exe" --> c:\arquivos de programas\roozz\RoozzHelper.exe [?]

    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-6-2 1691480]

    S3 apf001;apf001;\??\c:\game\softnyxgame\gunboundps\apf001.sys --> c:\game\softnyxgame\gunboundps\apf001.sys [?]

    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\garena\safedrv.sys --> c:\arquivos de programas\garena\safedrv.sys [?]

    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]

    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 342784]

    S3 VELASCO;VELASCO;\??\c:\windows\system32\velasco.sys --> c:\windows\system32\velasco.sys [?]

    =============== Created Last 30 ================

    2011-03-02 22:32 0 a------- C:\icoA6.tmp

    2011-03-02 22:24 0 a------- C:\icoA5.tmp

    2011-03-02 22:20 <DIR> --d----- c:\windows\system32\wbem\Repository

    2011-03-02 14:44 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll

    2011-03-02 14:44 21,504 a------- c:\windows\system32\hidserv.dll

    2011-03-02 14:43 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys

    2011-03-02 14:43 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys

    2011-03-02 14:38 0 a------- C:\icoA4.tmp

    2011-03-02 06:28 0 a------- C:\icoA3.tmp

    2011-03-01 18:27 <DIR> --d----- c:\arquivos de programas\Songr

    2011-03-01 14:26 0 a------- C:\icoA2.tmp

    2011-03-01 12:32 0 a------- C:\icoA1.tmp

    2011-02-28 14:22 0 a------- C:\icoA0.tmp

    2011-02-28 10:37 0 a------- C:\ico9F.tmp

    2011-02-27 17:16 0 a------- C:\ico9E.tmp

    2011-02-27 15:39 0 a------- C:\ico9D.tmp

    2011-02-27 15:38 0 a------- C:\ico9B.tmp

    2011-02-27 09:28 0 a------- C:\ico9A.tmp

    2011-02-26 16:11 0 a------- C:\ico99.tmp

    2011-02-26 16:09 0 a------- C:\ico98.tmp

    2011-02-26 10:37 <DIR> --d----- c:\arquivos de programas\Roozz

    2011-02-26 10:30 <DIR> --d----- c:\docume~1\rafael\dadosd~1\id Software

    2011-02-26 08:51 0 a------- C:\ico97.tmp

    2011-02-25 14:23 0 a------- C:\ico96.tmp

    2011-02-25 10:23 0 a------- C:\ico94.tmp

    2011-02-24 22:33 0 a------- C:\ico93.tmp

    2011-02-24 18:51 0 a------- C:\ico92.tmp

    2011-02-24 10:38 0 a------- C:\ico91.tmp

    2011-02-24 06:17 0 a------- C:\ico90.tmp

    2011-02-23 22:02 0 a------- C:\ico8F.tmp

    2011-02-23 22:01 1,346,411 a------- c:\docume~1\alluse~1\dadosd~1\Systhree.exe

    2011-02-23 22:01 1,095,168 ---sh--- c:\docume~1\alluse~1\dadosd~1\SysUtlis.exe

    2011-02-23 20:33 0 a------- C:\ico1C8.tmp

    2011-02-23 19:39 <DIR> --d----- c:\docume~1\rafael\dadosd~1\TightVNC

    2011-02-23 14:52 0 a------- C:\icoEB.tmp

    2011-02-23 14:21 328 a------- c:\docume~1\alluse~1\dadosd~1\.bat

    2011-02-23 14:13 3,342 a------- c:\docume~1\alluse~1\dadosd~1\Sysfour.exe

    2011-02-23 14:11 0 a------- C:\ico8E.tmp

    2011-02-23 12:00 0 a------- C:\ico8D.tmp

    2011-02-22 21:40 0 a------- C:\ico8C.tmp

    2011-02-22 21:10 87,552 a------- c:\windows\system32\VACFix.exe

    2011-02-22 21:10 82,944 a------- c:\windows\system32\IEDFix.exe

    2011-02-22 21:10 82,944 a------- c:\windows\system32\IEDFix.C.exe

    2011-02-22 21:10 82,432 a------- c:\windows\system32\404Fix.exe

    2011-02-22 21:10 80,384 a------- c:\windows\system32\o4Patch.exe

    2011-02-22 21:10 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe

    2011-02-22 21:10 75,776 a------- c:\windows\system32\WS2Fix.exe

    2011-02-22 21:10 0 a------- C:\ico8B.tmp

    2011-02-22 21:09 289,144 a------- c:\windows\system32\VCCLSID.exe

    2011-02-22 21:09 79,360 a------- c:\windows\system32\swxcacls.exe

    2011-02-22 21:09 51,200 a------- c:\windows\system32\dumphive.exe

    2011-02-22 21:09 288,417 a------- c:\windows\system32\SrchSTS.exe

    2011-02-22 21:09 135,168 a------- c:\windows\system32\swreg.exe

    2011-02-22 21:09 53,248 a------- c:\windows\system32\Process.exe

    2011-02-22 20:48 3,342 a------- c:\docume~1\alluse~1\dadosd~1\Sysfive.exe

    2011-02-22 20:42 85,504 a------- c:\docume~1\alluse~1\dadosd~1\Winapdonw.exe

    2011-02-22 14:59 664 a------- c:\windows\system32\d3d9caps.dat

    2011-02-22 14:34 0 a------- C:\ico8A.tmp

    2011-02-21 17:10 <DIR> --d----- c:\arquivos de programas\Duty Calls

    2011-02-21 17:08 527,192 a------- c:\windows\system32\XAudio2_7.dll

    2011-02-21 17:08 74,072 a------- c:\windows\system32\XAPOFX1_5.dll

    2011-02-21 17:08 239,960 a------- c:\windows\system32\xactengine3_7.dll

    2011-02-21 17:08 2,106,216 a------- c:\windows\system32\D3DCompiler_43.dll

    2011-02-21 17:08 1,868,128 a------- c:\windows\system32\d3dcsx_43.dll

    2011-02-21 17:08 470,880 a------- c:\windows\system32\d3dx10_43.dll

    2011-02-21 17:08 248,672 a------- c:\windows\system32\d3dx11_43.dll

    2011-02-21 17:08 1,998,168 a------- c:\windows\system32\D3DX9_43.dll

    2011-02-21 17:08 528,216 a------- c:\windows\system32\XAudio2_6.dll

    2011-02-21 17:08 238,936 a------- c:\windows\system32\xactengine3_6.dll

    2011-02-21 17:08 74,072 a------- c:\windows\system32\XAPOFX1_4.dll

    2011-02-21 17:08 22,360 a------- c:\windows\system32\X3DAudio1_7.dll

    2011-02-21 14:15 0 a------- C:\ico89.tmp

    2011-02-21 10:21 0 a------- C:\ico88.tmp

    2011-02-20 16:03 0 a------- C:\ico87.tmp

    2011-02-20 10:13 0 a------- C:\ico86.tmp

    2011-02-19 07:20 0 a------- C:\ico81.tmp

    2011-02-18 13:16 0 a------- C:\ico80.tmp

    2011-02-18 09:36 0 a------- C:\ico7E.tmp

    2011-02-18 05:42 0 a------- C:\ico7D.tmp

    2011-02-17 17:28 0 a------- C:\ico7C.tmp

    2011-02-17 05:32 0 a------- C:\ico7B.tmp

    2011-02-16 14:56 0 a------- C:\ico7A.tmp

    2011-02-15 20:09 0 a------- C:\ico79.tmp

    2011-02-14 20:13 <DIR> --d----- c:\arquivos de programas\MSECache

    2011-02-14 16:18 112,187 a------- c:\windows\hpoins07.dat

    2011-02-14 16:18 21,124 -------- c:\windows\hpomdl07.dat

    2011-02-14 15:27 112,187 -------- c:\windows\hpoins07.dat.temp

    2011-02-14 15:27 21,124 -------- c:\windows\hpomdl07.dat.temp

    2011-02-14 14:28 0 a------- C:\ico78.tmp

    2011-02-14 09:35 0 a------- C:\ico77.tmp

    2011-02-14 05:56 0 a------- C:\ico76.tmp

    2011-02-13 18:54 0 a------- C:\ico74.tmp

    2011-02-13 15:00 0 a------- C:\ico73.tmp

    2011-02-12 14:50 0 a------- C:\ico18C.tmp

    2011-02-12 09:20 0 a------- C:\ico72.tmp

    2011-02-12 00:12 0 a------- C:\ico370.tmp

    2011-02-11 19:30 0 a------- C:\icoDA.tmp

    2011-02-11 17:41 0 a------- C:\ico71.tmp

    2011-02-11 09:41 0 a------- C:\ico70.tmp

    2011-02-10 17:48 0 a------- C:\ico6F.tmp

    2011-02-09 17:53 0 a------- C:\icoCA.tmp

    2011-02-09 15:28 0 a------- C:\ico6E.tmp

    2011-02-09 05:41 0 a------- C:\ico6D.tmp

    2011-02-08 12:38 0 a------- C:\ico6C.tmp

    2011-02-07 19:00 0 a------- C:\icoF7.tmp

    2011-02-07 15:52 0 a------- C:\ico6B.tmp

    2011-02-07 15:42 <DIR> --d----- C:\Intel

    2011-02-07 15:38 0 a------- C:\ico123.tmp

    2011-02-07 12:34 0 a------- C:\ico6A.tmp

    2011-02-07 05:46 0 a------- C:\ico69.tmp

    2011-02-06 22:04 1,777,664 a------- c:\windows\system32\gdiplus.dll

    2011-02-06 14:51 <DIR> --d----- c:\arquivos de programas\Megacubo

    2011-02-06 14:10 <DIR> --d----- c:\documents and settings\rafael\Camera Mouse

    2011-02-06 13:44 0 a------- C:\ico67.tmp

    2011-02-06 10:36 86,016 a------- c:\windows\unvise32.exe

    2011-02-06 08:27 0 a------- C:\ico66.tmp

    2011-02-05 23:08 <DIR> --d----- c:\arquivos de programas\sXe Injected

    2011-02-05 23:07 0 a------- C:\ico437.tmp

    2011-02-05 09:09 0 a------- C:\icoC9.tmp

    2011-02-05 08:33 0 a------- C:\ico65.tmp

    2011-02-04 22:11 0 a------- C:\ico64.tmp

    2011-02-04 18:02 0 a------- C:\ico134.tmp

    2011-02-04 16:43 0 a------- C:\icoC8.tmp

    2011-02-04 16:37 0 a------- C:\ico9C.tmp

    2011-02-04 16:19 0 a------- C:\ico82.tmp

    2011-02-04 16:07 0 a------- C:\ico63.tmp

    2011-02-04 05:11 <DIR> --d----- c:\arquivos de programas\Cryptic Studios

    2011-02-03 12:30 0 a------- C:\ico62.tmp

    2011-02-02 12:19 0 a------- C:\ico61.tmp

    2011-02-01 09:26 0 a------- C:\ico60.tmp

    ==================== Find3M ====================

    2011-03-02 22:43 2,878 a------- c:\windows\system32\tmp.reg

    2011-02-22 21:09 477,028 a------- c:\windows\system32\perfh016.dat

    2011-02-22 21:09 83,128 a------- c:\windows\system32\perfc016.dat

    2011-01-27 11:54 12,920 a------- c:\windows\system32\apl001.sys

    2011-01-27 11:54 10,872 a------- c:\windows\system32\apf001.sys

    2011-01-21 11:44 440,832 a------- c:\windows\system32\shimgvw.dll

    2011-01-21 08:20 348,160 a------- c:\windows\system32\msvcr71.dll

    2011-01-21 08:20 499,712 a------- c:\windows\system32\msvcp71.dll

    2011-01-07 11:09 290,048 a------- c:\windows\system32\atmfd.dll

    2011-01-03 20:56 691,696 a------- c:\windows\system32\drivers\sptd.sys

    2010-12-31 11:03 1,855,104 a------- c:\windows\system32\win32k.sys

    2010-12-22 09:34 301,568 a------- c:\windows\system32\kerberos.dll

    2010-12-20 14:25 732,672 a------- c:\windows\system32\lsasrv.dll

    2010-12-09 12:15 734,208 a------- c:\windows\system32\ntdll.dll

    2010-12-09 12:13 2,031,104 a------- c:\windows\system32\ntkrnlpa.exe

    2010-12-09 12:13 2,152,960 a------- c:\windows\system32\ntoskrnl.exe

    2010-12-09 11:29 33,280 a------- c:\windows\system32\csrsrv.dll

    2010-07-17 16:19 109,378,686 a------- c:\docume~1\rafael\dadosd~1\3D Sexvilla 2.058.002 OxS!®.exe

    2010-06-02 18:20 87,608 a------- c:\docume~1\rafael\dadosd~1\inst.exe

    2010-06-02 18:20 47,360 a------- c:\docume~1\rafael\dadosd~1\pcouffin.sys

    2009-03-21 11:08 162,155 a--shr-- c:\windows\system32\irctol.dll

    ============= FINISH: 22:50:24,50 ===============

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro(a) Skia

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

    Por favor, atente para o seguinte:

    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    • Sempre coloque suas respostas neste tópico... Não abra outro!
    • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    # Etapa nº 2 #

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O log do Malware Bytes deu certo, mas o ComboFix fica carregando um tempão e depois o pc trava e fica tudo preto. Vou tentando, enquanto isso coloco o do Malware Bytes.

    Malwarebytes' Anti-Malware 1.50.1.1100

    www.malwarebytes.org

    Versão da Base de Dados: 5964

    Windows 5.1.2600 Service Pack 3

    Internet Explorer 6.0.2900.5512

    5/3/2011 12:54:57

    mbam-log-2011-03-05 (12-54-57).txt

    Tipo de Verificação: Verificação Rápida

    Objetos escaneados: 179168

    Tempo decorrido: 3 minuto(s), 37 segundo(s)

    Processos de Memória Infectados: 1

    Módulos de Memória Infectados: 0

    Chaves de Registro Infectadas: 1

    Valores de Registro Infectados: 2

    Itens de Dados no Registro Infectados: 1

    Pastas Infectadas: 0

    Arquivos Infectados: 6

    Processos de Memória Infectados:

    c:\documents and settings\all users\dados de aplicativos\Systhree.exe (Spyware.Banker) -> 2652 -> Unloaded process successfully.

    Módulos de Memória Infectados:

    (Não foram detectados ítens maliciosos)

    Chaves de Registro Infectadas:

    HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

    Valores de Registro Infectados:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Spyware.Banker) -> Value: explorer -> Quarantined and deleted successfully.

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysUtlis.exe (Trojan.Banker) -> Value: SysUtlis.exe -> Quarantined and deleted successfully.

    Itens de Dados no Registro Infectados:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

    Pastas Infectadas:

    (Não foram detectados ítens maliciosos)

    Arquivos Infectados:

    c:\documents and settings\all users\dados de aplicativos\Systhree.exe (Spyware.Banker) -> Quarantined and deleted successfully.

    c:\documents and settings\all users\dados de aplicativos\SysUtlis.exe (Trojan.Banker) -> Quarantined and deleted successfully.

    c:\documents and settings\Rafael\meus documentos\downloads\install_flash_player.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\calc.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

    c:\WINDOWS\system32\irctol.dll (Worm.Conficker) -> Delete on reboot.

    c:\documents and settings\all users\dados de aplicativos\dkwork.ini (Malware.Trace) -> Quarantined and deleted successfully.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Skia

    Faça o donwload do OTL by OldTimer e salve em seu Desktop.

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Deixe a tela principal configurada conforme figura abaixo:

    5369448421_6bf795eb1a_b.jpg

    • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dl
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    /md5stop

    • Clique no botão 5370056362_e3d07d5d8a_m.jpg
    • Não interrompa o scan em hipótese alguma;
    • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
    • Reinicie o computador;
    • Poste os dois logs em sua próxima resposta.
    • Não exclua o OTL

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não estou conseguindo mandar o log, eu vou em responder, copio o log e quando clico pra enviar, o navegador fica carregando e depois fala que deu falha. Tá dando um monte de problema no pc, algumas ações não estão funcionando 100%. O que eu faço?

    De vez em quando não dá pra arrastar um arquivo pra outra pasta, tenho que abrir fotos pelo abrir com, e outros problemas. Já tentei mandar o log pela resposta rápida, mas também não dá. Espero que alguém saiba me ajudar.

    Editado por Skia
    Complementar

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o Log do OTL.txt:

    OTL logfile created on: 6/3/2011 16:14:14 - Run 1

    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Rafael\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.5512)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    893,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 65,00% Memory free

    10,00 Gb Paging File | 9,00 Gb Available in Paging File | 97,00% Paging File free

    Paging file location(s): C:\pagefile.sys 9000 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 149,05 Gb Total Space | 78,12 Gb Free Space | 52,41% Space Free | Partition Type: NTFS

    Computer Name: RAFA | User Name: Rafael | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    PRC - [2011/01/21 08:20:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe

    PRC - [2010/12/01 16:19:54 | 001,835,106 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    PRC - [2010/12/01 16:17:20 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    PRC - [2010/10/22 09:05:14 | 000,467,224 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1159615.exe

    PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    PRC - [2010/05/14 16:20:32 | 000,175,888 | ---- | M] () -- C:\Arquivos de programas\IObit\Game Booster\gbtray.exe

    PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jucheck.exe

    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    PRC - [2008/06/27 14:54:12 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe

    PRC - [2008/04/13 19:21:00 | 001,542,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2008/02/21 19:23:38 | 001,216,512 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

    PRC - [2007/08/17 18:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

    PRC - [2006/08/01 08:19:10 | 000,737,280 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

    PRC - [2006/03/30 15:45:12 | 000,500,224 | ---- | M] (LightComm) -- C:\WINDOWS\WinLogT.exe

    PRC - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

    PRC - [2000/02/20 22:06:26 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\SolarWinds.scr

    ========== Modules (SafeList) ==========

    MOD - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    MOD - [2011/01/21 08:21:22 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Roozz Helper)

    SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

    SRV - File not found [Auto | Stopped] -- -- (AntiVirService)

    SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2010/11/03 18:02:04 | 004,294,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

    SRV - [2010/06/08 19:28:35 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

    SRV - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Running] -- -- (avgio)

    DRV - [2011/01/03 20:56:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/12/20 21:21:03 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ActUsb.sys -- (ActUsb)

    DRV - [2010/03/31 05:58:48 | 000,342,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)

    DRV - [2010/03/26 18:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

    DRV - [2009/12/17 17:40:00 | 000,129,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

    DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

    DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

    DRV - [2008/06/27 15:19:22 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

    DRV - [2008/06/27 14:57:48 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

    DRV - [2008/03/03 12:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

    DRV - [2008/02/21 19:29:00 | 001,092,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

    DRV - [2006/06/15 23:04:38 | 000,035,712 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

    DRV - [2005/07/08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)

    DRV - [2005/01/03 12:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

    DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minilua.com/

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

    FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5

    FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

    FF - prefs.js..extensions.enabledItems: {9C9D73AE-33F5-4352-BE72-454D29416872}:0.4.4.2

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Arquivos de programas\AutocompletePro\support@predictad.com

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/21 08:21:23 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\components [2011/01/21 08:21:12 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\plugins [2011/03/05 18:09:26 | 000,000,000 | ---D | M]

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

    [2011/03/02 22:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions

    [2010/07/05 19:06:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2010/12/28 17:29:31 | 000,000,000 | ---D | M] ("Adicional de segurança CAIXA®") -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

    [2011/02/12 19:39:23 | 000,000,000 | ---D | M] (ul.timate.info) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{9C9D73AE-33F5-4352-BE72-454D29416872}

    [2010/06/02 13:14:10 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\firebug@software.joehewitt.com

    [2010/12/27 21:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

    [2010/06/22 21:17:29 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Arquivos de programas\Mozilla Firefox\extensions\quickstores@quickstores.de

    [2010/06/09 21:07:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\ARQUIVOS DE PROGRAMAS\JAVA\JRE6\LIB\DEPLOY\JQS\FF

    [2010/12/13 07:50:18 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\ARQUIVOS DE PROGRAMAS\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER

    [2011/01/21 08:21:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

    [2010/03/03 19:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

    [2010/06/20 12:44:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    [2007/03/09 20:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2011/03/06 09:11:14 | 000,000,067 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

    O1 - Hosts: 209.222.96.91 www2.bancobrasil.com.br

    O1 - Hosts: 209.222.96.92 aapj.bb.com.br

    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O4 - HKLM..\Run: [KernelFaultCheck] File not found

    O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

    O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

    O4 - HKLM..\Run: [TkBellExe] C:\arquivos de programas\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

    O4 - HKLM..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe (LightComm)

    O4 - HKU\S-1-5-21-448539723-2147096177-839522115-1003..\RunOnce: [shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1159615.exe (Adobe Systems, Inc.)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

    O4 - Startup: C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk = File not found

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll (Installation Support)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O24 - Desktop WallPaper: C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2010/05/31 18:17:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O33 - MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\Shell - "" = AutoRun

    O33 - MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe

    O33 - MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\Shell - "" = AutoRun

    O33 - MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

    O33 - MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe

    O33 - MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe

    O33 - MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe

    O33 - MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe

    O33 - MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe

    O33 - MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe

    O33 - MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\Shell - "" = AutoRun

    O33 - MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe

    O33 - MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\Shell - "" = AutoRun

    O33 - MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found

    NetSvcs: Ias - File not found

    NetSvcs: Iprip - File not found

    NetSvcs: Irmon - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: mpbjrolce - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Orbit.lnk - C:\Arquivos de programas\Orbitdownloader\orbitdm.exe - (Orbitdownloader.com)

    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^REALTEK RTL8187B Wireless LAN Utility.lnk - - File not found

    MsConfig - StartUpFolder: C:^Documents and Settings^Rafael^Menu Iniciar^Programas^Inicializar^Adobe Gamma.lnk - C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)

    MsConfig - StartUpFolder: C:^Documents and Settings^Rafael^Menu Iniciar^Programas^Inicializar^LimeWire On Startup.lnk - - File not found

    MsConfig - StartUpReg: Advanced SystemCare 3 - hkey= - key= - C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe (IObit)

    MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

    MsConfig - StartUpReg: DriverScanner - hkey= - key= - File not found

    MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.)

    MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)

    MsConfig - State: "system.ini" - 0

    MsConfig - State: "win.ini" - 0

    MsConfig - State: "bootini" - 0

    MsConfig - State: "services" - 0

    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group

    SafeBootMin: Boot Bus estender - Driver Group

    SafeBootMin: Boot file system - Driver Group

    SafeBootMin: File system - Driver Group

    SafeBootMin: Filter - Driver Group

    SafeBootMin: PCI Configuration - Driver Group

    SafeBootMin: PEVSystemStart - File not found

    SafeBootMin: PNP Filter - Driver Group

    SafeBootMin: Primary disk - Driver Group

    SafeBootMin: procexp90.Sys - Driver

    SafeBootMin: SCSI Class - Driver Group

    SafeBootMin: sermouse.sys - Driver

    SafeBootMin: System Bus estender - Driver Group

    SafeBootMin: vds - Service

    SafeBootMin: vga.sys - Driver

    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group

    SafeBootNet: Boot Bus estender - Driver Group

    SafeBootNet: Boot file system - Driver Group

    SafeBootNet: File system - Driver Group

    SafeBootNet: Filter - Driver Group

    SafeBootNet: NDIS Wrapper - Driver Group

    SafeBootNet: NetBIOSGroup - Driver Group

    SafeBootNet: NetDDEGroup - Driver Group

    SafeBootNet: Network - Driver Group

    SafeBootNet: NetworkProvider - Driver Group

    SafeBootNet: PCI Configuration - Driver Group

    SafeBootNet: PEVSystemStart - File not found

    SafeBootNet: PNP Filter - Driver Group

    SafeBootNet: PNP_TDI - Driver Group

    SafeBootNet: Primary disk - Driver Group

    SafeBootNet: procexp90.Sys - Driver

    SafeBootNet: SCSI Class - Driver Group

    SafeBootNet: sermouse.sys - Driver

    SafeBootNet: Streams Drivers - Driver Group

    SafeBootNet: System Bus estender - Driver Group

    SafeBootNet: TDI - Driver Group

    SafeBootNet: UploadMgr - Service

    SafeBootNet: vga.sys - Driver

    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML)

    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

    ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4

    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4

    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

    ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

    ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Pacote para navegação off-line

    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Ajuda do Internet Explorer

    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Ferramentas da Instalação do Internet Explorer

    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Recursos de navegação

    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Acesso ao site da MSN

    ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web

    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    ActiveX: {844F1F5B-CC92-1557-DD2E-18BAE827DE17} - Outlook Express

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Ligação de dados de HTML dinâmico

    ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Fontes principais do Microsoft Internet Explorer

    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Ajuda HTML

    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()

    Drivers32: msacm.iac2 - C:\\WINDOWS\\system32\\iac25_32.ax ()

    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

    Drivers32: msacm.voxacm160 - vct3216.acm File not found

    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

    Drivers32: vidc.DIVX - DivX.dll File not found

    Drivers32: VIDC.DRAW - DVIDEO.DLL File not found

    Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()

    Drivers32: VIDC.FPS1 - frapsvid.dll File not found

    Drivers32: VIDC.I420 - i420vfw.dll File not found

    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    Drivers32: vidc.mp42 - MPG4C32.dll File not found

    Drivers32: VIDC.MSUD - msulvc05.dll File not found

    Drivers32: VIDC.VP40 - vp4vfw.dll File not found

    Drivers32: vidc.VP60 - vp6vfw.dll File not found

    Drivers32: vidc.VP61 - vp6vfw.dll File not found

    Drivers32: vidc.VP62 - vp6vfw.dll File not found

    Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)

    Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found

    Drivers32: vidc.X264 - x264vfw.dll File not found

    Drivers32: VIDC.YV12 - yv12vfw.dll File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/06 13:02:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/03/06 09:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2011/03/05 18:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\My Widgets

    [2011/03/05 17:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\YummyDesktopToys

    [2011/03/05 17:59:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ydt

    [2011/03/05 17:14:09 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011/03/05 13:06:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

    [2011/03/05 13:03:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011/03/05 13:03:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011/03/05 13:03:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011/03/05 13:03:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2011/03/05 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

    [2011/03/05 13:00:16 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011/03/05 12:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

    [2011/03/05 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

    [2011/03/05 12:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    [2011/03/05 12:46:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    [2011/03/05 11:37:51 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

    [2011/03/02 22:24:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael\Recent

    [2011/03/02 14:44:00 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll

    [2011/03/02 14:43:49 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys

    [2011/03/01 18:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Songr

    [2011/03/01 18:27:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Songr

    [2011/02/28 16:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Mussa

    [2011/02/26 11:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:37:24 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Roozz

    [2011/02/26 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2011/02/25 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Unity

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Help

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Help

    [2011/02/23 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2011/02/23 14:18:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HijackThis

    [2011/02/22 21:10:28 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

    [2011/02/22 21:10:28 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

    [2011/02/22 21:10:28 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

    [2011/02/22 21:10:28 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

    [2011/02/22 21:09:34 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

    [2011/02/22 21:09:32 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

    [2011/02/22 21:09:32 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

    [2011/02/22 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

    [2011/02/22 20:42:24 | 000,085,504 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [2011/02/21 17:08:30 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll

    [2011/02/21 17:08:30 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll

    [2011/02/21 17:08:29 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll

    [2011/02/21 17:08:28 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll

    [2011/02/21 17:08:26 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll

    [2011/02/21 17:08:23 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll

    [2011/02/21 17:08:23 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll

    [2011/02/21 17:08:22 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll

    [2011/02/21 17:08:20 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll

    [2011/02/21 17:08:20 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll

    [2011/02/21 17:08:20 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll

    [2011/02/21 17:08:19 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll

    [2011/02/17 21:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\School Craps

    [2011/02/14 20:13:49 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSECache

    [2011/02/07 15:42:08 | 000,000,000 | ---D | C] -- C:\Intel

    [2011/02/06 22:04:22 | 001,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll

    [2011/02/06 14:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Camera Mouse

    [2011/02/06 14:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Downloaded Installations

    [2011/02/06 10:36:06 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe

    [2011/02/06 10:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\POD-Bot 2.5

    [2011/02/06 10:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\POD-Bot 2.5

    [2011/02/05 23:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\sXe Injected

    [2011/02/05 23:08:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\sXe Injected

    [2010/07/17 16:19:21 | 109,378,686 | ---- | C] (Oxin's Style!® ) -- C:\Documents and Settings\Rafael\Dados de aplicativos\3D Sexvilla 2.058.002 OxS!®.exe

    [2010/07/12 13:23:29 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys

    [2010/07/12 13:23:29 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys

    [2010/06/02 18:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.sys

    [2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [197 C:\*.tmp files -> C:\*.tmp -> ]

    [10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/06 16:12:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/03/06 12:18:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/03/06 11:57:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003UA.job

    [2011/03/06 11:54:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2011/03/06 10:55:27 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/06 10:55:26 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/06 09:12:47 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

    [2011/03/06 09:12:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/03/06 09:12:25 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2011/03/06 09:12:24 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/03/06 09:11:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/03/05 18:09:34 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | M] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 13:06:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini

    [2011/03/05 13:03:10 | 000,000,529 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para ComboFix.exe.lnk

    [2011/03/05 12:46:52 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/04 16:18:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/03/04 15:57:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003Core.job

    [2011/03/02 22:57:35 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Google Chrome.lnk

    [2011/03/02 22:43:50 | 000,002,878 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

    [2011/03/01 18:27:09 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/02/26 16:16:34 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/25 22:46:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 22:04:54 | 000,003,342 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfive.exe

    [2011/02/23 22:03:34 | 000,003,342 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfour.exe

    [2011/02/23 22:02:26 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/23 22:01:26 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 21:09:25 | 000,477,028 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

    [2011/02/22 21:09:25 | 000,441,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011/02/22 21:09:25 | 000,083,128 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

    [2011/02/22 21:09:25 | 000,071,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2011/02/22 20:42:18 | 000,085,504 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [2011/02/18 21:25:50 | 000,112,187 | ---- | M] () -- C:\WINDOWS\hpoins07.dat

    [2011/02/18 21:02:48 | 000,112,187 | ---- | M] () -- C:\WINDOWS\hpoins07.dat.temp

    [2011/02/16 15:00:40 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/02/15 06:53:05 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2011/02/11 21:51:38 | 000,459,888 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Boletim Informativo PAS 2010.pdf

    [2011/02/08 13:21:55 | 000,000,701 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para cdhack.exe.lnk

    [2011/02/07 15:48:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak

    [2011/02/07 15:32:45 | 000,000,434 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    [2011/02/06 20:42:08 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Dedicated Server.lnk

    [2011/02/06 20:42:06 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Counter-Strike 1.6 Non Steam.lnk

    [2011/02/06 17:07:44 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Counter Strike 1.6 Non Steam.lnk

    [2011/02/06 14:03:13 | 000,000,620 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\cstrike.lnk

    [2011/02/05 23:08:41 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\sXe Injected.lnk

    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    [38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    [197 C:\*.tmp files -> C:\*.tmp -> ]

    [10 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/05 18:09:34 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 13:06:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak

    [2011/03/05 13:06:22 | 000,261,856 | RHS- | C] () -- C:\cmldr

    [2011/03/05 13:03:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011/03/05 13:03:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011/03/05 13:03:39 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011/03/05 13:03:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011/03/05 13:03:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011/03/05 13:03:10 | 000,000,529 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para ComboFix.exe.lnk

    [2011/03/05 12:46:52 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/01 18:27:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Songr.lnk

    [2011/03/01 18:27:09 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/26 16:16:34 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:16:33 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:13:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/02/26 16:13:39 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/02/25 22:46:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 14:21:50 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/23 14:13:25 | 000,003,342 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfour.exe

    [2011/02/22 21:10:27 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

    [2011/02/22 21:09:33 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

    [2011/02/22 21:09:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

    [2011/02/22 20:48:27 | 000,003,342 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfive.exe

    [2011/02/22 20:42:24 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 14:59:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/02/14 21:16:42 | 000,278,582 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Logo Mussa.pdf

    [2011/02/14 16:18:40 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

    [2011/02/14 16:18:40 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

    [2011/02/14 15:27:15 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

    [2011/02/14 15:27:15 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

    [2011/02/11 21:51:45 | 000,459,888 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Boletim Informativo PAS 2010.pdf

    [2011/02/08 13:21:55 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para cdhack.exe.lnk

    [2011/02/07 15:32:45 | 000,000,434 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

    [2011/02/06 20:42:06 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Counter-Strike 1.6 Non Steam.lnk

    [2011/02/06 14:03:13 | 000,000,620 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\cstrike.lnk

    [2011/02/06 10:49:33 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Counter Strike 1.6 Non Steam.lnk

    [2011/02/06 10:49:32 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Dedicated Server.lnk

    [2011/02/05 23:08:41 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\sXe Injected.lnk

    [2011/01/27 11:54:31 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys

    [2011/01/27 11:54:31 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys

    [2011/01/18 11:54:04 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\fusioncache.dat

    [2010/12/20 21:21:03 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\actusb.sys

    [2010/11/11 21:26:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

    [2010/11/10 21:43:07 | 000,255,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

    [2010/11/06 09:16:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe

    [2010/11/06 09:12:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

    [2010/11/06 09:12:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

    [2010/11/06 09:12:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

    [2010/11/06 09:12:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Disney.ini

    [2010/08/19 16:05:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2010/08/12 21:39:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

    [2010/08/08 10:58:35 | 000,093,514 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105835.wmv

    [2010/08/08 10:58:07 | 000,167,188 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105806.wmv

    [2010/06/23 14:27:01 | 000,441,620 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100623T142700.wmv

    [2010/06/22 20:04:59 | 000,479,170 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100622T200458.wmv

    [2010/06/03 22:31:16 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

    [2010/06/03 22:31:10 | 000,000,305 | R--- | C] () -- C:\WINDOWS\OEM.ini

    [2010/06/02 22:10:26 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2010/06/02 19:43:48 | 000,014,681 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2010/06/02 18:21:10 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\vso_ts_preview.xml

    [2010/06/02 18:20:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\inst.exe

    [2010/06/02 18:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.cat

    [2010/06/02 18:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.inf

    [2010/06/02 14:35:59 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

    [2010/06/02 14:35:41 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

    [2010/06/02 13:16:10 | 000,163,923 | ---- | C] () -- C:\WINDOWS\System32\SiSUninstall.exe

    [2010/06/01 22:18:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

    [2010/06/01 21:57:48 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/05/31 21:46:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

    [2010/05/31 21:23:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2010/05/31 19:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2010/05/31 18:44:16 | 000,093,362 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

    [2010/05/31 18:43:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\Progress.exe

    [2010/05/31 18:43:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin

    [2010/05/31 18:43:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin

    [2010/05/31 18:43:06 | 000,387,898 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

    [2010/05/31 18:35:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2010/05/31 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2010/05/31 18:15:11 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2010/05/31 18:08:12 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2010/05/31 18:07:14 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

    [2010/01/11 04:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

    [2008/12/19 12:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

    [2008/12/17 14:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

    [2008/12/17 14:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

    [2008/12/17 14:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2008/12/17 14:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

    [2008/12/17 13:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

    [2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

    [2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll

    [2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll

    [2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

    [2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll

    [2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

    [2004/01/12 17:32:52 | 000,249,910 | ---- | C] () -- C:\WINDOWS\System32\VIR_Lib.dll

    [2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/10/28 15:07:18 | 000,477,028 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

    [2001/10/28 15:07:18 | 000,441,018 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

    [2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/10/28 15:07:18 | 000,083,128 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

    [2001/10/28 15:07:18 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

    [2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    [2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/07/06 15:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

    ========== LOP Check ==========

    [2010/12/27 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion

    [2010/07/31 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AlawarWrapper

    [2010/07/06 09:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

    [2011/01/03 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

    [2010/12/28 17:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    [2011/01/06 00:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HouseDemo

    [2010/07/08 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    [2011/03/06 09:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2010/12/15 00:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon

    [2010/06/01 21:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\page

    [2011/01/04 20:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PassMark

    [2011/01/14 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

    [2010/06/21 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

    [2010/07/31 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Souptoys

    [2010/07/27 17:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

    [2011/01/04 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    [2010/06/03 20:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

    [2011/02/28 12:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Orbit

    [2010/12/11 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\ProgSense

    [2010/10/07 20:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Subversion

    [2010/11/30 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\abgx360

    [2010/06/17 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\AnvSoft

    [2010/06/01 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Atari

    [2010/09/30 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Audacity

    [2011/01/03 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DAEMON Tools Lite

    [2010/09/21 18:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DMCache

    [2010/06/02 12:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Easeware

    [2010/07/17 19:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Fit3DLive

    [2010/06/13 20:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Free Sound Recorder

    [2011/01/24 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\fretsonfire

    [2011/03/01 18:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\FrostWire

    [2010/11/14 21:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GameTuts

    [2010/05/31 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GrabPro

    [2011/02/26 10:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2010/09/21 19:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IDM

    [2011/02/23 22:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Image Zone Express

    [2011/02/22 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IObit

    [2010/06/01 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Leadertech

    [2010/08/21 13:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\LEGO Company

    [2011/03/06 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Orbit

    [2010/12/10 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\ProgSense

    [2010/07/31 12:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Publish Providers

    [2010/07/17 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\QuickStoresToolbar

    [2010/06/21 15:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\River Past G5

    [2010/07/31 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Sony

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Souptoys

    [2010/09/16 21:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Subversion

    [2010/06/30 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Thunderbird

    [2011/02/23 19:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2010/06/07 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Total Immersion

    [2011/01/14 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Uniblue

    [2010/12/05 16:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Vso

    [2010/06/02 14:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\WinBatch

    [2010/07/31 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\YoudaGames

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ========== Purity Check ==========

    ========== Custom Scans ==========

    < MD5 for: ATAPI.SYS >

    [2002/09/09 14:19:28 | 010,179,516 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

    [2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

    [2002/09/09 14:19:28 | 010,179,516 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys

    [2008/04/13 19:34:10 | 020,099,802 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

    [2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

    [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

    < MD5 for: EVENTLOG.DLL >

    [2002/09/09 14:07:14 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=11FD3A5FF574294950EA1C45343A22DF -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

    [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

    < MD5 for: NETLOGON.DLL >

    [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

    [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

    [2002/09/09 14:07:56 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=A41412E06484D44F2045E38A20FACE4D -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >

    [2002/09/09 14:08:04 | 000,178,176 | ---- | M] (Microsoft Corporation) MD5=7369E2E3D5F11779E0E03177EA22E471 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

    [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

    [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6724CB45

    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:010ADD2C

    < End of report >

    O log do Extras.txt:

    OTL Extras logfile created on: 6/3/2011 16:14:14 - Run 1

    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Rafael\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.5512)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    893,00 Mb Total Physical Memory | 579,00 Mb Available Physical Memory | 65,00% Memory free

    10,00 Gb Paging File | 9,00 Gb Available in Paging File | 97,00% Paging File free

    Paging file location(s): C:\pagefile.sys 9000 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 149,05 Gb Total Space | 78,12 Gb Free Space | 52,41% Space Free | Partition Type: NTFS

    Computer Name: RAFA | User Name: Rafael | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users

    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_USERS\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Classes\<extension>]

    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    exefile [open] -- "%1" %*

    http [open] -- Reg Error: Key error.

    https [open] -- Reg Error: Key error.

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "AntiVirusDisableNotify" = 0

    "FirewallDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    "AntiVirusOverride" = 0

    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    "58616:TCP" = 58616:TCP:*:Enabled:Pando Media Booster

    "58616:UDP" = 58616:UDP:*:Enabled:Pando Media Booster

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "EnableFirewall" = 1

    "DoNotAllowExceptions" = 0

    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

    "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

    "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

    "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

    "1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot

    "1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot

    "53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

    "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

    "58616:TCP" = 58616:TCP:*:Enabled:Pando Media Booster

    "58616:UDP" = 58616:UDP:*:Enabled:Pando Media Booster

    "3749:TCP" = 3749:TCP:*:Enabled:uaplubyi

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    "C:\Level Up! Games\Combat Arms\CombatArms.exe" = C:\Level Up! Games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe

    "C:\Level Up! Games\Combat Arms\Engine.exe" = C:\Level Up! Games\Combat Arms\Engine.exe:*Enabled:Engine.exe

    "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    "C:\Arquivos de programas\Orbitdownloader\orbitdm.exe" = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

    "C:\Arquivos de programas\Orbitdownloader\orbitnet.exe" = C:\Arquivos de programas\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

    "D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III

    "C:\Arquivos de programas\FrostWire\FrostWire.exe" = C:\Arquivos de programas\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)

    "C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

    "C:\Arquivos de programas\Garena\Garena.exe" = C:\Arquivos de programas\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)

    "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" = C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)

    "C:\Arquivos de programas\Valve\hl.exe" = C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

    "C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo

    "C:\Arquivos de programas\Valve\hlds.exe" = C:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

    "C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()

    "C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )

    "C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1

    "{084548D1-AE93-4A17-9572-D59631F1846B}" = TOSHIBA V.92 MoH Application

    "{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations

    "{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

    "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials

    "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update

    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1

    "{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3

    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

    "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 18

    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

    "{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload

    "{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp

    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

    "{350C97BB-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

    "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

    "{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy

    "{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg

    "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call

    "{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B

    "{65248369-7CB9-43A9-82C8-C438AE04DED4}" = 1500

    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

    "{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc

    "{6FCBE08B-EB47-448E-8566-CE38E8B8D065}" = System Requirements Lab CYRI

    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

    "{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware

    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

    "{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext

    "{81E06318-EEB9-4D55-8CD5-7AC9148D5E66}" = 1500_Help

    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

    "{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003

    "{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007

    "{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger

    "{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy

    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

    "{A8F132CD-21A0-411B-AF2C-50E04576FB02}" = Sony LCD Driver 1.3.0.0 For Windows XP

    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

    "{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2

    "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm

    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

    "{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

    "{CBA30674-A242-4531-82B5-586B31F90E04}" = 1500Trb

    "{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{D1DDE912-03B9-4C1C-A7EB-C60693820E18}" = REALTEK RTL8187 Wireless LAN Driver and Utility

    "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324

    "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver

    "{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0

    "{DEC2C123-3CE0-4669-B119-61519130CACD}" = TortoiseSVN 1.6.10.19898 (32 bit)

    "{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant

    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

    "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =

    "{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter

    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

    "{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status

    "{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5

    "Advanced SystemCare 3_is1" = Advanced SystemCare 3

    "Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.10

    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

    "CCleaner" = CCleaner

    "Counter-Strike CP" = Counter-Strike CP

    "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In

    "FormatFactory" = FormatFactory 2.30

    "Foxit Reader" = Foxit Reader

    "FrostWire" = FrostWire 4.21.3

    "Game Booster_is1" = Game Booster

    "Garena 2010" = Garena 2010

    "HP Imaging Device Functions" = HP Imaging Device Functions 5.3

    "HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

    "Messenger Plus! Live" = Messenger Plus! Live

    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

    "Orbit_is1" = Orbit Downloader

    "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

    "RealAlt_is1" = Real Alternative 2.0.2

    "RealPlayer 12.0" = RealPlayer

    "San Andreas Mod Installer1.1" = San Andreas Mod Installer

    "Seven Remix XP" = Seven Remix XP 2.4

    "SiS VGA Driver" = SiS VGA Utilities

    "SMSERIAL" = TOSHIBA SM56 Data Fax Modem

    "Songr" = Songr

    "SpeederXP v1.60_is1" = SpeederXP 1.60

    "sXe Injected" = sXe Injected

    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    "Windows Media Format Runtime" = Windows Media Format 11 runtime

    "Windows Media Player" = Windows Media Player 11

    "Windows XP Service Pack" = Windows XP Service Pack 3

    "WinLiveSuite_Wave3" = Windows Live Essentials

    "WinPcapInst" = WinPcap 4.1.1

    "WinRAR archiver" = Arquivo do WinRAR

    "WMFDist11" = Windows Media Format 11 runtime

    "wmp11" = Windows Media Player 11

    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    "XP Codec Pack" = XP Codec Pack

    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Google Chrome" = Google Chrome

    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]

    Error - 6/3/2011 11:35:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 11:35:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 11:58:23 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 11:58:23 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 13:11:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 13:11:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 13:56:23 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 13:56:23 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 15:10:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {7B849a69-220F-451E-B3FE-2CB811AF94AE},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    Error - 6/3/2011 15:10:34 | Computer Name = RAFA | Source = Userenv | ID = 1041

    Description = O Windows não pode consultar a entrada de Registro DllName para {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D},

    e ela não será carregada. Isso provavelmente foi causado por um registro incorreto.

    [ System Events ]

    Error - 6/3/2011 11:37:15 | Computer Name = RAFA | Source = Service Control Manager | ID = 7023

    Description = O serviço Servidor terminou com o erro: %%1811

    Error - 6/3/2011 12:00:58 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:01 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:04 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:07 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:10 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:13 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:16 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:19 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    Error - 6/3/2011 12:01:22 | Computer Name = RAFA | Source = Disk | ID = 262151

    Description = O dispositivo, \Device\Harddisk0\D, possui um bloco defeituoso.

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Skia

    Novamente com o OTL

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

    :OTL
    O33 - MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\Shell - "" = AutoRun
    O33 - MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe
    O33 - MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe
    O33 - MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe
    O33 - MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe
    O33 - MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\Shell\AutoRun\command - "" = n0qls.exe
    O33 - MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\Shell\open\Command - "" = n0qls.exe
    O33 - MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6724CB45
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:010ADD2C
    [2011/02/23 22:04:54 | 000,003,342 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfive.exe
    [2011/02/23 22:03:34 | 000,003,342 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Sysfour.exe


    :Files
    c:\ico*.tmp

    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
    "139:TCP" =
    "445:TCP" =
    "137:UDP" =
    "138:UDP" =

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
    "139:TCP" =
    "445:TCP" =
    "137:UDP" =
    "138:UDP" =
    "1900:UDP" =
    "2869:TCP" =
    "3389:TCP" =
    "3749:TCP" =

    :Commands
    [purity]
    [emptyflash]
    [resethosts]
    [clearallrestorepoints]
    [emptytemp]

    • Clique no botão 5370056394_358505935a_m.jpg
    • Quando reiniciar vai aparecer uma janela, clique em executar;
    • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
    • Atenção: se fechar o log sem ter salvo antes ele sumirá.
    • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
    • Não interrompa o scan em hipótese algum;
    • Quando terminar será gerado o OTL.txt;
    • Poste então em sua próxima resposta o log gerado.

    Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTL logfile created on: 16/3/2011 12:47:34 - Run 3

    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Rafael\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.5512)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    893,00 Mb Total Physical Memory | 540,00 Mb Available Physical Memory | 60,00% Memory free

    10,00 Gb Paging File | 9,00 Gb Available in Paging File | 97,00% Paging File free

    Paging file location(s): C:\pagefile.sys 9000 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 149,05 Gb Total Space | 77,00 Gb Free Space | 51,66% Space Free | Partition Type: NTFS

    Computer Name: RAFA | User Name: Rafael | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    PRC - [2011/01/21 08:20:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe

    PRC - [2010/12/01 16:19:54 | 001,835,106 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    PRC - [2010/12/01 16:17:20 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    PRC - [2008/06/27 14:54:12 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe

    PRC - [2008/04/13 19:21:00 | 001,542,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2008/02/21 19:23:38 | 001,216,512 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

    PRC - [2007/08/17 18:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

    PRC - [2006/08/01 08:19:10 | 000,737,280 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

    PRC - [2006/03/30 15:45:12 | 000,500,224 | ---- | M] (LightComm) -- C:\WINDOWS\WinLogT.exe

    PRC - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

    ========== Modules (SafeList) ==========

    MOD - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    MOD - [2011/01/21 08:21:22 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Roozz Helper)

    SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

    SRV - File not found [Auto | Stopped] -- -- (mpbjrolce)

    SRV - File not found [Auto | Stopped] -- -- (AntiVirService)

    SRV - File not found [Auto | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2010/11/03 18:02:04 | 004,294,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

    SRV - [2010/06/08 19:28:35 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

    SRV - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Running] -- -- (avgio)

    DRV - [2011/01/03 20:56:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/12/20 21:21:03 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ActUsb.sys -- (ActUsb)

    DRV - [2010/03/31 05:58:48 | 000,342,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)

    DRV - [2010/03/26 18:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

    DRV - [2009/12/17 17:40:00 | 000,129,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

    DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

    DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

    DRV - [2008/06/27 15:19:22 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

    DRV - [2008/06/27 14:57:48 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

    DRV - [2008/03/03 12:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

    DRV - [2008/02/21 19:29:00 | 001,092,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

    DRV - [2006/06/15 23:04:38 | 000,035,712 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

    DRV - [2005/07/08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)

    DRV - [2005/01/03 12:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

    DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minilua.com/

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

    FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5

    FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

    FF - prefs.js..extensions.enabledItems: {9C9D73AE-33F5-4352-BE72-454D29416872}:0.4.4.2

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Arquivos de programas\AutocompletePro\support@predictad.com

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/21 08:21:23 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\components [2011/01/21 08:21:12 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\plugins [2011/03/05 18:09:26 | 000,000,000 | ---D | M]

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

    [2011/03/09 19:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions

    [2010/07/05 19:06:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2010/12/28 17:29:31 | 000,000,000 | ---D | M] ("Adicional de segurança CAIXA®") -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

    [2011/02/12 19:39:23 | 000,000,000 | ---D | M] (ul.timate.info) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{9C9D73AE-33F5-4352-BE72-454D29416872}

    [2010/06/02 13:14:10 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\firebug@software.joehewitt.com

    [2010/12/27 21:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

    [2010/06/22 21:17:29 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Arquivos de programas\Mozilla Firefox\extensions\quickstores@quickstores.de

    [2010/12/13 07:50:18 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\ARQUIVOS DE PROGRAMAS\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER

    [2011/01/21 08:21:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

    [2010/03/03 19:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

    [2010/06/20 12:44:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    [2007/03/09 20:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2011/03/16 12:44:06 | 000,000,067 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

    O1 - Hosts: 209.222.96.91 www2.bancobrasil.com.br

    O1 - Hosts: 209.222.96.92 aapj.bb.com.br

    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O4 - HKLM..\Run: [avgnt] File not found

    O4 - HKLM..\Run: [KernelFaultCheck] File not found

    O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

    O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

    O4 - HKLM..\Run: [TkBellExe] C:\arquivos de programas\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

    O4 - HKLM..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe (LightComm)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

    O4 - Startup: C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk = File not found

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll (Installation Support)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O24 - Desktop WallPaper: C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2010/05/31 18:17:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O33 - MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\Shell - "" = AutoRun

    O33 - MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/12 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Tumblr

    [2011/03/10 21:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\MiniLyrics

    [2011/03/10 21:01:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Minilyrics

    [2011/03/09 15:27:32 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011/03/09 14:43:32 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011/03/06 13:02:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/03/06 09:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2011/03/05 18:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\My Widgets

    [2011/03/05 17:59:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ydt

    [2011/03/05 13:06:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

    [2011/03/05 13:03:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011/03/05 13:03:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011/03/05 13:03:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011/03/05 13:03:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2011/03/05 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

    [2011/03/05 13:00:16 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011/03/05 12:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

    [2011/03/05 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

    [2011/03/05 12:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    [2011/03/05 12:46:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    [2011/03/05 11:37:51 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

    [2011/03/02 22:24:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael\Recent

    [2011/03/01 18:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Songr

    [2011/03/01 18:27:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Songr

    [2011/02/28 16:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Mussa

    [2011/02/26 11:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:37:24 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Roozz

    [2011/02/26 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2011/02/25 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Unity

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Help

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Help

    [2011/02/23 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2011/02/23 14:18:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HijackThis

    [2011/02/22 21:10:28 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

    [2011/02/22 21:10:28 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

    [2011/02/22 21:10:28 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

    [2011/02/22 21:10:28 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

    [2011/02/22 21:09:34 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

    [2011/02/22 21:09:32 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

    [2011/02/22 21:09:32 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

    [2011/02/22 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

    [2011/02/22 20:42:24 | 000,085,504 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [2011/02/17 21:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\School Craps

    [2011/02/14 20:13:49 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSECache

    [2010/07/17 16:19:21 | 109,378,686 | ---- | C] (Oxin's Style!® ) -- C:\Documents and Settings\Rafael\Dados de aplicativos\3D Sexvilla 2.058.002 OxS!®.exe

    [2010/07/12 13:23:29 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys

    [2010/07/12 13:23:29 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys

    [2010/06/02 18:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.sys

    [2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/16 12:45:13 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

    [2011/03/16 12:44:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/03/16 12:44:41 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2011/03/16 12:44:40 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/03/16 12:44:40 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/16 12:44:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/03/16 12:44:06 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

    [2011/03/16 12:39:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/03/16 12:18:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/03/16 12:12:35 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/15 18:57:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003UA.job

    [2011/03/15 18:54:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2011/03/15 16:18:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/03/15 15:57:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003Core.job

    [2011/03/14 18:26:12 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/03/11 21:19:23 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Google Chrome.lnk

    [2011/03/11 18:06:30 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2011/03/09 15:25:54 | 004,284,225 | R--- | M] () -- C:\Documents and Settings\Rafael\Desktop\ComboFix.exe

    [2011/03/08 17:05:16 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

    [2011/03/08 14:31:37 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\sXe Injected.lnk

    [2011/03/06 19:56:09 | 000,062,139 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\MussaC&I.jpg

    [2011/03/05 18:09:34 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | M] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 13:06:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini

    [2011/03/05 12:46:52 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/02 22:43:50 | 000,002,878 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

    [2011/03/01 18:27:09 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/02/26 16:16:34 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/25 22:46:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 22:02:26 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/23 22:01:26 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 21:09:25 | 000,477,028 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

    [2011/02/22 21:09:25 | 000,441,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011/02/22 21:09:25 | 000,083,128 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

    [2011/02/22 21:09:25 | 000,071,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2011/02/22 20:42:18 | 000,085,504 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [2011/02/18 21:25:50 | 000,112,187 | ---- | M] () -- C:\WINDOWS\hpoins07.dat

    [2011/02/18 21:02:48 | 000,112,187 | ---- | M] () -- C:\WINDOWS\hpoins07.dat.temp

    [2011/02/15 06:53:05 | 000,238,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/06 19:56:07 | 000,062,139 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\MussaC&I.jpg

    [2011/03/05 18:09:34 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 13:06:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak

    [2011/03/05 13:06:22 | 000,261,856 | RHS- | C] () -- C:\cmldr

    [2011/03/05 13:03:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011/03/05 13:03:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011/03/05 13:03:39 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011/03/05 13:03:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011/03/05 13:03:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011/03/05 12:48:01 | 004,284,225 | R--- | C] () -- C:\Documents and Settings\Rafael\Desktop\ComboFix.exe

    [2011/03/05 12:46:52 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/01 18:27:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Songr.lnk

    [2011/03/01 18:27:09 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/26 16:16:34 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:16:33 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:13:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/02/26 16:13:39 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/02/25 22:46:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 14:21:50 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/22 21:10:27 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

    [2011/02/22 21:09:33 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

    [2011/02/22 21:09:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

    [2011/02/22 20:42:24 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 14:59:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/02/14 21:16:42 | 000,278,582 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Logo Mussa.pdf

    [2011/02/14 16:18:40 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

    [2011/02/14 16:18:40 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

    [2011/02/14 15:27:15 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

    [2011/02/14 15:27:15 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

    [2011/01/27 11:54:31 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys

    [2011/01/27 11:54:31 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys

    [2011/01/18 11:54:04 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\fusioncache.dat

    [2010/12/20 21:21:03 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\actusb.sys

    [2010/11/11 21:26:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

    [2010/11/10 21:43:07 | 000,255,608 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

    [2010/11/06 09:16:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe

    [2010/11/06 09:12:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

    [2010/11/06 09:12:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

    [2010/11/06 09:12:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

    [2010/11/06 09:12:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Disney.ini

    [2010/08/19 16:05:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2010/08/12 21:39:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

    [2010/08/08 10:58:35 | 000,093,514 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105835.wmv

    [2010/08/08 10:58:07 | 000,167,188 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105806.wmv

    [2010/06/23 14:27:01 | 000,441,620 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100623T142700.wmv

    [2010/06/22 20:04:59 | 000,479,170 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100622T200458.wmv

    [2010/06/03 22:31:16 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

    [2010/06/03 22:31:10 | 000,000,305 | R--- | C] () -- C:\WINDOWS\OEM.ini

    [2010/06/02 22:10:26 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2010/06/02 19:43:48 | 000,014,681 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2010/06/02 18:21:10 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\vso_ts_preview.xml

    [2010/06/02 18:20:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\inst.exe

    [2010/06/02 18:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.cat

    [2010/06/02 18:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.inf

    [2010/06/02 14:35:59 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

    [2010/06/02 14:35:41 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

    [2010/06/02 13:16:10 | 000,163,923 | ---- | C] () -- C:\WINDOWS\System32\SiSUninstall.exe

    [2010/06/01 22:18:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

    [2010/06/01 21:57:48 | 000,087,552 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/05/31 21:46:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

    [2010/05/31 21:23:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2010/05/31 19:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2010/05/31 18:44:16 | 000,093,362 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

    [2010/05/31 18:43:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\Progress.exe

    [2010/05/31 18:43:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin

    [2010/05/31 18:43:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin

    [2010/05/31 18:43:06 | 000,387,898 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

    [2010/05/31 18:35:52 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2010/05/31 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2010/05/31 18:15:11 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2010/05/31 18:08:12 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2010/05/31 18:07:14 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

    [2010/01/11 04:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

    [2008/12/19 12:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

    [2008/12/17 14:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

    [2008/12/17 14:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

    [2008/12/17 14:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2008/12/17 14:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

    [2008/12/17 13:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

    [2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

    [2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll

    [2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll

    [2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

    [2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll

    [2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

    [2004/01/12 17:32:52 | 000,249,910 | ---- | C] () -- C:\WINDOWS\System32\VIR_Lib.dll

    [2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/10/28 15:07:18 | 000,477,028 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

    [2001/10/28 15:07:18 | 000,441,018 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

    [2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/10/28 15:07:18 | 000,083,128 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

    [2001/10/28 15:07:18 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

    [2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    [2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/07/06 15:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

    ========== LOP Check ==========

    [2010/12/27 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion

    [2010/07/31 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AlawarWrapper

    [2010/07/06 09:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

    [2011/01/03 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

    [2010/12/28 17:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    [2011/01/06 00:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HouseDemo

    [2010/07/08 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    [2011/03/15 16:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2010/12/15 00:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon

    [2010/06/01 21:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\page

    [2011/01/04 20:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PassMark

    [2011/01/14 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

    [2010/06/21 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

    [2010/07/31 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Souptoys

    [2010/07/27 17:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

    [2011/01/04 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    [2010/06/03 20:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

    [2011/03/15 16:25:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Orbit

    [2010/12/11 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\ProgSense

    [2010/10/07 20:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Subversion

    [2010/11/30 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\abgx360

    [2010/06/17 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\AnvSoft

    [2010/06/01 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Atari

    [2010/09/30 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Audacity

    [2011/01/03 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DAEMON Tools Lite

    [2010/09/21 18:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DMCache

    [2010/06/02 12:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Easeware

    [2010/07/17 19:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Fit3DLive

    [2010/06/13 20:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Free Sound Recorder

    [2011/01/24 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\fretsonfire

    [2011/03/01 18:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\FrostWire

    [2010/11/14 21:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GameTuts

    [2010/05/31 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GrabPro

    [2011/02/26 10:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2010/09/21 19:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IDM

    [2011/02/23 22:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Image Zone Express

    [2011/02/22 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IObit

    [2010/06/01 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Leadertech

    [2010/08/21 13:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\LEGO Company

    [2011/03/16 12:45:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Orbit

    [2010/12/10 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\ProgSense

    [2010/07/31 12:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Publish Providers

    [2010/07/17 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\QuickStoresToolbar

    [2010/06/21 15:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\River Past G5

    [2010/07/31 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Sony

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Souptoys

    [2010/09/16 21:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Subversion

    [2010/06/30 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Thunderbird

    [2011/02/23 19:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2010/06/07 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Total Immersion

    [2011/01/14 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Uniblue

    [2010/12/05 16:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Vso

    [2010/06/02 14:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\WinBatch

    [2010/07/31 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\YoudaGames

    ========== Purity Check ==========

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Skia

    Vá até a pasta C:\_OTL\Moved Files e você vai encontrar um arquivo .txt cujo nome são números. Abra-o, copie to seu conteúdo e cole aqui.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • All processes killed

    ========== OTL ==========

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a6762b8-b5cd-11df-a22a-0090f576ecfa}\ not found.

    File F:\AutoRun.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{375bce58-83d7-11df-a1c0-0090f576ecfa}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{375bce58-83d7-11df-a1c0-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{375bce58-83d7-11df-a1c0-0090f576ecfa}\ not found.

    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68f31097-740c-11df-a193-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{68f31097-740c-11df-a193-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68f31097-740c-11df-a193-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{744a856e-eb99-11df-a299-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{744a856e-eb99-11df-a299-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{744a856e-eb99-11df-a299-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d666332-a32b-11df-a201-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d666332-a32b-11df-a201-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d666332-a32b-11df-a201-0090f576ecfa}\ not found.

    File n0qls.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8ffc9e-b5b7-11df-a229-0090f576ecfa}\ not found.

    File F:\AutoRun.exe not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae8ffca1-b5b7-11df-a229-0090f576ecfa}\ not found.

    File F:\AutoRun.exe not found.

    ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:6724CB45 deleted successfully.

    ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:010ADD2C deleted successfully.

    C:\Documents and Settings\All Users\Dados de aplicativos\Sysfive.exe moved successfully.

    C:\Documents and Settings\All Users\Dados de aplicativos\Sysfour.exe moved successfully.

    ========== FILES ==========

    c:\ico1.tmp moved successfully.

    c:\ico10.tmp moved successfully.

    c:\ico101.tmp moved successfully.

    c:\ico11.tmp moved successfully.

    c:\ico12.tmp moved successfully.

    c:\ico123.tmp moved successfully.

    c:\ico13.tmp moved successfully.

    c:\ico134.tmp moved successfully.

    c:\ico14.tmp moved successfully.

    c:\ico15.tmp moved successfully.

    c:\ico15A.tmp moved successfully.

    c:\ico16.tmp moved successfully.

    c:\ico17.tmp moved successfully.

    c:\ico18.tmp moved successfully.

    c:\ico186.tmp moved successfully.

    c:\ico18C.tmp moved successfully.

    c:\ico19.tmp moved successfully.

    c:\ico1A.tmp moved successfully.

    c:\ico1B.tmp moved successfully.

    c:\ico1C.tmp moved successfully.

    c:\ico1C8.tmp moved successfully.

    c:\ico1D.tmp moved successfully.

    c:\ico1E.tmp moved successfully.

    c:\ico1F.tmp moved successfully.

    c:\ico2.tmp moved successfully.

    c:\ico20.tmp moved successfully.

    c:\ico205.tmp moved successfully.

    c:\ico21.tmp moved successfully.

    c:\ico219.tmp moved successfully.

    c:\ico22.tmp moved successfully.

    c:\ico23.tmp moved successfully.

    c:\ico24.tmp moved successfully.

    c:\ico25.tmp moved successfully.

    c:\ico252.tmp moved successfully.

    c:\ico26.tmp moved successfully.

    c:\ico27.tmp moved successfully.

    c:\ico28.tmp moved successfully.

    c:\ico29.tmp moved successfully.

    c:\ico2A.tmp moved successfully.

    c:\ico2B.tmp moved successfully.

    c:\ico2C.tmp moved successfully.

    c:\ico2D.tmp moved successfully.

    c:\ico2E.tmp moved successfully.

    c:\ico2F.tmp moved successfully.

    c:\ico3.tmp moved successfully.

    c:\ico30.tmp moved successfully.

    c:\ico31.tmp moved successfully.

    c:\ico32.tmp moved successfully.

    c:\ico320.tmp moved successfully.

    c:\ico33.tmp moved successfully.

    c:\ico34.tmp moved successfully.

    c:\ico35.tmp moved successfully.

    c:\ico36.tmp moved successfully.

    c:\ico37.tmp moved successfully.

    c:\ico370.tmp moved successfully.

    c:\ico38.tmp moved successfully.

    c:\ico39.tmp moved successfully.

    c:\ico3A.tmp moved successfully.

    c:\ico3B.tmp moved successfully.

    c:\ico3C.tmp moved successfully.

    c:\ico3D.tmp moved successfully.

    c:\ico3E.tmp moved successfully.

    c:\ico3F.tmp moved successfully.

    c:\ico4.tmp moved successfully.

    c:\ico40.tmp moved successfully.

    c:\ico41.tmp moved successfully.

    c:\ico42.tmp moved successfully.

    c:\ico43.tmp moved successfully.

    c:\ico437.tmp moved successfully.

    c:\ico44.tmp moved successfully.

    c:\ico45.tmp moved successfully.

    c:\ico46.tmp moved successfully.

    c:\ico47.tmp moved successfully.

    c:\ico48.tmp moved successfully.

    c:\ico49.tmp moved successfully.

    c:\ico4A.tmp moved successfully.

    c:\ico4B.tmp moved successfully.

    c:\ico4C.tmp moved successfully.

    c:\ico4D.tmp moved successfully.

    c:\ico4E.tmp moved successfully.

    c:\ico4F.tmp moved successfully.

    c:\ico5.tmp moved successfully.

    c:\ico50.tmp moved successfully.

    c:\ico51.tmp moved successfully.

    c:\ico52.tmp moved successfully.

    c:\ico53.tmp moved successfully.

    c:\ico54.tmp moved successfully.

    c:\ico55.tmp moved successfully.

    c:\ico56.tmp moved successfully.

    c:\ico57.tmp moved successfully.

    c:\ico58.tmp moved successfully.

    c:\ico59.tmp moved successfully.

    c:\ico5A.tmp moved successfully.

    c:\ico5B.tmp moved successfully.

    c:\ico5C.tmp moved successfully.

    c:\ico5D.tmp moved successfully.

    c:\ico5E.tmp moved successfully.

    c:\ico5F.tmp moved successfully.

    c:\ico6.tmp moved successfully.

    c:\ico60.tmp moved successfully.

    c:\ico61.tmp moved successfully.

    c:\ico62.tmp moved successfully.

    c:\ico63.tmp moved successfully.

    c:\ico64.tmp moved successfully.

    c:\ico65.tmp moved successfully.

    c:\ico66.tmp moved successfully.

    c:\ico67.tmp moved successfully.

    c:\ico68.tmp moved successfully.

    c:\ico69.tmp moved successfully.

    c:\ico6A.tmp moved successfully.

    c:\ico6B.tmp moved successfully.

    c:\ico6C.tmp moved successfully.

    c:\ico6D.tmp moved successfully.

    c:\ico6E.tmp moved successfully.

    c:\ico6F.tmp moved successfully.

    c:\ico7.tmp moved successfully.

    c:\ico70.tmp moved successfully.

    c:\ico71.tmp moved successfully.

    c:\ico72.tmp moved successfully.

    c:\ico73.tmp moved successfully.

    c:\ico74.tmp moved successfully.

    c:\ico75.tmp moved successfully.

    c:\ico76.tmp moved successfully.

    c:\ico77.tmp moved successfully.

    c:\ico78.tmp moved successfully.

    c:\ico79.tmp moved successfully.

    c:\ico7A.tmp moved successfully.

    c:\ico7B.tmp moved successfully.

    c:\ico7C.tmp moved successfully.

    c:\ico7D.tmp moved successfully.

    c:\ico7E.tmp moved successfully.

    c:\ico7F.tmp moved successfully.

    c:\ico8.tmp moved successfully.

    c:\ico80.tmp moved successfully.

    c:\ico81.tmp moved successfully.

    c:\ico82.tmp moved successfully.

    c:\ico83.tmp moved successfully.

    c:\ico84.tmp moved successfully.

    c:\ico85.tmp moved successfully.

    c:\ico86.tmp moved successfully.

    c:\ico87.tmp moved successfully.

    c:\ico88.tmp moved successfully.

    c:\ico89.tmp moved successfully.

    c:\ico8A.tmp moved successfully.

    c:\ico8B.tmp moved successfully.

    c:\ico8C.tmp moved successfully.

    c:\ico8D.tmp moved successfully.

    c:\ico8E.tmp moved successfully.

    c:\ico8F.tmp moved successfully.

    c:\ico9.tmp moved successfully.

    c:\ico90.tmp moved successfully.

    c:\ico91.tmp moved successfully.

    c:\ico92.tmp moved successfully.

    c:\ico93.tmp moved successfully.

    c:\ico94.tmp moved successfully.

    c:\ico95.tmp moved successfully.

    c:\ico96.tmp moved successfully.

    c:\ico97.tmp moved successfully.

    c:\ico98.tmp moved successfully.

    c:\ico99.tmp moved successfully.

    c:\ico9A.tmp moved successfully.

    c:\ico9B.tmp moved successfully.

    c:\ico9C.tmp moved successfully.

    c:\ico9D.tmp moved successfully.

    c:\ico9E.tmp moved successfully.

    c:\ico9F.tmp moved successfully.

    c:\icoA.tmp moved successfully.

    c:\icoA0.tmp moved successfully.

    c:\icoA1.tmp moved successfully.

    c:\icoA2.tmp moved successfully.

    c:\icoA3.tmp moved successfully.

    c:\icoA4.tmp moved successfully.

    c:\icoA5.tmp moved successfully.

    c:\icoA6.tmp moved successfully.

    c:\icoA7.tmp moved successfully.

    c:\icoA8.tmp moved successfully.

    c:\icoA9.tmp moved successfully.

    c:\icoAA.tmp moved successfully.

    c:\icoAB.tmp moved successfully.

    c:\icoAC.tmp moved successfully.

    c:\icoAD.tmp moved successfully.

    c:\icoAE.tmp moved successfully.

    c:\icoAF.tmp moved successfully.

    c:\icoB.tmp moved successfully.

    c:\icoB0.tmp moved successfully.

    c:\icoB1.tmp moved successfully.

    c:\icoB2.tmp moved successfully.

    c:\icoB3.tmp moved successfully.

    c:\icoB4.tmp moved successfully.

    c:\icoB5.tmp moved successfully.

    c:\icoB6.tmp moved successfully.

    c:\icoB7.tmp moved successfully.

    c:\icoB8.tmp moved successfully.

    c:\icoB9.tmp moved successfully.

    c:\icoBA.tmp moved successfully.

    c:\icoBB.tmp moved successfully.

    c:\icoBC.tmp moved successfully.

    c:\icoBD.tmp moved successfully.

    c:\icoBE.tmp moved successfully.

    c:\icoBF.tmp moved successfully.

    c:\icoC.tmp moved successfully.

    c:\icoC0.tmp moved successfully.

    c:\icoC1.tmp moved successfully.

    c:\icoC2.tmp moved successfully.

    c:\icoC3.tmp moved successfully.

    c:\icoC4.tmp moved successfully.

    c:\icoC5.tmp moved successfully.

    c:\icoC6.tmp moved successfully.

    c:\icoC7.tmp moved successfully.

    c:\icoC8.tmp moved successfully.

    c:\icoC9.tmp moved successfully.

    c:\icoCA.tmp moved successfully.

    c:\icoCB.tmp moved successfully.

    c:\icoD.tmp moved successfully.

    c:\icoD5.tmp moved successfully.

    c:\icoDA.tmp moved successfully.

    c:\icoE.tmp moved successfully.

    c:\icoE3.tmp moved successfully.

    c:\icoEB.tmp moved successfully.

    c:\icoF.tmp moved successfully.

    c:\icoF7.tmp moved successfully.

    ========== REGISTRY ==========

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List\\"139:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List\\"445:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List\\"137:UDP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List\\"138:UDP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"139:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"445:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"137:UDP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"138:UDP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"1900:UDP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"2869:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"3389:TCP" | /E : value set successfully!

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List\\"3749:TCP" | /E : value set successfully!

    ========== COMMANDS ==========

    [EMPTYFLASH]

    User: Administrador

    User: All Users

    User: Arthur

    ->Flash cache emptied: 85768 bytes

    User: Convidado

    User: Default User

    User: LocalService

    User: NetworkService

    User: Rafael

    ->Flash cache emptied: 54473 bytes

    Total Flash Files Cleaned = 0,00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

    HOSTS file reset successfully

    Restore points cleared and new OTL Restore Point set!

    [EMPTYTEMP]

    User: Administrador

    ->Temp folder emptied: 74279735 bytes

    ->Temporary Internet Files folder emptied: 205552 bytes

    User: All Users

    User: Arthur

    ->Temp folder emptied: 36612748 bytes

    ->Temporary Internet Files folder emptied: 79964 bytes

    ->Java cache emptied: 5828 bytes

    ->FireFox cache emptied: 108151274 bytes

    ->Google Chrome cache emptied: 140164381 bytes

    ->Flash cache emptied: 0 bytes

    User: Convidado

    ->Temp folder emptied: 673593 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    ->Java cache emptied: 0 bytes

    User: Default User

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService

    ->Temp folder emptied: 82513 bytes

    ->Temporary Internet Files folder emptied: 34725 bytes

    User: NetworkService

    ->Temp folder emptied: 0 bytes

    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Rafael

    ->Temp folder emptied: 125531401 bytes

    ->Temporary Internet Files folder emptied: 50928731 bytes

    ->Java cache emptied: 335478 bytes

    ->FireFox cache emptied: 59894167 bytes

    ->Google Chrome cache emptied: 380908981 bytes

    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes

    %systemroot% .tmp files removed: 1138704 bytes

    %systemroot%\System32 .tmp files removed: 13999195 bytes

    %systemroot%\System32\dllcache .tmp files removed: 7524864 bytes

    %systemroot%\System32\drivers .tmp files removed: 0 bytes

    Windows Temp folder emptied: 121547 bytes

    RecycleBin emptied: 1233424249 bytes

    Total Files Cleaned = 2.131,00 mb

    OTL by OldTimer - Version 3.2.22.2 log created on 03162011_124156

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Skia

    Novamente com o OTL

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Copie e cole o conteúdo abaixo, no espaço logo após 5369460409_ee749edc8e_m.jpg

    :OTL
    O33 - MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\Shell - "" = AutoRun
    O33 - MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

    :Commands
    [reboot]

    • Clique no botão 5370056394_358505935a_m.jpg
    • Quando reiniciar vai aparecer uma janela, clique em executar;
    • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
    • Atenção: se fechar o log sem ter salvo antes ele sumirá.
    • Abra novamente o OTL e clique no botão 5370056476_bf9f840a51_m.jpg
    • Não interrompa o scan em hipótese algum;
    • Quando terminar será gerado o OTL.txt;
    • Poste então em sua próxima resposta o log gerado.

    Observação: Se por acaso perder o log depois do reinício do computador você poderá acessá-lo na pasta C:\_OTL\Moved Files

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • OTL logfile created on: 23/3/2011 21:11:26 - Run 4

    OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Rafael\Desktop

    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

    Internet Explorer (Version = 6.0.2900.5512)

    Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

    893,00 Mb Total Physical Memory | 554,00 Mb Available Physical Memory | 62,00% Memory free

    10,00 Gb Paging File | 9,00 Gb Available in Paging File | 98,00% Paging File free

    Paging file location(s): C:\pagefile.sys 9000 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

    Drive C: | 149,05 Gb Total Space | 64,45 Gb Free Space | 43,24% Space Free | Partition Type: NTFS

    Computer Name: RAFA | User Name: Rafael | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: All users | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    PRC - [2011/01/21 08:20:46 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Real\RealPlayer\Update\realsched.exe

    PRC - [2010/12/01 16:19:54 | 001,835,106 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitdm.exe

    PRC - [2010/12/01 16:17:20 | 000,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Arquivos de programas\Orbitdownloader\orbitnet.exe

    PRC - [2010/07/16 17:32:34 | 000,619,800 | ---- | M] (http://tortoisesvn.net) -- C:\Arquivos de programas\TortoiseSVN\bin\TSVNCache.exe

    PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    PRC - [2008/06/27 14:54:12 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe

    PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

    PRC - [2008/02/21 19:23:38 | 001,216,512 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe

    PRC - [2007/08/17 18:40:30 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe

    PRC - [2006/08/01 08:19:10 | 000,737,280 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe

    PRC - [2006/03/30 15:45:12 | 000,500,224 | ---- | M] (LightComm) -- C:\WINDOWS\WinLogT.exe

    PRC - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

    ========== Modules (SafeList) ==========

    MOD - [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    MOD - [2011/01/21 08:21:22 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    MOD - [2010/08/23 13:11:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

    MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll

    MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (Roozz Helper)

    SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)

    SRV - File not found [Auto | Stopped] -- -- (mpbjrolce)

    SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)

    SRV - File not found [Disabled | Stopped] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

    SRV - [2010/11/03 18:02:04 | 004,294,288 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)

    SRV - [2010/06/08 19:28:35 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

    SRV - [2005/04/02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

    SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

    SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Running] -- -- (avgio)

    DRV - [2011/01/03 20:56:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

    DRV - [2010/12/20 21:21:03 | 000,017,408 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ActUsb.sys -- (ActUsb)

    DRV - [2010/03/31 05:58:48 | 000,342,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)

    DRV - [2010/03/26 18:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2010/01/26 23:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)

    DRV - [2009/12/17 17:40:00 | 000,129,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)

    DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

    DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

    DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

    DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

    DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

    DRV - [2008/06/27 15:19:22 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)

    DRV - [2008/06/27 14:57:48 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)

    DRV - [2008/03/03 12:00:00 | 000,043,392 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SiSGbeXP.sys -- (SiSGbeXP)

    DRV - [2008/02/21 19:29:00 | 001,092,608 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)

    DRV - [2006/06/15 23:04:38 | 000,035,712 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)

    DRV - [2005/07/08 14:44:18 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vax347b.sys -- (vax347b)

    DRV - [2005/01/03 12:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)

    DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vax347s.sys -- (vax347s)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1269415

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minilua.com/

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll (Conduit Ltd.)

    IE - HKU\S-1-5-21-448539723-2147096177-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4

    FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5

    FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.16.12

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1

    FF - prefs.js..extensions.enabledItems: {9C9D73AE-33F5-4352-BE72-454D29416872}:0.4.4.2

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Arquivos de programas\AutocompletePro\support@predictad.com

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/21 08:21:23 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\components [2011/01/21 08:21:12 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox 4.0 Beta 8\plugins [2011/03/05 18:09:26 | 000,000,000 | ---D | M]

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions

    [2010/06/09 21:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org

    [2011/03/19 19:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions

    [2010/07/05 19:06:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2010/12/28 17:29:31 | 000,000,000 | ---D | M] ("Adicional de segurança CAIXA®") -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}

    [2011/02/12 19:39:23 | 000,000,000 | ---D | M] (ul.timate.info) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{9C9D73AE-33F5-4352-BE72-454D29416872}

    [2011/03/19 19:55:23 | 000,000,000 | ---D | M] (Download Energy Community Toolbar) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}

    [2011/03/19 19:55:23 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\engine@conduit.com

    [2010/06/02 13:14:10 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Rafael\Dados de aplicativos\Mozilla\Firefox\Profiles\t1mituak.default\extensions\firebug@software.joehewitt.com

    [2010/12/27 21:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions

    [2010/06/22 21:17:29 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Arquivos de programas\Mozilla Firefox\extensions\quickstores@quickstores.de

    [2010/12/13 07:50:18 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\ARQUIVOS DE PROGRAMAS\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER

    [2011/01/21 08:21:23 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\DADOS DE APLICATIVOS\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

    [2010/03/03 19:24:34 | 001,961,984 | ---- | M] (Total Immersion) -- C:\Arquivos de programas\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll

    [2010/06/20 12:44:04 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

    [2007/03/09 20:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: ([2011/03/23 21:09:25 | 000,000,067 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

    O1 - Hosts: 209.222.96.91 www2.bancobrasil.com.br

    O1 - Hosts: 209.222.96.92 aapj.bb.com.br

    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

    O2 - BHO: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Arquivos de programas\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (Download Energy Toolbar) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Arquivos de programas\Download_Energy\tbDown.dll (Conduit Ltd.)

    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O3 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Arquivos de programas\Orbitdownloader\GrabPro.dll ()

    O4 - HKLM..\Run: [avgnt] File not found

    O4 - HKLM..\Run: [KernelFaultCheck] File not found

    O4 - HKLM..\Run: [PATHPILOT] File not found

    O4 - HKLM..\Run: [siSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)

    O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

    O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

    O4 - HKLM..\Run: [synTPStart] C:\Arquivos de programas\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

    O4 - HKLM..\Run: [TkBellExe] C:\arquivos de programas\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

    O4 - HKLM..\Run: [WinLogT] C:\WINDOWS\WinLogT.exe (LightComm)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk = C:\Arquivos de programas\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\REALTEK RTL8187 Wireless LAN Utility.lnk = C:\Arquivos de programas\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe (Realtek Semiconductor Corp.)

    O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

    O4 - Startup: C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk = File not found

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

    O7 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

    O8 - Extra context menu item: &Download by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: &Grab video by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O8 - Extra context menu item: Down&load all by Orbit - C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found

    O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..Trusted Domains: clonewarsadventures.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..Trusted Domains: freerealms.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..Trusted Domains: soe.com ([]* in Sites confiáveis)

    O15 - HKU\S-1-5-21-448539723-2147096177-839522115-1003\..Trusted Domains: sony.com ([]* in Sites confiáveis)

    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Arquivos de programas\Yahoo!\Common\Yinsthelper.dll (Installation Support)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254

    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

    O24 - Desktop WallPaper:

    O24 - Desktop BackupWallPaper:

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2010/05/31 18:17:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/21 21:49:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Cool Record Edit Pro

    [2011/03/21 21:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\Free Sound Recorder

    [2011/03/21 21:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Free Sound Recorder

    [2011/03/21 21:45:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Free Sound Recorder

    [2011/03/21 17:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Sony Online Entertainment

    [2011/03/21 17:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\SCE

    [2011/03/21 17:18:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Sony Online Entertainment

    [2011/03/20 22:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\KM-Software

    [2011/03/20 22:19:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\GraphicX

    [2011/03/20 22:19:49 | 000,122,880 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\DirectX.cpl

    [2011/03/20 22:19:49 | 000,061,440 | ---- | C] (Rafael & ZoRoNaX) -- C:\WINDOWS\System32\Vista.Emulation.dll

    [2011/03/20 22:19:49 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\KM-Software

    [2011/03/20 22:01:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Lucasarts

    [2011/03/20 21:35:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Lego Star Wars 2

    [2011/03/20 21:16:18 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\mp3DirectCut

    [2011/03/19 19:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Conduit

    [2011/03/19 19:55:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Conduit

    [2011/03/19 19:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Download_Energy

    [2011/03/19 19:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\ConduitEngine

    [2011/03/19 19:55:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ConduitEngine

    [2011/03/19 19:55:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Download_Energy

    [2011/03/19 19:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\KatMP3Recorder

    [2011/03/19 11:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Pivot 3.0

    [2011/03/18 22:52:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages

    [2011/03/18 19:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\MP3Rocket

    [2011/03/18 19:52:10 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MP3 Rocket

    [2011/03/18 18:21:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\uTorrent

    [2011/03/18 18:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\uTorrent

    [2011/03/16 12:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\LOGS VIRUS

    [2011/03/12 10:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Tumblr

    [2011/03/10 21:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\MiniLyrics

    [2011/03/10 21:01:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Minilyrics

    [2011/03/09 15:27:32 | 000,000,000 | --SD | C] -- C:\ComboFix

    [2011/03/09 14:43:32 | 000,000,000 | ---D | C] -- C:\_OTL

    [2011/03/06 13:02:10 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/03/06 09:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2011/03/05 18:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Meus documentos\My Widgets

    [2011/03/05 17:59:04 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ydt

    [2011/03/05 13:06:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

    [2011/03/05 13:03:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

    [2011/03/05 13:03:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

    [2011/03/05 13:03:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    [2011/03/05 13:03:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

    [2011/03/05 13:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

    [2011/03/05 13:00:16 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2011/03/05 12:46:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

    [2011/03/05 12:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware

    [2011/03/05 12:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    [2011/03/05 12:46:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

    [2011/03/05 12:46:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    [2011/03/05 11:37:51 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe

    [2011/03/02 22:24:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rafael\Recent

    [2011/03/01 18:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Songr

    [2011/03/01 18:27:06 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Songr

    [2011/02/28 16:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Desktop\Mussa

    [2011/02/26 11:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Roozz

    [2011/02/26 10:37:24 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Roozz

    [2011/02/26 10:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2011/02/25 22:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Unity

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Help

    [2011/02/23 22:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\Help

    [2011/02/23 19:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2011/02/23 14:18:58 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HijackThis

    [2011/02/22 21:10:28 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

    [2011/02/22 21:10:28 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

    [2011/02/22 21:10:28 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

    [2011/02/22 21:10:28 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

    [2011/02/22 21:10:28 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

    [2011/02/22 21:09:34 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

    [2011/02/22 21:09:32 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

    [2011/02/22 21:09:32 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

    [2011/02/22 20:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe

    [2011/02/22 20:42:24 | 000,085,504 | ---- | C] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [2010/07/17 16:19:21 | 109,378,686 | ---- | C] (Oxin's Style!® ) -- C:\Documents and Settings\Rafael\Dados de aplicativos\3D Sexvilla 2.058.002 OxS!®.exe

    [2010/07/12 13:23:29 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347b.sys

    [2010/07/12 13:23:29 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\vax347s.sys

    [2010/06/02 18:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.sys

    [2004/11/24 16:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

    [7 C:\*.tmp files -> C:\*.tmp -> ]

    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/23 21:10:15 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Orbit.lnk

    [2011/03/23 21:09:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

    [2011/03/23 21:09:54 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

    [2011/03/23 21:09:54 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/23 21:09:53 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/03/23 21:09:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

    [2011/03/23 21:09:25 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

    [2011/03/23 20:57:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003UA.job

    [2011/03/23 20:54:00 | 000,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

    [2011/03/23 20:44:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/03/23 20:18:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/03/23 16:18:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/03/23 15:57:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1003Core.job

    [2011/03/22 18:45:01 | 000,093,184 | ---- | M] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2011/03/22 15:38:44 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1003.job

    [2011/03/21 22:08:25 | 000,031,280 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Fur.veg

    [2011/03/20 22:20:40 | 000,000,663 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para LegoStarWarsII.lnk

    [2011/03/20 22:19:51 | 000,023,617 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\unins000.dat

    [2011/03/20 22:19:26 | 001,205,535 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\unins000.exe

    [2011/03/20 21:23:13 | 000,374,924 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\31 - Palhaço Doçura.mp3

    [2011/03/20 16:02:39 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Google Chrome.lnk

    [2011/03/19 18:52:18 | 043,070,121 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Fur.wmv

    [2011/03/19 18:44:48 | 426,060,352 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Chapuscada.avi

    [2011/03/19 18:44:48 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Chapuscada.avi.sfl

    [2011/03/19 18:41:56 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Chupisco.avi.sfl

    [2011/03/19 18:41:17 | 000,031,080 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Fur.veg.bak

    [2011/03/19 09:49:19 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod Directory.lnk

    [2011/03/19 09:33:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini

    [2011/03/18 23:00:27 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod Dedicated Server.lnk

    [2011/03/18 23:00:27 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod.lnk

    [2011/03/18 18:21:33 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

    [2011/03/17 09:24:26 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/03/11 18:06:30 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2011/03/09 15:25:54 | 004,284,225 | R--- | M] () -- C:\Documents and Settings\Rafael\Desktop\ComboFix.exe

    [2011/03/08 17:05:16 | 000,000,067 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn

    [2011/03/08 14:31:37 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Rafael\Desktop\sXe Injected.lnk

    [2011/03/06 19:56:09 | 000,062,139 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\MussaC&I.jpg

    [2011/03/05 18:09:34 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | M] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 12:46:52 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/02 22:43:50 | 000,002,878 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

    [2011/03/01 18:27:09 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/27 16:32:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafael\Desktop\OTL.exe

    [2011/02/25 22:46:39 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 22:02:26 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/23 22:01:26 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 21:09:25 | 000,477,028 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

    [2011/02/22 21:09:25 | 000,441,018 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

    [2011/02/22 21:09:25 | 000,083,128 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

    [2011/02/22 21:09:25 | 000,071,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    [2011/02/22 20:42:18 | 000,085,504 | ---- | M] (Macromedia, Inc.) -- C:\Documents and Settings\All Users\Dados de aplicativos\Winapdonw.exe

    [7 C:\*.tmp files -> C:\*.tmp -> ]

    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/21 21:45:16 | 000,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx

    [2011/03/21 17:18:00 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\DC Universe Online Live.lnk

    [2011/03/20 22:20:40 | 000,000,663 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Atalho para LegoStarWarsII.lnk

    [2011/03/20 22:19:49 | 001,205,535 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\unins000.exe

    [2011/03/20 22:19:49 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\M2000Twn.dll

    [2011/03/20 22:19:49 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll

    [2011/03/20 22:19:49 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\glut.dll

    [2011/03/20 22:19:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\CompressATI2.dll

    [2011/03/20 22:19:49 | 000,023,617 | ---- | C] () -- C:\Arquivos de programas\Arquivos comuns\unins000.dat

    [2011/03/20 21:23:13 | 000,374,924 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\31 - Palhaço Doçura.mp3

    [2011/03/19 18:47:23 | 043,070,121 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Fur.wmv

    [2011/03/19 18:44:48 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Chapuscada.avi.sfl

    [2011/03/19 18:43:12 | 426,060,352 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Chapuscada.avi

    [2011/03/19 18:41:56 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Chupisco.avi.sfl

    [2011/03/19 18:19:40 | 000,031,280 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Fur.veg

    [2011/03/19 18:19:40 | 000,031,080 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Fur.veg.bak

    [2011/03/19 09:48:42 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod Directory.lnk

    [2011/03/18 23:00:27 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod Dedicated Server.lnk

    [2011/03/18 23:00:27 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Garry's Mod.lnk

    [2011/03/18 22:56:22 | 000,819,200 | ---- | C] () -- C:\Documents and Settings\Rafael\Desktop\Pivot 3.exe

    [2011/03/18 22:52:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

    [2011/03/18 22:52:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll

    [2011/03/18 22:52:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax

    [2011/03/18 22:52:12 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax

    [2011/03/18 22:52:11 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax

    [2011/03/18 22:52:11 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax

    [2011/03/18 22:52:09 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll

    [2011/03/18 22:52:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax

    [2011/03/18 22:52:09 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll

    [2011/03/18 22:52:09 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll

    [2011/03/18 22:52:09 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll

    [2011/03/18 18:21:33 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

    [2011/03/06 19:56:07 | 000,062,139 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\MussaC&I.jpg

    [2011/03/05 18:09:34 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Rafael\Menu Iniciar\Programas\Inicializar\Yahoo! Widgets.lnk

    [2011/03/05 17:59:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\iRODUninstall.exe

    [2011/03/05 13:06:22 | 000,261,856 | RHS- | C] () -- C:\cmldr

    [2011/03/05 13:03:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

    [2011/03/05 13:03:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

    [2011/03/05 13:03:39 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

    [2011/03/05 13:03:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

    [2011/03/05 13:03:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

    [2011/03/05 12:48:01 | 004,284,225 | R--- | C] () -- C:\Documents and Settings\Rafael\Desktop\ComboFix.exe

    [2011/03/05 12:46:52 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

    [2011/03/01 18:27:09 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Songr.lnk

    [2011/03/01 18:27:09 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Songr.lnk

    [2011/02/26 16:16:34 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:16:33 | 000,000,304 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-448539723-2147096177-839522115-1005.job

    [2011/02/26 16:13:41 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005UA.job

    [2011/02/26 16:13:39 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2147096177-839522115-1005Core.job

    [2011/02/25 22:46:39 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Rafael\Meus documentos\Meus locais de rede.lnk

    [2011/02/23 14:21:50 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\.bat

    [2011/02/22 21:10:27 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

    [2011/02/22 21:09:33 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

    [2011/02/22 21:09:32 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

    [2011/02/22 20:42:24 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\ConfDown

    [2011/02/22 14:59:00 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

    [2011/02/14 16:18:40 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat

    [2011/02/14 16:18:40 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat

    [2011/02/14 15:27:15 | 000,112,187 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp

    [2011/02/14 15:27:15 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp

    [2011/01/27 11:54:31 | 000,012,920 | ---- | C] () -- C:\WINDOWS\System32\apl001.sys

    [2011/01/27 11:54:31 | 000,010,872 | ---- | C] () -- C:\WINDOWS\System32\apf001.sys

    [2011/01/18 11:54:04 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\fusioncache.dat

    [2010/12/20 21:21:03 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\actusb.sys

    [2010/11/11 21:26:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

    [2010/11/10 21:43:07 | 000,318,536 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat

    [2010/11/06 09:16:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\Clifford Uninstall.exe

    [2010/11/06 09:12:19 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

    [2010/11/06 09:12:19 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

    [2010/11/06 09:12:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

    [2010/11/06 09:12:16 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Disney.ini

    [2010/08/19 16:05:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

    [2010/08/12 21:39:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini

    [2010/08/08 10:58:35 | 000,093,514 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105835.wmv

    [2010/08/08 10:58:07 | 000,167,188 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100808T105806.wmv

    [2010/06/23 14:27:01 | 000,441,620 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100623T142700.wmv

    [2010/06/22 20:04:59 | 000,479,170 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\video-20100622T200458.wmv

    [2010/06/03 22:31:16 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini

    [2010/06/03 22:31:10 | 000,000,305 | R--- | C] () -- C:\WINDOWS\OEM.ini

    [2010/06/02 22:10:26 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI

    [2010/06/02 19:43:48 | 000,014,681 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

    [2010/06/02 18:21:10 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\vso_ts_preview.xml

    [2010/06/02 18:20:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\inst.exe

    [2010/06/02 18:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.cat

    [2010/06/02 18:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Rafael\Dados de aplicativos\pcouffin.inf

    [2010/06/02 14:35:59 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

    [2010/06/02 14:35:41 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe

    [2010/06/02 13:16:10 | 000,163,923 | ---- | C] () -- C:\WINDOWS\System32\SiSUninstall.exe

    [2010/06/01 22:18:32 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

    [2010/06/01 21:57:48 | 000,093,184 | ---- | C] () -- C:\Documents and Settings\Rafael\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/05/31 21:46:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe

    [2010/05/31 21:23:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

    [2010/05/31 19:21:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

    [2010/05/31 18:44:16 | 000,093,362 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

    [2010/05/31 18:43:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\Progress.exe

    [2010/05/31 18:43:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin

    [2010/05/31 18:43:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin

    [2010/05/31 18:43:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin

    [2010/05/31 18:43:06 | 000,387,898 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

    [2010/05/31 18:35:52 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

    [2010/05/31 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

    [2010/05/31 18:15:11 | 000,021,844 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

    [2010/05/31 18:08:12 | 000,004,207 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

    [2010/05/31 18:07:14 | 000,238,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    [2010/01/26 23:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

    [2008/12/19 12:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

    [2008/12/17 14:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

    [2008/12/17 14:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

    [2008/12/17 14:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

    [2008/12/17 14:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

    [2008/12/17 13:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

    [2006/12/30 19:27:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

    [2006/11/02 13:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe

    [2005/06/10 10:56:06 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll

    [2005/06/10 10:55:04 | 000,123,904 | ---- | C] () -- C:\WINDOWS\System32\ZipDll.dll

    [2004/10/03 14:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

    [2004/07/28 20:19:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

    [2004/05/13 20:14:58 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\opencrypto.dll

    [2004/03/18 17:43:44 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

    [2004/01/12 17:32:52 | 000,249,910 | ---- | C] () -- C:\WINDOWS\System32\VIR_Lib.dll

    [2003/04/07 11:30:02 | 000,005,383 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    [2001/10/28 15:07:18 | 000,477,028 | ---- | C] () -- C:\WINDOWS\System32\perfh016.dat

    [2001/10/28 15:07:18 | 000,441,018 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

    [2001/10/28 15:07:18 | 000,301,776 | ---- | C] () -- C:\WINDOWS\System32\perfi016.dat

    [2001/10/28 15:07:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

    [2001/10/28 15:07:18 | 000,083,128 | ---- | C] () -- C:\WINDOWS\System32\perfc016.dat

    [2001/10/28 15:07:18 | 000,071,336 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

    [2001/10/28 15:07:18 | 000,035,178 | ---- | C] () -- C:\WINDOWS\System32\perfd016.dat

    [2001/10/28 15:07:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

    [2001/10/28 15:07:08 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

    [2001/10/28 15:06:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

    [2001/10/28 15:06:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

    [2001/10/28 15:06:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

    [2001/08/23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

    [2001/08/23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

    [2001/07/06 15:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI

    ========== LOP Check ==========

    [2011/03/18 23:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Orbit

    [2011/03/18 22:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ProgSense

    [2010/12/27 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Subversion

    [2010/07/31 17:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AlawarWrapper

    [2010/07/06 09:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software

    [2011/01/03 20:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite

    [2010/12/28 17:29:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    [2011/01/06 00:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\HouseDemo

    [2010/07/08 19:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

    [2011/03/15 16:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData

    [2010/12/15 00:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon

    [2010/06/01 21:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\page

    [2011/01/04 20:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PassMark

    [2011/01/14 18:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files

    [2010/06/21 18:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\River Past G5

    [2010/07/31 12:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Souptoys

    [2010/07/27 17:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpeedBit

    [2011/01/04 20:52:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    [2010/06/03 20:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

    [2011/03/17 14:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Orbit

    [2010/12/11 09:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\ProgSense

    [2010/10/07 20:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Arthur\Dados de aplicativos\Subversion

    [2010/11/30 19:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\abgx360

    [2010/06/17 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\AnvSoft

    [2010/06/01 22:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Atari

    [2010/09/30 19:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Audacity

    [2011/03/21 21:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Cool Record Edit Pro

    [2011/01/03 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DAEMON Tools Lite

    [2010/09/21 18:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\DMCache

    [2010/06/02 12:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Easeware

    [2010/07/17 19:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Fit3DLive

    [2011/03/21 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Free Sound Recorder

    [2011/01/24 13:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\fretsonfire

    [2011/03/01 18:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\FrostWire

    [2010/11/14 21:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GameTuts

    [2010/05/31 20:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\GrabPro

    [2011/02/26 10:30:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\id Software

    [2010/09/21 19:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IDM

    [2011/02/23 22:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Image Zone Express

    [2011/02/22 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\IObit

    [2010/06/01 22:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Leadertech

    [2010/08/21 13:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\LEGO Company

    [2011/03/18 23:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\MP3Rocket

    [2011/03/23 21:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Orbit

    [2010/12/10 21:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\ProgSense

    [2011/03/19 18:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Publish Providers

    [2010/07/17 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\QuickStoresToolbar

    [2010/06/21 15:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\River Past G5

    [2010/07/31 12:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Sony

    [2011/03/21 17:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Sony Online Entertainment

    [2010/09/30 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Souptoys

    [2010/09/16 21:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Subversion

    [2010/06/30 22:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Thunderbird

    [2011/02/23 19:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\TightVNC

    [2010/06/07 20:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Total Immersion

    [2011/01/14 17:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Uniblue

    [2011/03/18 22:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\uTorrent

    [2010/12/05 16:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\Vso

    [2010/06/02 14:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\WinBatch

    [2010/07/31 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafael\Dados de aplicativos\YoudaGames

    ========== Purity Check ==========

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • ========== OTL ==========

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\ deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3795473-6d16-11df-a17b-0090f576ecfa}\ not found.

    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3795473-6d16-11df-a17b-0090f576ecfa}\ not found.

    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3795473-6d16-11df-a17b-0090f576ecfa}\ not found.

    File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.

    ========== COMMANDS ==========

    OTL by OldTimer - Version 3.2.22.2 log created on 03232011_210839

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×