Remoção de vírus

[rodrigooab]

Fiz o procedimento em partes, não sei se vai resolver alguma coisa, mas o ComboFix está apresentando erro, segue o print

Spoiler

Já baixei outro ComboFix e apresenta a mesma coisa, o que é isso?

Agora os outros logs seguem abaixo:

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:58:40, on 28/04/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
C:\ARQUIV~1\SYMANT~1\VPTray.exe
C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Arquivos de programas\ngsrv\epsng_certd.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\FreePDF_XP\fpassist.exe
C:\Arquivos de programas\ngsrv\ngslotd.exe
C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe
C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.192.19.53:80
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (file missing)
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de programas\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\ARQUIV~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [epsng_certd] C:\Arquivos de programas\ngsrv\epsng_certd.exe -r
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Arquivos de programas\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238007160953
O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://certificacao.unibanco.com.br/VSApps/vspta3.cab
O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab
O16 - DPF: {A2CD4A80-DDA5-11D3-8DAC-0000B45FF7C8} (Controlador Class) - https://ic400.interchange.com.br/icnet/Componentes/ICWCLI.CAB
O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://cpne.bradesco.com.br/CA.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1F90C07-0CF9-4154-97A8-00B3CE36FB4D}: NameServer = 201.10.128.3,201.10.120.3
O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll
O20 - Winlogon Notify: GbPluginBb - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll (file missing)
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehuni.dll (file missing)
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: ngSlotDaemon (ngSlotD) - Feitian Technologies Co.,Ltd. - C:\Arquivos de programas\ngsrv\ngslotd.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11909 bytes

Spoiler

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 1100
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\ARQUIV~1\GbPlugin\gbpsv.exe
PID: 1404
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1536
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1624
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1724
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1828
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
PID: 1904
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
PID: 1964
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 188
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\scardsvr.exe
PID: 452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 660
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
PID: 744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\netdde.exe
PID: 748
Hidden: No
Window Visible: No

Name: C:\ARQUIV~1\SYMANT~1\VPTray.exe
PID: 792
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Symantec AntiVirus\DefWatch.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbguard.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\ngsrv\epsng_certd.exe
PID: 1136
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 128
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\FreePDF_XP\fpassist.exe
PID: 1476
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\ngsrv\ngslotd.exe
PID: 1888
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe
PID: 224
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
PID: 1040
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1572
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Symantec AntiVirus\SavRoam.exe
PID: 1880
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
PID: 2176
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 2272
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 2324
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 2328
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PID: 2436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 2460
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2720
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
PID: 3060
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
PID: 2348
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
PID: 2252
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
PID: 3260
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1804
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\User\Desktop\SysProt\SysProt\SysProt.exe
PID: 2360
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\User\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8754000
Module End: A875F000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E4000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E4000
Module End: 80704D00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9F79000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9F68000
Module End: B9F79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9F49000
Module End: B9F68000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: B9F23000
Module End: B9F49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9F0B000
Module End: B9F23000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA0D8000
Module End: BA0E1000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA0E8000
Module End: BA0F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: B9EEB000
Module End: B9F0B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9ED9000
Module End: B9EEB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9EC2000
Module End: B9ED9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9E35000
Module End: B9EC2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\gbpkm.sys
Service Name: GbpKm
Module Base: BA338000
Module End: BA33F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9E08000
Module End: B9E35000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9DEE000
Module End: B9E08000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: BA1E8000
Module End: BA1F2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: B9823000
Module End: B9DA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B980F000
Module End: B9823000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B97EA000
Module End: B980F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
Service Name: RTLE8023xp
Module Base: B97D2000
Module End: B97EA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: BA3D0000
Module End: BA3D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B97AE000
Module End: B97D2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: BA3D8000
Module End: BA3E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serial.sys
Service Name: Serial
Module Base: B979D000
Module End: B97AE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\serenum.sys
Service Name: serenum
Module Base: BA558000
Module End: BA55C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B9789000
Module End: B979D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: BA1F8000
Module End: BA203000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: BA208000
Module End: BA218000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: BA218000
Module End: BA227000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B9766000
Module End: B9789000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA7D5000
Module End: BA7D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA228000
Module End: BA235000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: BA564000
Module End: BA567000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B974F000
Module End: B9766000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA238000
Module End: BA243000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA248000
Module End: BA254000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: BA3E0000
Module End: BA3E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B973E000
Module End: B974F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA258000
Module End: BA261000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: BA3E8000
Module End: BA3ED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: BA3F0000
Module End: BA3F5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: BA5C8000
Module End: BA5CA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: BA400000
Module End: BA408000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: B970D000
Module End: B973E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BA268000
Module End: BA272000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA408000
Module End: BA40F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA410000
Module End: BA416000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\smccardc.sys
Service Name: FT12BaseSmc
Module Base: BA584000
Module End: BA588000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS
Service Name: ---
Module Base: BA590000
Module End: BA594000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA5CA000
Module End: BA5CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B968C000
Module End: B96E5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: BA594000
Module End: BA598000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA288000
Module End: BA292000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: A9145000
Module End: A95A4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: A9123000
Module End: A9145000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA298000
Module End: BA2A7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA2A8000
Module End: BA2B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA5CE000
Module End: BA5D0000
Hidden: No

Module Name: \??\C:\Arquivos de programas\Symantec AntiVirus\savrt.sys
Service Name: SAVRT
Module Base: A90A3000
Module End: A90FB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: hidusb
Module Base: B96ED000
Module End: B96F0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: BA2B8000
Module End: BA2C1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BA430000
Module End: BA437000
Hidden: No

Module Name: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS
Service Name: SymEvent
Module Base: A8FB9000
Module End: A8FDB000
Hidden: No

Module Name: \??\C:\Arquivos de programas\Symantec AntiVirus\Savrtpel.sys
Service Name: SAVRTPEL
Module Base: A8FA5000
Module End: A8FB9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: BA450000
Module End: BA457000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: A95BC000
Module End: A95C0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A95B8000
Module End: A95BB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA5EA000
Module End: BA5EC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA6B8000
Module End: BA6B9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: BA5F6000
Module End: BA5F8000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BA480000
Module End: BA486000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA602000
Module End: BA604000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA606000
Module End: BA608000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BA490000
Module End: BA495000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BA498000
Module End: BA4A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: A9103000
Module End: A9106000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: A8E1C000
Module End: A8E2F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: A8DC3000
Module End: A8E1C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Service Name: SYMTDI
Module Base: A8D88000
Module End: A8DC3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: A8D66000
Module End: A8D88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: BA2F8000
Module End: BA301000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: A8D3E000
Module End: A8D66000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: A8D1C000
Module End: A8D3E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: BA308000
Module End: BA311000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: A8CF1000
Module End: A8D1C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: A8C82000
Module End: A8CF1000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: BA318000
Module End: BA321000
Hidden: No

Module Name: \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: A8C24000
Module End: A8C82000
Hidden: No

Module Name: \??\C:\Arquivos de programas\Arquivos comuns\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Service Name: EraserUtilRebootDrv
Module Base: A8C07000
Module End: A8C24000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A8BBC000
Module End: A8BDF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: BA128000
Module End: BA138000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: BA58C000
Module End: BA58F000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA3A0000
Module End: BA3A5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA733000
Module End: BA734000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: A8A90000
Module End: A8A94000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A862F000
Module End: A8644000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: A87E4000
Module End: A87F3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A83D3000
Module End: A83FF000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Service Name: ParVdm
Module Base: BA66E000
Module End: BA670000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys
Service Name: cpuz132
Module Base: A8608000
Module End: A860C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\DgiVecp.sys
Service Name: DgiVecp
Module Base: A847F000
Module End: A848D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A823C000
Module End: A8293000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SpPortEx.sys
Service Name: SpPortEx
Module Base: BA488000
Module End: BA48E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A7D23000
Module End: A7D64000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\TDTCP.SYS
Service Name: TDTCP
Module Base: BA3B0000
Module End: BA3B6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RDPWD.SYS
Service Name: RDPWD
Module Base: A7C88000
Module End: A7CAB000
Hidden: No

Module Name: \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20100426.003\navex15.sys
Service Name: NAVEX15
Module Base: A7966000
Module End: A7AA8000
Hidden: No

Module Name: \??\C:\ARQUIV~1\ARQUIV~1\SYMANT~1\VIRUSD~1\20100426.003\naveng.sys
Service Name: NAVENG
Module Base: A7952000
Module End: A7966000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Service Name: SYMREDRV
Module Base: A7C50000
Module End: A7C5A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A7219000
Module End: A7244000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwConnectPort
Address: 8995E9E8
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwDeleteValueKey
Address: A8FCD350
Driver Base: A8FB9000
Driver End: A8FDB000
Driver Name: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS

Function Name: ZwSetValueKey
Address: A8FCD580
Driver Base: A8FB9000
Driver End: A8FDB000
Driver Name: \??\C:\Arquivos de programas\Symantec\SYMEVENT.SYS

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: COMERCIAL:1501
Remote Address: LOCALHOST:1500
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1500
Remote Address: LOCALHOST:1501
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1476
Remote Address: LOCALHOST:1473
Type: TCP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: COMERCIAL:1473
Remote Address: LOCALHOST:1476
Type: TCP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: COMERCIAL:1473
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: LISTENING

Local Address: COMERCIAL:1469
Remote Address: LOCALHOST:1468
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1468
Remote Address: LOCALHOST:1469
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1031
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe
State: LISTENING

Local Address: COMERCIAL:1726
Remote Address: CDS42.GRU9.MSECN.NET:HTTP
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: ESTABLISHED

Local Address: COMERCIAL:1724
Remote Address: 74.125.110.37:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIALPTP
Remote Address: BS-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1722
Remote Address: YO-IN-F137.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1721
Remote Address: YO-IN-F147.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1720
Remote Address: BS-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1718
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1717
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1716
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1715
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1714
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1713
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1712
Remote Address: NUQ04S01-IN-F100.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1711
Remote Address: BS-IN-F164.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1710
Remote Address: BS-IN-F164.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1709
Remote Address: NUQ04S01-IN-F100.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1705
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1704
Remote Address: BS-IN-F154.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1703
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1702
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1701
Remote Address: BS-IN-F118.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1700
Remote Address: BS-IN-F118.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1699
Remote Address: BS-IN-F118.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1698
Remote Address: BS-IN-F118.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1697
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1696
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1695
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1694
Remote Address: BS-IN-F154.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1693
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1692
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1691
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1690
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1689
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1688
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1687
Remote Address: BS-IN-F164.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1686
Remote Address: BS-IN-F154.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1682
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1681
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1680
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1679
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1678
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1677
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1669
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1667
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1664
Remote Address: BS-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1662
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1661
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1660
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1659
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1658
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1653
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1651
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1650
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1649
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1648
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1646
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1645
Remote Address: BS-IN-F86.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1643
Remote Address: BS-IN-F100.1E100.NET:HTTPS
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1639
Remote Address: BS-IN-F85.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1637
Remote Address: BS-IN-F148.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1626
Remote Address: BS-IN-F104.1E100.NET:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: COMERCIAL:1576
Remote Address: BS-IN-F100.1E100.NET:HTTP
Type: TCP
Process: C:\Arquivos de programas\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: COMERCIAL:1467
Remote Address: SN1MSG2010529.PHX.GBL:1863
Type: TCP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: ESTABLISHED

Local Address: COMERCIAL:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COMERCIAL:3389
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: COMERCIAL:GDS_DB
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Arquivos de programas\Firebird\Firebird_2_1\bin\fbserver.exe
State: LISTENING

Local Address: COMERCIAL:2967
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Arquivos de programas\Symantec AntiVirus\Rtvscan.exe
State: LISTENING

Local Address: COMERCIAL:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: COMERCIAL:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: COMERCIAL:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMERCIAL:1729
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMERCIAL:1504
Remote Address: NA
Type: UDP
Process: C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
State: NA

Local Address: COMERCIAL:1464
Remote Address: NA
Type: UDP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: COMERCIAL:1029
Remote Address: NA
Type: UDP
Process: C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
State: NA

Local Address: COMERCIAL:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMERCIAL:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMERCIAL:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COMERCIAL:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: COMERCIAL:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: COMERCIALISCARD
Remote Address: NA
Type: UDP
Process: C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
State: NA

Local Address: COMERCIAL:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COMERCIAL:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: COMERCIAL:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: E:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: E:\System Volume Information\tracking.log
Status: Access denied

Object: E:\System Volume Information\_restore{76878019-AA02-42F3-B159-42201D702097}
Status: Access denied

Object: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Messenger\rodrigoedc@hotmail.com\SharingMetadata\juliananataly@hotmail.com\DFSR\Staging\CS{1E77F5AE-2C2E-4C69-421D-C6E38EE7F0A2}\01\11-{1E77F5AE-2C2E-4C69-421D-C6E38EE7F0A2
Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{76878019-AA02-42F3-B159-42201D702097}
Status: Access denied

 

[carolgsn]

Olá Mr. Wolf...

Muito obrigada pela dica do BlockFree, daqui pra frente usarei ele... Achei o CCProxy com muita coisa pra configurar...

Com relação ao...Ele foi lá pra casa com muitos vírus... Provavelmente pelo conteúdo que estavam acessando... Antes ele estava travando muito... Mas com o antivirus e o Bankerfix, consegui tirar as infecções. Só que não tinha segurança em dizer que ele estava limpo, por isso procurei sua ajuda....

Outra coisa... Não querendo abusar, mas já abusando... rsrsrsr
Me pediram pra restringir o uso em um computador, não só bloqueio de sites, mas também horário, painel de controle, essas coisas... Já usei o WinPolicy, mas queria sua opinião... Existe um melhor ou continuo com esse?

Mtu, mtu, mtu obrigada... \o/

 

[Mr.Wolf]

Boa tarde a todos!


Opa luisednardo, tudo bem por aqui. E você, como vai?

O G-DATA é um ótimo antivirus, luisednardo. Pode ser comparado perfeitamente ao Kaspersky, NOD32, dentre outros pagos prestigiados por aí. Não me deixa supreso, vê-lo na pole position do ranking. Inclusive, acho que ele merece mais reconhecimento por parte dos internautas.

Agora, Avast! free, ou pago que seja, ser considerado melhor do que o Kaspersky, é um exagero tremendo e, com certeza, no mínimo, duvidoso. Não posso negar, o Avast! em sua versão 5 está excelente, merecedor de respeito, sem sombra de duvidas. Sobretudo, os antivirus free de hoje estão excelentes, é difícil dizer qual é o melhor; MSE, Avast! e Avira estão praticamente no mesmo patamar eu diria. Atualmente, podemos comparar um antivirus gratuito com um pago, e lhe digo mais, há muitas chances de os gratuitos darem um baile em muitos pagos.

Porém, na minha humilde opinião e experiência, não querendo dar preferência a nenhum antivirus, até porque não sou usuário de antivirus, nenhum dos gratuitos, até o momento, têm a capacidade de detecção e remoção de nomes como Kaspersky, NOD32, G-DATA e Norton 2010. Há os que dizem que o "Avira detectou ameaças que o Kaspersky não detectou", entretanto, isto é óbvio, cada antivirus pode detectar uma ameaça diferente, isso é comum no mundo antiviral — salientando que NENHUM deles é 100% eficaz — ainda mais hoje, tempo em que os antivirus não estão conseguindo mais acompanhar o crescente aumento dos malwares. Por isso, é fundamental o uso de programas adicionais, além de o principal, o bom senso do usuário.

Não confiei muito neste teste de fevereiro da Av-Comparatives, não só pelo fato de o Avast! estar acima do KAS, de forma alguma, isso pode acontecer, oras! Por outros motivos. Aliás, não costumo observar testes comparativos, porque se formos nos basear nos resultados, a cada mês estaremos com um antivirus diferente.

Todavia, os testes realizados foram de taxas de detecção, falsos positivos e velocidade do scan. É bom lembrar que existem outros setores importantes para se analisar em um antivirus.

________________________________________

Realmente, não baixei-o do site oficial da Avast, burrada minha. Mas pra ser bem sincero, dificilmente caminho até o site oficial de algum programa para baixá-lo. Procuro preguiçosamente sempre baixar de sites que hospedam-o.

Não me preocupei porque como eu disse, sempre faço essa idiotice de confiar em qualquer link que esteja num tutorial.

Isto, provavelmente, influenciou, e muito, no problema, amigo Mauricio.

Volto a frisar, façam downloads somente a partir dos sites oficiais.

Recebi com sucesso seu e-mail contendo o anexo zipado. Não tive tempo para analisá-lo corretamente porque a demanda de serviços aqui está intensa, mas farei ainda esta semana, pode ficar tranquilo. No mais tardar, sexta-feira, já lhe darei um parecer, se não se importar de aguardar até lá.

Contudo, apenas olhando o tamanho do instalador que utilizou, deu para perceber que não é o oficial. O tamanho do executável original do Avast! tem exatamente 46.2 MB. O instalador suspeito possui, nada mais nada menos, que 103.8 MB. Uma diferença grotesca.

________________________________________


rodrigooab, temos um enorme problema aí.

Ao que tudo indica, seu PC está contaminado por um File Infector (ou Virus Polimórfico) chamado Virut. É uma das pragas existentes mais difíceis de remover, pois contamina arquivos .exe, .scr, .htm e .html legítimos do sistema, inclusive, é o pior e mais danoso File Infector que há. Seu sistema está tão infectado que as sequelas deixadas por uma possível tentativa de desinfecção poderão afetar seriamente o seu funcionamento. Em casos de infecção pelo Virut, e por qualquer outro File Infector, a recomendação mais adequada é a formatação, porque, mesmo depois de limpa, a máquina possivelmente continuará apresentando instabilidade.

Antes que me pergunte, sim, existem meios de remoção desta praga. Mas nenhuma é garantida. Ainda assim, se for pesquisar na web, o índice de usuários que tiveram sucesso na remoção do Virut soma apenas em 30%, de 100% dos casos estudados.

Portanto, duas perguntas a serem feitas a você, que é a vítima:

1 - Este PC é pessoal ou é do serviço?
2 - Prefere tentar a remoção ou formatar o disco?

Esta dificuldade em removê-lo reside no fato de que ele infecta arquivos legítimos, como eu expliquei anteriormente, logo, os arquivos em si não podem ser deletados, mas sim desinfectados. Assim sendo, esta praga consegue resistir à diversas ferramentas cujas são utilizadas em sua descontaminação, por agregar-se em ficheiros cruciais do sistema operacional.

Optando ou não pela remoção do vírus, me avise. Pois em ambos os casos, há medidas preventivas a serem tomadas, tanto antes de removê-lo por meios de ferramentas, quanto antes da formatação (caso decida por esta opção), como o backup, por exemplo, que deverá ser feito com cautela para não reinfectar a máquina após a reinstalação do sistema.

________________________________________


carolgsn, o WinPolicy é excelente. Não há motivo algum para precisar de outro, a não ser que ele não esteja atentendo às suas expectativas. Recomendo, sim, o WP.

:thumbs_up

 

[carolgsn]

Olá Mr. Wolf,

Ele está me atendendo sim e muito bem... Qdo precisei, me ajudou a resolver umas requemas... rsrsrs
Deixa eu te perguntar uma coisa.. Eu posso usar o CCProxy e tb o blokfree? Pois o CCproxy não está funcionando direito o filtro por palavras... e o blokfree, eu consigo bloquear só 12 palavras...
Mtu obrigada mais uma vez pela atenção e pela ajuda...
Continue sempre fazendo esse trabalho bacana... Você ajuda mtas pessoas...

Parabéns!!!!

Carol

 

[Tosko]

Fala amigo MR. Wolf, andou sumido neh. Bem vindo de volta. Segue meu scan, peguei um .rar que eu axo que tinha backdoor e keylogger. Da um olho no meu scan ai plz.

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 21:19:06, on 28/04/2010
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\VibrateGameDeviceDriver\rfpicon.exe
C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Olivio\Documents\Download\PC\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Program DJ] "C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Vlw

 

[Mauricio Fabiano]

Caro Mr.Wolf

O pior é que nem me preocupei com o tamanho do arquivo. Olha pra vc ver o quao ignorante eu era. Eu costumo sempre deixar baixando enquanto vou fazendo outras coisas no Micro. Não curto muito esse negócio de ficar baixando jogos, o único que jogo aqui pra não falar que não jogo nada, é o Gran Turismo que tenho em Cd, nem no Micro está. Eu uso o Micro mais para preparar planilhas e documentos do word para a Faculdade e pro trampo.

Mas Mr.Wolf, não esquente a cabeça. Sem pressa. Analise quando der e poder. Sem guerra, relaxa. vc já está fazendo demais que é analisar o arquivo.

Enquanto isso vou usando o Micro da minha irmã aqui que é o que estou agora e o meu fica de repouso até lá.

Desde já agradeço sua boa vontade e atenção com meu caso. A partir de hoje baixarei apenas programas dos sites oficiais. Teve que acontecer uma porcaria assim pra eu aprender né.

Atenciosamente,
Aguardo seu retorno quando der

Mauricio

 

[rodrigooab]

rodrigooab, temos um enorme problema aí.

Ao que tudo indica, seu PC está contaminado por um File Infector (ou Virus Polimórfico) chamado Virut. É uma das pragas existentes mais difíceis de remover, pois contamina arquivos .exe, .scr, .htm e .html legítimos do sistema, inclusive, é o pior e mais danoso File Infector que há. Seu sistema está tão infectado que as sequelas deixadas por uma possível tentativa de desinfecção poderão afetar seriamente o seu funcionamento. Em casos de infecção pelo Virut, e por qualquer outro File Infector, a recomendação mais adequada é a formatação, porque, mesmo depois de limpa, a máquina possivelmente continuará apresentando instabilidade.

Antes que me pergunte, sim, existem meios de remoção desta praga. Mas nenhuma é garantida. Ainda assim, se for pesquisar na web, o índice de usuários que tiveram sucesso na remoção do Virut soma apenas em 30%, de 100% dos casos estudados.

Portanto, duas perguntas a serem feitas a você, que é a vítima:

1 - Este PC é pessoal ou é do serviço?
2 - Prefere tentar a remoção ou formatar o disco?

Esta dificuldade em removê-lo reside no fato de que ele infecta arquivos legítimos, como eu expliquei anteriormente, logo, os arquivos em si não podem ser deletados, mas sim desinfectados. Assim sendo, esta praga consegue resistir à diversas ferramentas cujas são utilizadas em sua descontaminação, por agregar-se em ficheiros cruciais do sistema operacional.

Optando ou não pela remoção do vírus, me avise. Pois em ambos os casos, há medidas preventivas a serem tomadas, tanto antes de removê-lo por meios de ferramentas, quanto antes da formatação (caso decida por esta opção), como o backup, por exemplo, que deverá ser feito com cautela para não reinfectar a máquina após a reinstalação do sistema.

1. Esse PC é do serviço.
2. No momento eu prefiro tentar a remoção, não quero formatá-lo por agora.

 

[Mr.Wolf]

Boa tarde!


carolgsn, pode usá-los em conjunto, sim. Se isto não vier a interferir no desempenho do sistema e da conexão, não há problemas.

Caso esteja utilizando a versão trial do CCProxy, pode ser este o motivo de o "filtro por palavras" não estar funcionando. Infelizmente, o mesmo ocorre com o BlockFree, somente as versões pagas do software permitem filtrar mais de doze palavras na lista de bloqueios. Recomendei o uso do BlockFree pois imaginei que queria restringir acesso apenas a conteúdo adulto, e nesta ocasião, doze palavras é mais que o suficiente.

Se procura por um software que filtre inúmeras palavras sem limite de restrição, acho difícil conseguir um 100% freeware, pelo menos eu desconheço. Porém, sei uma outra maneira de fazer estes bloqueios ilimitadamente, mas, no caso, você precisaria do Windows Server 2003 ou 2008, ou Linux.

Se um outro amigo aqui do fórum souber de algum software gratuito que bloqueie sites sem exigir limite de palavras, peço que cante a pérola aqui no tópico, ou envie uma MP à nossa amiga, carolgsn. Eu conheço apenas meios alternativos.

Obrigado pelos parabéns, Carol.

_____________________________________


Opa tosko, como vai? Fiquei um tempo ausente do fórum mesmo, por motivos profissionais.

tosko, foi você quem instalou o Messenger_Plus_Live_Brazil? Este programa foi listado no blacklist de certas empresas de segurança por praticar atividades que costumamos chamar de "espionagem virtual" — spyware.

O log está limpo. Mas, vamos fazer uma análise mais aprofundada para averiguar se não há outro aplicativo relacionado ao Messenger_Plus_Live_Brazil.

Siga abaixo:

Spoiler

- Faça o download do RSIT e salve no seu desktop;

● Dê dois cliques em RSIT.exe para executar o programa;
● Na janela que abrir clique no botão Continue para que a ferramenta comece a rodar;
● Quando a ferramenta terminar de rodar, abrirá um log automaticamente no bloco de notas contendo o resultado do scan. Cole o resultado desse log (log.txt) na sua próxima resposta;
● Cole também o conteúdo do arquivo info.txt que estará em C:\rsit\info.txt.

_____________________________________


rodrigooab, se prefere optar pela remoção, vamos tentar. Logo adianto que nada disso que faremos garantirá a desinfecção do Virut.

Siga abaixo:

Spoiler

É importante seguir cada instrução à risca, para que tenhamos sucesso. Se uma não der certo, pule para a outra.

1ª Etapa

Vá em Iniciar > Executar, digite sysdm.cpl e dê um OK (ou apenas clique com o direito do mouse em Meu Computador > Propriedades). Clique na aba Restauração do Sistema, marque "Desativar restauração do sistema" > OK.

Mantenha o recurso desativado por enquanto.


2ª Etapa

Baixe as ferramentas abaixo:

Dr.Web CureIt (executável)
Dr.Web Live CD (ISO)
Kaspersky AVP Tool

OBS: O correto, é fazer o scan com o Dr.Web no boot do sistema, pois deste modo, a infecção não conseguirá resistir. No entanto, para que isso se concretize, você deverá gravá-lo em um CD ou DVD virgem, setar a BIOS para dar boot pelo CD-ROM Drive (dependendo de sua placa-mãe, o nome da opção é diferente), e bootar com a mídia gravada.

Se tiver possibilidade de fazer isto, ótimo. Basta gravar o arquivo ISO na mídia, com qualquer programa de gravação, como o Nero, por exemplo, ou outro de sua preferência, e dar o boot. O resto é com o programa.


3ª Etapa

Após baixar as ferramentas, anote as instruções em um Bloco de Notas a partir daqui.

Desconecte o PC da Internet e desligue o modem, roteador, HUB, Switch, ou qualquer outro equipamento que possua aí na empresa, que possibilita a conexão de computadores em redes.

Isto é importante porque o Virut consegue se comunicar com redes zumbis, e se isto prevalecer, novos malwares serão recriados a cada arquivo desinfectado.

Mas, se não puder desconectar-se, faça com ele conectado mesmo.


4ª Etapa

Utilizando o Dr.Web

Se for utilizar o Live CD, apenas dê o boot e siga as instruções na tela, curando as infecções que forem sendo encontradas.

Se for utilizar o aplicativo executável, faça isto:

- Feche todas as janelas abertas. Dê um duplo clique em drweb-cureit.exe, clique em Iniciar. Surgirá uma mensagem perguntando se deseja "iniciar a verificação expresso" clique em Sim para iniciar a verificação;
- Isto fará a varredura dos arquivos que estão atualmente em execução na memória e quando algo for encontrado, clique no botão Sim, quando ele perguntar se você deseja curá-lo;
- Ao término da verificação expresso, marque todas as unidades que serão verificadas pelo programa. Um ponto vermelho indica quais unidades foram escolhidas;
- Clique na seta verde à direita para iniciar o scan. Clique em "Sim para todos", se perguntar se quer curar/mover o arquivo;
- Ao término do exame, no menu, clique em Arquivo e escolha salvar relatório lista. Salve o relatório em seu desktop. O relatório será chamado de DrWeb.csv;
- Feche Dr.Web Cureit.



5ª Etapa

Utilizando o Kaspersky Removal Tool

Esta é a etapa mais demorada, pode levar de 3 à 6 horas, senão mais, dependendo do tamanho do HD, e é recomendável que não interrompa o scan no meio. Portanto, sugiro que faça esta instrução quando o PC puder permanecer um bom tempo ligado, creio que não será difícil, pois trabalha em uma empresa, a não ser que trabalhe meio período.

● Dê um duplo clique no setup e instale o programa.
● Após a instalação, o programa será executado. Caso não seja, execute-o.
● Na tela inicial, marque todas as caixas de seleção e clique sobre a opção Recommended > Settings. Veja como fazer na imagem abaixo:

● Ao abrir a outra janela, na aba Scope, marque a opção configure como mostra a imagem:

● Clique na aba Additional e configure conforme a imagem, atentando-se para todos os detalhes da configuração:

● Clique no botão OK, lá embaixo da janela, para retornar à tela incial.
● Clique no botão Start Scan para iniciar o scan.
● Seja paciente, o scan pode demorar bastante.
● Ao longo do scan, a ferramenta poderá ir se deparando com infecções e/ou vulnerabilidades, e nisso, apresentará a você, no canto inferior direito do desktop, uma janela com opções de escolha para remover ou manter os arquivos encontrados.
● Se a janela que se abrir for vermelha, trata-se de uma infecção. Clique no botão Delete para remover o arquivo.
● Se a janela que se abrir for verde normal, é uma vulnerabilidade (provavelmente de programas desatualizados ou algo do gênero). Clique no botão Skip para manter o arquivo.
● Ao término do scan, clique em Reports, na tela inicial.
● Clique no "+" ao lado de Autoscan para expandir a lista.

● Tecle Ctrl + A para selecionar tudo e depois Ctrl + C para copiar.
● Cole este texto no Bloco de Notas e salve no desktop com a extensão .txt.
● Clique em Exit para fechar o programa. Ao ser perguntado se deseja desinstalar o programa, clique em Yes.
● Se for necessário reiniciar o PC, reinicie-o.

Poste os relatórios do Removal Tool e do Dr.Web em sua próxima resposta.

 

[Tosko]

Segue os logs.

Spoiler

Logfile of random's system information tool 1.06 (written by random/random)
Run by Olivio at 2010-04-29 16:32:01
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 15 GB (10%) free of 153 GB
Total RAM: 4090 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:32:10, on 29/04/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Program DJ\Wireless Switch\wlss.exe
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files (x86)\VibrateGameDeviceDriver\rfpicon.exe
C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Olivio\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Olivio.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll
O4 - HKLM\..\Run: [WLSS] C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [Program DJ] "C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GCTray] C:\Program Files\Program DJ\Green Charger\GCTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11611 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Click Maintenance.job
C:\Windows\tasks\User_Feed_Synchronization-{D0E7B393-FA1E-4EE2-8E6F-255FF8F112DD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Facilitador de Leitor de Link Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-04-02 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Auxiliar de Conexão do Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}]
Messenger Plus Live Brazil Toolbar - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll [2010-03-09 2355224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - Messenger Plus Live Brazil Toolbar - C:\Program Files (x86)\Messenger_Plus_Live_Brazil\tbMess.dll [2010-03-09 2355224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WLSS"=C:\Program Files (x86)\Program DJ\Wireless Switch\WLSS.exe [2008-05-09 951592]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"RemoteControl"=C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [2007-01-08 68640]
"LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"RTBatteryMeter"=C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"Program DJ"=C:\Program Files (x86)\Program DJ\Program DJ\ProgramDJ.exe [2008-06-11 869672]
"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2009-07-24 118624]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"GCTray"=C:\Program Files\Program DJ\Green Charger\GCTray.exe [2008-06-10 720384]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-04-02 40368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-04-07 138240]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-07 1555968]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Olivio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableInstallerDetection"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f0beb2f-9e57-11de-9a4d-001eec5599ab}]
shell\AutoRun\command - E:\wfx062.exe
shell\open\command - E:\wfx062.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e9de5b-41b8-11df-819f-001eec5599ab}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e9de64-41b8-11df-819f-001eec5599ab}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{267c69fe-2dd6-11de-816e-001eec5599ab}]
shell\AutoRun\command - rundll32 system.dll,MainBegin
shell\Explore\command - rundll32 system.dll,MainBegin
shell\Open\command - rundll32 system.dll,MainBegin

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{267c6a04-2dd6-11de-816e-001eec5599ab}]
shell\AutoRun\command - rundll32 system.dll,MainBegin
shell\Explore\command - rundll32 system.dll,MainBegin
shell\Open\command - rundll32 system.dll,MainBegin

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c516c29-c40a-11de-bc15-806e6f6e6963}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b184ad-c007-11dd-9c21-001eec5599ab}]
shell\AutoRun\command - E:\m9ma.exe
shell\explore\command - E:\m9ma.exe
shell\open\command - E:\m9ma.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c1463c2-daed-11de-b89b-001eec5599ab}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350\system.exe
shell\open\command - RECYCLER\S-1-5-21-1254416572-1263425100-317347820-0350\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e637b9-1ff3-11de-abb0-001eec5599ab}]
shell\1\command - E:\Recycled.exe
shell\AutoRun\command - E:\Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95e6393a-1ff3-11de-abb0-001eec5599ab}]
shell\AutoRun\command - E:\60k281bl.com
shell\explore\command - E:\60k281bl.com
shell\open\command - E:\60k281bl.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f05b0cd-b764-11de-8dbc-001eec5599ab}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f05b124-b764-11de-8dbc-001eec5599ab}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd95104d-abb2-11de-9ce8-001eec5599ab}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd951050-abb2-11de-9ce8-001eec5599ab}]
shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e83a6701-bffc-11dd-9388-001eec5599ab}]
shell\auto\command - explorer.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explorer.exe


======List of files/folders created in the last 1 months======

2010-04-29 16:32:01 ----D---- C:\rsit
2010-04-26 17:19:13 ----D---- C:\Program Files (x86)\Perfect World
2010-04-06 17:16:47 ----D---- C:\Program Files (x86)\VIVO INTERNET

======List of files/folders modified in the last 1 months======

2010-04-29 16:32:10 ----D---- C:\Windows\Prefetch
2010-04-29 16:32:09 ----D---- C:\Program Files (x86)\trend micro
2010-04-29 16:32:01 ----D---- C:\Windows\Temp
2010-04-29 16:31:48 ----D---- C:\Users\Olivio\AppData\Roaming\uTorrent
2010-04-29 00:14:51 ----SHD---- C:\System Volume Information
2010-04-27 18:13:54 ----D---- C:\Windows\System32
2010-04-27 18:13:54 ----D---- C:\Windows\inf
2010-04-26 17:19:13 ----D---- C:\Program Files (x86)
2010-04-26 09:20:18 ----D---- C:\Program Files (x86)\JDownloader
2010-04-25 23:06:53 ----SHD---- C:\Windows\Installer
2010-04-25 23:06:53 ----HD---- C:\Config.Msi
2010-04-25 23:06:53 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2010-04-17 10:13:09 ----D---- C:\Windows\SysWOW64
2010-04-14 21:44:49 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-04-14 21:31:52 ----D---- C:\Program Files (x86)\SystemRequirementsLab
2010-04-14 06:19:35 ----RSD---- C:\Windows\assembly
2010-04-14 06:18:54 ----D---- C:\Windows

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys []
R3 CmBatt;Driver de Bateria do Método de Controle ACPI da Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [2008-03-17 21120]
R3 HdAudAddService;Driver de Função Microsoft 1.1 UAA para Serviço de High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ; C:\Windows\system32\DRIVERS\NETw5v64.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys []
R3 usbvideo;Dispositivo de vídeo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
S3 BthEnum;Driver de Bloqueio de Solicitação Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Dispositivo Bluetooth (Rede Pessoal); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BthPort;Driver de Porta Bluetooth; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Driver USB de Rádio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 btwaudio;Dispositivo de áudio Bluetooth; C:\Windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\Gravity\Ragnarok Online\GameGuard\dump_wmimmc.sys []
S3 DynCal;Dynamic Calibration Service; C:\Windows\system32\drivers\Dyncal.sys [2004-09-12 8320]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 MSKSSRV;Proxy de serviço de streaming Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy do relógio de streaming Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gerenciador de qualidade de streaming Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Conversor em T entre Coletores de streaming Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 npkcrypt;npkcrypt; \??\C:\Program Files (x86)\Gravity\Ragnarok Online\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\C:\Program Files (x86)\Gravity\Ragnarok Online\npkycryp.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-03 4682]
S3 NTIDrvr;NTIDrvr; \??\C:\Program Files (x86)\NewTech Infosystems\NTI CD & DVD-Maker 7\NTIDrvr.sys []
S3 RFCOMM;Dispositivo Bluetooth (TDI de Protocolo RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 SSNDIS5a64;SSNDIS5a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\SSNDIS5a64.sys []
S3 usbaudio;Driver de áudio USB (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-04-07 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-10-30 776744]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-04-07 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-04-30 1371136]
R2 hpqddsvc;Serviço de Descoberta de dispositivos CUE HP; C:\Windows\system32\svchost.exe [2008-04-07 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [2009-07-24 199008]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-23 66872]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-04-30 826368]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-08 171040]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe []
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-04-07 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-04-07 21504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-04-07 21504]
S3 aspnet_state;Serviço de estado do ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-04-07 93696]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-04-07 19968]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe []
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-04-07 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-04-07 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

Spoiler

info.txt logfile of random's system information tool 1.06 2010-04-29 16:32:11

======Uninstall list======

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.2.2 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A82000000003}
Arquivo do WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Assistente de Conexão do Windows Live-->MsiExec.exe /I{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {717C9095-8AAE-41CB-B046-BD6E8399F4F3}
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {5016CB22-B9A7-44FB-AA72-AF28B27B15EA}
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}
Atualização do produto Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {7297E3A9-FCD4-4E0E-A306-7A90359E50E3}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Delete FXP Files Classic-->MsiExec.exe /X{D3E29D5A-B772-4578-9075-4272569504E2}
EVEREST Ultimate Edition v4.50-->"C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Green Charger-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{73D7F26F-A650-49F3-9928-AD204673797C}
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" -l0x9 -removeonly
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
K-Lite Codec Pack 3.8.0 Full-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\tv_enua.inf, Uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Meeting Secretary-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{B25D4EF9-CC92-4405-9353-BBD4C687BF7C}
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Messenger_Plus_Live_Brazil Toolbar-->C:\PROGRA~2\MESSEN~2\UNWISE.EXE /U C:\PROGRA~2\MESSEN~2\INSTALL.LOG
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{F112F66E-25CA-42DD-983C-6118EB38F606}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0416-1000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {02A880E2-B8B9-4BF5-8822-EA1374734E2E}
Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0416-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {75EBE365-7FC5-4720-A7D3-804BF550D1BC}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}
Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.6.3)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 9-->C:\Program Files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
ObjectDock Plus-->C:\PROGRA~2\Stardock\OBJECT~1\objectdock.exe /uninstall
ObjectDock-->C:\PROGRA~2\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~2\Stardock\OBJECT~1\INSTALL.LOG
OpenAL-->"C:\Program Files (x86)\OpenAL\OalinstGridRelease.exe" /U
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Program DJ-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{EF2A95D9-C159-4779-A564-12E58D3CD8D7}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0416 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
System Requirements Lab-->C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
System Requirements Lab-->MsiExec.exe /I{9E1BAB75-EB78-440D-94C0-A3857BE2E733}
TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Unity Web Player-->C:\Program Files (x86)\Unity\WebPlayer\Uninstall.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb973514)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {03B11C77-336F-43B4-9B43-79890BA84504}
VibrateGameDeviceDriver-->MsiExec.exe /I{E6FC9938-1B6E-41F6-98BD-ECD70C371DBE}
Win AVI HelixSDK-->"C:\Program Files (x86)\WinAVI\WinAVI Video Converter 9.0\HelixSDK\unins000.exe"
WinAVI Video Converter 9.0-->"C:\Windows\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files (x86)\WinAVI\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows 7 Upgrade Advisor-->MsiExec.exe /I{4AEFA609-87D4-4964-B650-03EC904E673E}
Windows Live Call-->MsiExec.exe /I{32BC546A-8AA3-4239-AE92-9CF3291C35A6}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F2CD4651-F948-467C-B014-71FD981B7F59}
Windows Live Galeria de Fotos-->MsiExec.exe /X{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}
Windows Live Mail-->MsiExec.exe /I{74AD1846-2010-4FB1-8E24-B6F2B87150C2}
Windows Live Messenger-->MsiExec.exe /X{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}
Windows Live Movie Maker-->MsiExec.exe /X{24F3CA05-14C6-4D1D-BED8-6E4F61EF1B0E}
Windows Live OneCare safety scanner-->"C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sync-->MsiExec.exe /X{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}
Windows Live Toolbar-->MsiExec.exe /X{624DEAA0-B27D-444B-8BFE-70622B318A4A}
Windows Live Writer-->MsiExec.exe /X{9555B4ED-09A3-4722-8E8C-57A49401D059}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Wireless Switch-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23BDF7D8-C353-4BA8-8567-814F91332CEA}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Olivio-PC
Event Code: 7036
Message: O serviço Provedor de Cópia de Sombra de Software da Microsoft entrou no estado interrompido.
Record Number: 107755
Source Name: Service Control Manager
Time Written: 20100429031559.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 4226
Message: TCP/IP alcançou o limite de segurança imposto sobre o número de tentativas de conexão TCP simultâneas.
Record Number: 107756
Source Name: Tcpip
Time Written: 20100429033319.197000-000
Event Type: Aviso
User:

Computer Name: Olivio-PC
Event Code: 6013
Message: O tempo de ativação do sistema é 150776 segundos.
Record Number: 107757
Source Name: EventLog
Time Written: 20100429150000.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 1
Message: A hora do sistema mudou de 2010-04-29T15:34:34.101Z para 2010-04-29T15:34:30.698Z.
Record Number: 107758
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20100429153434.102903-000
Event Type: Informações
User: AUTORIDADE NT\LOCAL SERVICE

Computer Name: Olivio-PC
Event Code: 1
Message: A hora do sistema mudou de 2010-04-29T15:34:34.104Z para 2010-04-29T15:34:34.105Z.
Record Number: 107759
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20100429153434.104000-000
Event Type: Informações
User: AUTORIDADE NT\LOCAL SERVICE

=====Application event log=====

Computer Name: Olivio-PC
Event Code: 8224
Message: O serviço VSS está sendo desligado devido ao tempo limite ocioso.
Record Number: 28069
Source Name: VSS
Time Written: 20100428040027.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 8194
Message: Ponto de restauração criado com êxito (Processo = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descrição = Ponto de Verificação Agendado).
Record Number: 28070
Source Name: System Restore
Time Written: 20100429030959.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 8211
Message: Ponto de restauração agendado criado com êxito.
Record Number: 28071
Source Name: System Restore
Time Written: 20100429030959.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 8224
Message: O serviço VSS está sendo desligado devido ao tempo limite ocioso.
Record Number: 28072
Source Name: VSS
Time Written: 20100429031258.000000-000
Event Type: Informações
User:

Computer Name: Olivio-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 28073
Source Name: LightScribeService
Time Written: 20100429193211.000000-000
Event Type: Informações
User:

=====Security event log=====

Computer Name: Olivio-PC
Event Code: 4634
Message: Foi efetuado o logoff de uma conta.

Requerente:
Identificação de segurança: S-1-5-21-138479891-4196374832-3307178018-1000
Nome da conta: Olivio
Domínio da conta: Olivio-PC
Identificação de logon: 0x34d3047

Tipo de logon: 7

Este evento é gerado quando uma sessão de logon é destruída. Ele pode ser positivamente correlacionado com um evento de logon, utilizando o valor Identificação de logon. As identificações de logon são exclusivas apenas entre as reinicializações do mesmo computador.
Record Number: 45841
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429161528.378000-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Olivio-PC
Event Code: 4648
Message: Tentativa de logon com uso de credenciais explícitas.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: OLIVIO-PC$
Domínio da conta: MPNET
Identificação de logon: 0x3e7
Identificação de logon: {00000000-0000-0000-0000-000000000000}

Conta cujas credenciais foram utilizadas:
Nome da conta: Olivio
Domínio da conta: Olivio-PC
GUID de logon: {00000000-0000-0000-0000-000000000000}

Servidor de destino:
Nome do servidor de destino: localhost
Informações adicionais: localhost

Informações do processo:
Identificação do processo: 0x37c
Nome do processo: C:\Windows\System32\winlogon.exe

Informações da rede:
Endereço da rede: 127.0.0.1
Porta: 0

Este evento é gerado quando um processo tenta efetuar o logon em uma conta, especificando explicitamente suas credenciais. Comumente, ele ocorre em configurações do tipo lote como em tarefas programadas, ou quando se utiliza o comando RUNAS.
Record Number: 45842
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429191506.595000-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Olivio-PC
Event Code: 4624
Message: O logon de uma conta foi efetuado com sucesso.

Requerente:
Identificação de segurança: S-1-5-18
Nome da conta: OLIVIO-PC$
Domínio da conta: MPNET
Identificação de logon: 0x3e7

Tipo de logon: 7

Novo logon:
Identificação de segurança: S-1-5-21-138479891-4196374832-3307178018-1000
Nome da conta: Olivio
Domínio da conta: Olivio-PC
Identificação de logon: 0x377a756
GUID de logon: {00000000-0000-0000-0000-000000000000}

Informações do processo:
Identificação do processo: 0x37c
Nome do processo: C:\Windows\System32\winlogon.exe

Informações da rede:
Nome da estação de trabalho: OLIVIO-PC
Endereço da rede de origem: 127.0.0.1
Porta de origem: 0

Informações detalhadas da autenticação:
Processo de logon: User32
Pacote de autenticação: Negotiate
Serviços transitados: -
Nome do pacote (somente NTLM): -
Comprimento da chave: 0

Este evento é gerado quando uma sessão de logon é criada. Ele é gerado no computador acessado.

Os campos do assunto indicam a conta do sistema local que solicitou o logon. Comumente, isto é um serviço como o de servidor ou um processo local como Winlogon.exe ou Services.exe.

O campo tipo de logon indica o tipo de logon ocorrido. Os tipos mais comuns são 2 (interativo) e 3 (em rede).

Os campos Novo logon indicam as contas para a qual o novo logon foi criada, isto é, a conta na qual o logon foi efetuado.

Os campos de rede indicam onde a solicitação de logon remoto se originou. O nome da estação de trabalho nem sempre está disponível e pode ser deixado em branco em alguns casos.

Os campos de informações de autenticação fornecem informações detalhadas sobre esta solicitação específica de logon.
-O GUID de logon é um identificador exclusivo que pode ser usado para correlacionar este evento com um evento de KDC.
- Serviços transitados indicam qual serviço intermediário participou desta solicitação de logon.
- Nome de pacote indica qual subprotocolo foi usado, entre os protocolos NTLM.
- Comprimento da chave indica o comprimento da chave da sessão gerada. Ele será 0 se nenhuma chave de sessão foi solicitada.
Record Number: 45843
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429191506.595000-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Olivio-PC
Event Code: 4672
Message: Privilégios especiais atribuídos a um novo logon.

Requerente:
Identificação de segurança: S-1-5-21-138479891-4196374832-3307178018-1000
Nome da conta: Olivio
Domínio da conta: Olivio-PC
Identificação de logon: 0x377a756

Privilégios: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 45844
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429191506.595000-000
Event Type: Sucesso da Auditoria
User:

Computer Name: Olivio-PC
Event Code: 4634
Message: Foi efetuado o logoff de uma conta.

Requerente:
Identificação de segurança: S-1-5-21-138479891-4196374832-3307178018-1000
Nome da conta: Olivio
Domínio da conta: Olivio-PC
Identificação de logon: 0x377a756

Tipo de logon: 7

Este evento é gerado quando uma sessão de logon é destruída. Ele pode ser positivamente correlacionado com um evento de logon, utilizando o valor Identificação de logon. As identificações de logon são exclusivas apenas entre as reinicializações do mesmo computador.
Record Number: 45845
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100429191506.596000-000
Event Type: Sucesso da Auditoria
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2

-----------------EOF-----------------

Vlw

 

[Mr.Wolf]

tosko, seu log está infectado por worms de mídias removíveis, pen drive, MP3, iPhone e outros.

Siga abaixo:

Spoiler

● Desative seu Avira temporariamente, para não detectar a ferramenta como ameaça. Não se preocupe, o aplicativo é 100% seguro!

● Faça o download do UsbFix e salve-o no desktop.

● Dê um duplo clique no ícone do UsbFix criado no desktop para executá-lo;
● Na tela inicial, pressione a tecla P e tecle Enter.
● Insira todas as mídias removíveis que você tiver na porta USB do PC e deixe-as até o final de dos procedimentos abaixo;
● Na outra tela, pressione 2 e dê um Enter para prosseguir;
● Aparecerá duas mensagens nas quais você clicará em OK > OK:
● O PC será reiniciado. Mantenha o dispositivo no local. Não remova!
● Ao reiniciar o PC, a ferramenta será executada automaticamente. Caso apareça mensagens de seu antivirus alertando arquivos suspeitos, ignore os alertas, pois trata-se de um falso-positivo. Apenas aguarde, sem mover o mouse ou usar o teclado;
● Aguarde o scan de incialização ser concluido;
● Será aberto o log no Bloco de Notas automaticamente. O log também estará em C:\Usbfix.txt.

Poste este log em sua próxima resposta.

 

[Tosko]

Segue o log.

Spoiler

############################## | UsbFix V6.110 |

User : Olivio (Administradores) # OLIVIO-PC
Update on 29/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:11:42 | 29/04/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
Microsoft® Windows Vista™ Ultimate (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Local Fixed Disk # 149,05 Go (14,73 Go free) # NTFS
D:\ -> CD-ROM Disc

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\$Recycle.Bin\S-1-5-21-138479891-4196374832-3307178018-1000
Supprimido ! C:\$Recycle.Bin\S-1-5-21-138479891-4196374832-3307178018-501
Supprimido ! C:\$Recycle.Bin\S-1-5-21-3991871189-2232181320-2112149827-500

################## | Registro |

Supprimido ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]

################## | Mountpoints2 |

Supprimido ! HKCU\...\Explorer\MountPoints2\{0f0beb2f-9e57-11de-9a4d-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{22e9de5b-41b8-11df-819f-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{22e9de64-41b8-11df-819f-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{267c69fe-2dd6-11de-816e-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{267c6a04-2dd6-11de-816e-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{2c516c29-c40a-11de-bc15-806e6f6e6963}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{76b184ad-c007-11dd-9c21-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{8c1463c2-daed-11de-b89b-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{95e637b9-1ff3-11de-abb0-001eec5599ab}\Shell\1\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{95e6393a-1ff3-11de-abb0-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{9f05b0cd-b764-11de-8dbc-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{9f05b124-b764-11de-8dbc-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{cd95104d-abb2-11de-9ce8-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{cd951050-abb2-11de-9ce8-001eec5599ab}\Shell\AutoRun\Command
Supprimido ! HKCU\...\Explorer\MountPoints2\{e83a6701-bffc-11dd-9388-001eec5599ab}\Shell\auto\Command

################## | Listing |

[07/04/2008 01:27|-rahs----|333203] C:\bootmgr
[05/09/2008 18:46|-ra-s----|8192] C:\BOOTSECT.BAK
[05/09/2008 21:32|-rahs----|171136] C:\grldr
[19/12/2009 01:34|--a------|230424] C:\img2-001.raw
[?|?|?] C:\pagefile.sys
[29/04/2010 17:14|--a------|2910] C:\UsbFix.txt

################## | Vaccinação |

# C:\autorun.inf -> Autorun.inf criado por UsbFix (El Desaparecido).

################## | Upload |

Favor enviar o arquivo : C:\UsbFix_Upload_Me_Olivio-PC.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Obrigado pela sua contribuição .

################## | ! Fim do relatório # UsbFix V6.110 ! |

 

[Mchawk]

Tudo certo aqui, Wolf! Aliás, essa semana foi muito boua, pois consegui um bom estágio com possibilidade de efetivação em ~2 3 meses...

Mas enfim... primeiramente gostaria de me desculpar pela demora nas respostas, mas a semana foi beeem cheia...

Eu já tinha tentado reconectar a internet pelo método que tu me instruiu. Mas como nunca é demais dar uma boua revisada, entrei nas configurações do IE e do Firefox (como segue a imagem em anexo). Infelizmente, o problema não foi resolvido. O que eu achei engraçado é que todas as vezes que eu apagava as configurações do IE (os "endereços" nas "configurações de Lan") elas voltavam assim que eu reiniciava o programa. Outra coisa suspeita é que eu não tive acesso ao comando "proxycfg -d > C:\proxy.txt" como tu me informou. Além, rodei o OTL 3 vezes no notebook da minha mãe e em nenhuma vez o arquivo Extras.txt foi criado.

Spoiler

Bom, segue no spoiler o arquivo OTL.txt do notebook dela:

Spoiler

OTL logfile created on: 29/04/2010 18:36:24 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Uca\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 90,15 Gb Free Space | 60,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149,05 Gb Total Space | 33,60 Gb Free Space | 22,54% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UCA-PC
Current User Name: Uca
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Uca\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\GbPlugin\GbpSv.exe ( )
PRC - C:\Arquivos de programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Arquivos de programas\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\BisonCam\BisonHK.exe ()
PRC - C:\Arquivos de programas\Power Manager\PM.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Uca\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (DPSUCJFM) -- C:\Users\Uca\AppData\Local\Temp\DPSUCJFM.exe (Sysinternals - www.sysinternals.com)
SRV - (YEXSENATYGMNUY) -- C:\Users\Uca\AppData\Local\Temp\YEXSENATYGMNUY.exe (Sysinternals - www.sysinternals.com)
SRV - (RWFZDASWLG) -- C:\Users\Uca\AppData\Local\Temp\RWFZDASWLG.exe (Sysinternals - www.sysinternals.com)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\GbpSv.exe ( )
SRV - (OMSI download service) -- C:\Arquivos de Programas\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ApfiltrService) -- C:\Windows\system32\drivers\apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\system32\drivers\rimmptsk.sys (REDC)
DRV - (S3GIGP) -- C:\Windows\System32\drivers\VTGKModeDX32.sys (S3 Graphics Co., Ltd.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys (Bison Electronics. Inc. )
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (http://www.internals.com)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mail.google.com/mail/?hl=pt-BR&tab=wm# [binary data]
IE - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886D}:1.0.7.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.2.14

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/23 23:05:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/23 23:05:17 | 000,000,000 | ---D | M]

[2009/08/13 12:11:05 | 000,000,000 | ---D | M] -- C:\Users\Uca\AppData\Roaming\mozilla\Extensions
[2010/04/25 17:50:13 | 000,000,000 | ---D | M] -- C:\Users\Uca\AppData\Roaming\mozilla\Firefox\Profiles\xwgvu4cz.default\extensions
[2009/09/04 13:23:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Uca\AppData\Roaming\mozilla\Firefox\Profiles\xwgvu4cz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/10 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uca\AppData\Roaming\mozilla\Firefox\Profiles\xwgvu4cz.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}
[2010/01/06 14:34:23 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Uca\AppData\Roaming\mozilla\Firefox\Profiles\xwgvu4cz.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/04/20 08:24:15 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions
[2010/04/20 08:24:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/20 08:23:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/09/25 21:42:05 | 000,002,196 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\babylon.xml
[2010/04/23 23:05:07 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/04/23 23:05:08 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2010/04/23 23:05:08 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2010/04/23 23:05:08 | 000,000,648 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de Programas\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Apoint] X:\Program Files\Apoint2K\Apoint.exe File not found
O4 - HKLM..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe ()
O4 - HKLM..\Run: [PowerManager] C:\Arquivos de Programas\Power Manager\PM.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [S3Trayp] C:\Windows\System32\s3trayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1233335130-2303715789-437105643-1000..\Run: [WMPNSCFG] C:\Arquivos de Programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1233335130-2303715789-437105643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Program Files\GbPlugin\gbiehCef.dll - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O24 - Desktop WallPaper: C:\Users\Uca\Pictures\AS17-148-22721_Blue_marble_from_Apolo_11.bmp
O24 - Desktop BackupWallPaper: C:\Users\Uca\Pictures\AS17-148-22721_Blue_marble_from_Apolo_11.bmp
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de Programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/23 15:10:37 | 000,000,000 | ---D | M] - C:\autocad -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\Shell - "" = Autorun
O33 - MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\Shell\Open\command - "" = RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\
O33 - MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\Shell - "" = Autorun
O33 - MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\Shell\Open\command - "" = RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\configure\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\install\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe
O33 - MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe
O33 - MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\Shell\AutoRun\command - "" = p.exe
O33 - MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\Shell\open\Command - "" = p.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\AutoRun\command - "" = ReCYClER\\explorer.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\eXPLOre\cOMMANd - "" = rECyCLeR\\explorer.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\OPen\coMMaNd - "" = rECYCLEr\explorer.exe
O33 - MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\Shell\AutoRun\command - "" = E:\ji83j.exe -- File not found
O33 - MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\Shell\open\Command - "" = E:\ji83j.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 11:15:30 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Uca\Desktop\OTL.exe
[2010/04/25 18:40:58 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Arquivos de Programas\RootkitRevealer.exe
[2010/04/25 18:21:45 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Portable Devices
[2010/04/25 17:54:21 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2010/04/25 17:54:20 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2010/04/25 17:54:20 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2010/04/25 17:53:59 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2010/04/25 17:53:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/25 17:53:58 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2010/04/25 17:53:58 | 000,828,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2010/04/25 17:53:58 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/25 17:53:58 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2010/04/25 17:53:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2010/04/25 17:53:58 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/25 17:53:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2010/04/25 17:53:58 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/25 17:53:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/25 17:53:57 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2010/04/25 17:53:57 | 001,064,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2010/04/25 17:53:57 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2010/04/25 17:53:57 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2010/04/25 17:53:57 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2010/04/25 17:53:57 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/25 17:53:57 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2010/04/25 17:53:57 | 000,486,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2010/04/25 17:53:57 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2010/04/25 17:53:57 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2010/04/25 17:53:57 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2010/04/25 17:53:57 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2010/04/25 17:53:57 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2010/04/25 17:53:57 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2010/04/25 17:53:36 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2010/04/25 17:53:35 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2010/04/25 17:53:33 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2010/04/25 17:53:31 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2010/04/25 17:53:31 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2010/04/25 17:53:31 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/25 17:53:31 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2010/04/25 17:53:31 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2010/04/25 17:53:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2010/04/25 17:52:39 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2010/04/25 17:52:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2010/04/25 12:13:50 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/25 12:13:50 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/25 12:13:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/23 23:59:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/04/23 23:59:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/04/23 23:59:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/04/23 23:46:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/04/21 11:45:59 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/21 11:45:57 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/20 08:25:49 | 000,000,000 | ---D | C] -- C:\Users\Uca\.receitanet
[2010/04/20 08:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/20 08:24:57 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Java
[2010/04/20 08:24:14 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/20 08:24:14 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/20 08:24:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/20 08:24:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/20 08:23:50 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Java
[2010/04/20 08:22:49 | 016,529,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Uca\jre-6u20-windows-i586-s.exe
[2010/04/20 08:07:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/20 08:07:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/20 08:07:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/20 08:07:52 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/20 08:07:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/20 08:07:52 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/20 08:07:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/20 08:07:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/20 08:07:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/20 08:07:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/20 08:07:51 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/20 08:07:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/20 08:07:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/20 08:07:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/20 08:07:50 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/20 08:04:36 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/04/20 08:04:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/20 08:04:36 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/20 08:04:36 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/04/20 08:04:35 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/20 08:04:35 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/20 08:04:35 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/04/20 08:04:35 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/04/20 08:04:34 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/20 08:04:34 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/20 08:04:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/04/20 08:04:34 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/20 08:04:34 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/04/20 08:04:34 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/20 08:04:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/04/20 08:04:33 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/20 08:04:33 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/20 08:04:32 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/04/20 08:04:31 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/20 08:04:31 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/20 08:04:31 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/20 08:04:31 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/04/20 08:04:31 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/04/20 08:04:31 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/04/20 08:04:31 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/04/20 08:03:02 | 014,926,688 | ---- | C] (Microsoft Corporation) -- C:\Users\Uca\IE8-WindowsVista-x86-PTB.exe
[2010/04/20 00:03:50 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\Windows Live Writer
[2010/04/20 00:03:50 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Local\Windows Live Writer
[2010/04/19 20:18:25 | 000,000,000 | ---D | C] -- C:\_Bridge
[2010/04/16 22:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/16 22:17:00 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Google
[2010/04/16 22:16:57 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Local\Google
[2010/04/16 22:16:29 | 000,547,416 | ---- | C] (Google Inc.) -- C:\Users\Uca\GoogleEarthWin.exe
[2010/04/16 22:16:01 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\GoogleEarth
[2010/04/16 16:17:00 | 000,922,400 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Uca\jre-6u20-windows-i586-iftw-rv.exe
[2010/04/16 15:55:59 | 000,921,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Uca\jxpiinstall.exe
[2010/04/16 15:54:29 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Programas RFB
[2010/04/16 15:54:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2010/04/16 15:41:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Programas SRF
[2010/04/15 15:22:04 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 15:22:03 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 15:21:41 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 15:21:41 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/11 21:59:49 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Designer
[2010/03/21 16:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/21 16:46:27 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\SpinTop
[2010/03/21 16:46:27 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Bejeweled 2
[2010/03/21 15:53:04 | 000,000,000 | ---D | C] -- C:\Users\Uca\Documents\Jogos para Celular
[2010/03/21 12:23:43 | 000,000,000 | -H-D | C] -- C:\LG3G
[2010/03/21 12:20:53 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\LG Electronics
[2010/03/21 12:13:09 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\LG PC Suite 2
[2010/03/21 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\InstallShield
[2010/03/21 11:32:25 | 000,024,832 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbmodem.sys
[2010/03/21 11:32:25 | 000,019,840 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbdiag.sys
[2010/03/21 11:32:25 | 000,012,800 | ---- | C] (LG Electronics Inc.) -- C:\Windows\System32\drivers\lgusbbus.sys
[2010/03/21 11:32:24 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\LG Electronics
[2010/03/21 11:32:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\InstallShield
[2010/03/13 02:29:38 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/03/13 02:29:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/23 18:02:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 18:02:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 18:02:52 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 18:02:52 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 18:02:52 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 18:02:52 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 18:02:52 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 18:02:51 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 18:02:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 18:02:51 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 15:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/02/23 15:35:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Macrovision Shared
[2010/02/23 15:32:52 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Autodesk Shared
[2010/02/23 15:32:52 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\Autodesk
[2010/02/23 15:32:52 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Local\Autodesk
[2010/02/23 15:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010/02/23 15:32:52 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\AutoCAD 2010
[2010/02/23 15:10:36 | 000,000,000 | ---D | C] -- C:\autocad
[2010/02/23 15:07:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Autocad
[2010/02/23 15:00:54 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010/02/23 15:00:54 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010/02/23 15:00:54 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010/02/22 20:23:20 | 000,000,000 | ---D | C] -- C:\x86
[2010/02/22 16:04:10 | 000,000,000 | ---D | C] -- C:\Users\Uca\AppData\Roaming\WinRAR
[2010/02/22 16:03:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\WinRAR
[2010/02/17 08:16:08 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/17 08:16:07 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/17 08:16:07 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/17 08:16:07 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/15 11:41:56 | 000,000,000 | ---D | C] -- C:\Users\Uca\Documents\_Documentos
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Uca\Documents\*.tmp files -> C:\Users\Uca\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/29 18:36:58 | 000,634,222 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/04/29 18:36:58 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/29 18:36:58 | 000,121,888 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/04/29 18:36:57 | 001,444,766 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/29 18:36:57 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/29 18:36:15 | 002,359,296 | -HS- | M] () -- C:\Users\Uca\NTUSER.DAT
[2010/04/29 18:34:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/29 18:34:08 | 000,004,983 | ---- | M] () -- C:\Windows\KernelMessage
[2010/04/29 17:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Verificar Atualizações para a Barra de Ferramentas do Windows Live.job
[2010/04/29 16:59:56 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{57B0FF68-BC00-4052-AC97-50F891FD59C6}.job
[2010/04/29 15:28:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 15:28:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/29 15:28:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/29 15:28:23 | 3152,199,680 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 07:26:44 | 000,524,288 | -HS- | M] () -- C:\Users\Uca\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/29 07:26:44 | 000,065,536 | -HS- | M] () -- C:\Users\Uca\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/27 19:41:09 | 002,566,921 | -H-- | M] () -- C:\Users\Uca\AppData\Local\IconCache.db
[2010/04/27 11:05:36 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Uca\Desktop\OTL.exe
[2010/04/27 10:57:21 | 000,001,659 | ---- | M] () -- C:\Users\Uca\Desktop\Command Prompt.lnk
[2010/04/25 18:49:58 | 030,399,511 | ---- | M] () -- C:\Windows\System32\M
[2010/04/25 18:41:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\TYFSR
[2010/04/25 18:21:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/24 00:03:10 | 000,335,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/20 08:35:38 | 000,004,096 | ---- | M] () -- C:\Users\Uca\37254790034-IRPF-2010-2009-ORIGI.DEC
[2010/04/20 08:23:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/20 08:23:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/20 08:23:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/20 08:23:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/04/20 08:23:01 | 016,529,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Uca\jre-6u20-windows-i586-s.exe
[2010/04/20 08:20:56 | 000,921,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Uca\jxpiinstall.exe
[2010/04/20 08:03:10 | 014,926,688 | ---- | M] (Microsoft Corporation) -- C:\Users\Uca\IE8-WindowsVista-x86-PTB.exe
[2010/04/20 00:02:46 | 000,019,456 | ---- | M] () -- C:\Users\Uca\Documents\Um nome de usuário e senha estão sendo solicitados por http.doc
[2010/04/16 22:16:30 | 000,547,416 | ---- | M] (Google Inc.) -- C:\Users\Uca\GoogleEarthWin.exe
[2010/04/16 17:09:16 | 012,647,668 | ---- | M] () -- C:\Users\Uca\IRPF2009v2.0.Setup.jar
[2010/04/16 16:25:04 | 000,000,111 | ---- | M] () -- C:\Users\Uca\AppData\Roaming\default.pls
[2010/04/16 16:17:07 | 000,922,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Uca\jre-6u20-windows-i586-iftw-rv.exe
[2010/04/16 15:45:04 | 000,008,192 | ---- | M] () -- C:\Users\Uca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 22:03:03 | 000,087,648 | ---- | M] () -- C:\Users\Uca\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/11 22:00:44 | 000,000,412 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/04/11 22:00:38 | 000,000,035 | ---- | M] () -- C:\Windows\vbaddin.ini
[2010/04/11 22:00:24 | 000,000,294 | ---- | M] () -- C:\Windows\win.ini
[2010/04/11 22:00:21 | 000,001,892 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/03/21 16:48:38 | 000,000,016 | ---- | M] () -- C:\Windows\popcinfo.dat
[2010/03/21 16:46:33 | 000,000,821 | ---- | M] () -- C:\Users\Uca\Desktop\Bejeweled 2.lnk
[2010/03/21 16:46:33 | 000,000,161 | ---- | M] () -- C:\Users\Uca\Desktop\More SpinTop Games.url
[2010/03/21 12:14:48 | 000,001,511 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite.lnk
[2010/03/19 17:59:15 | 000,324,332 | ---- | M] () -- C:\Users\Uca\Documents\TGA Trabalho 1 10 março.jpg
[2010/03/11 15:22:10 | 000,069,632 | ---- | M] () -- C:\Windows\System32\MSJCE.dll
[2010/03/05 11:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/02/23 15:34:26 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2010/02/23 03:35:21 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/02/23 03:34:49 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/02/23 03:34:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/02/23 03:34:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/02/23 03:33:59 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/02/23 03:33:45 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/02/23 03:33:45 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/02/23 03:33:45 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/02/23 03:33:44 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/02/23 03:33:44 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/02/23 03:33:38 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/02/23 01:55:36 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/02/23 01:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/02/23 01:54:43 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/02/23 01:54:20 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/02/23 00:09:09 | 000,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2010/02/22 15:30:40 | 002,820,234 | ---- | M] () -- C:\Users\Uca\wrar392br.exe
[2010/02/20 20:06:41 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/02/20 20:05:14 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/02/18 11:07:05 | 003,600,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/18 11:07:05 | 003,548,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Uca\Documents\*.tmp files -> C:\Users\Uca\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 10:57:21 | 000,001,659 | ---- | C] () -- C:\Users\Uca\Desktop\Command Prompt.lnk
[2010/04/25 18:48:28 | 030,399,511 | ---- | C] () -- C:\Windows\System32\M
[2010/04/25 18:41:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\TYFSR
[2010/04/25 18:21:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/04/20 08:35:37 | 000,004,096 | ---- | C] () -- C:\Users\Uca\37254790034-IRPF-2010-2009-ORIGI.DEC
[2010/04/20 08:07:51 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/20 00:02:46 | 000,019,456 | ---- | C] () -- C:\Users\Uca\Documents\Um nome de usuário e senha estão sendo solicitados por http.doc
[2010/04/16 17:09:13 | 012,647,668 | ---- | C] () -- C:\Users\Uca\IRPF2009v2.0.Setup.jar
[2010/04/16 15:54:30 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll
[2010/04/11 22:00:21 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/03/21 16:48:38 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/03/21 16:46:33 | 000,000,821 | ---- | C] () -- C:\Users\Uca\Desktop\Bejeweled 2.lnk
[2010/03/21 16:46:33 | 000,000,161 | ---- | C] () -- C:\Users\Uca\Desktop\More SpinTop Games.url
[2010/03/21 12:14:48 | 000,001,511 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite.lnk
[2010/03/19 17:59:10 | 000,324,332 | ---- | C] () -- C:\Users\Uca\Documents\TGA Trabalho 1 10 março.jpg
[2010/02/23 15:34:26 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2010/02/22 15:30:32 | 002,820,234 | ---- | C] () -- C:\Users\Uca\wrar392br.exe
[2009/09/26 15:47:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/21 14:53:31 | 000,000,085 | ---- | C] () -- C:\Windows\asr.INI
[2009/08/14 18:31:39 | 000,000,000 | ---- | C] () -- C:\Windows\MTSTACK.INI
[2009/08/13 11:57:30 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/13 11:57:30 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2009/08/13 11:57:24 | 000,000,000 | ---- | C] () -- C:\Windows\NSREX.INI
[2009/04/29 00:33:48 | 000,015,190 | R--- | C] () -- C:\Windows\M2000Twn.ini
[2009/04/29 00:32:44 | 000,069,632 | R--- | C] () -- C:\Windows\System32\vuins32.dll
[2009/04/29 00:24:53 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 09:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >

Continua...

 

[Mchawk]

...

Segue no spoiler os arquivos OTL.txt, extras.txt e proxy.txt do meu computador.

Spoiler

OTL logfile created on: 27/4/2010 11:06:29 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Ricky\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 465,75 Gb Total Space | 222,89 Gb Free Space | 47,86% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 3,28 Gb Free Space | 2,93% Space Free | Partition Type: NTFS
Drive E: | 94,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICARDO
Current User Name: Ricky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ricky\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos do Ricardo\Utilitários\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos do Ricardo\Utilitários\GPU-Z\GPU-Z.0.3.8.exe (techPowerUp (www.techpowerup.com))
PRC - C:\Arquivos do Ricardo\Utilitários\Fraps\fraps.exe (Beepa P/L)
PRC - C:\Arquivos do Ricardo\Utilitários\HWMonitor\HWMonitor.exe (CPUID)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ricky\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Arquivos do Ricardo\Utilitários\Fraps\fraps32.dll (Beepa P/L)


========== Win32 Services (SafeList) ==========

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (GPU-Z) -- File not found
DRV - (GarenaPEngine) -- C:\Documents and Settings\Ricky\Configurações locais\Temp\IDY7A.tmp ()
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (cpuz132) -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-484763869-884357618-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
IE - HKU\S-1-5-21-484763869-884357618-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Arquivos do Ricardo\Utilitários\Mozilla Firefox\components [2010/04/06 13:41:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Arquivos do Ricardo\Utilitários\Mozilla Firefox\plugins [2010/04/16 16:33:40 | 000,000,000 | ---D | M]

[2010/01/12 14:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Mozilla\Extensions
[2010/04/26 00:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Mozilla\Firefox\Profiles\dpiskmpi.default\extensions
[2010/01/14 14:10:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ricky\Dados de aplicativos\Mozilla\Firefox\Profiles\dpiskmpi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2004/08/04 09:00:00 | 000,000,776 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Arquivos do Ricardo\Utilitários\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-484763869-884357618-839522115-1004..\Run: [Fraps] C:\Arquivos do Ricardo\Utilitários\Fraps\fraps.exe (Beepa P/L)
O4 - Startup: C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\CPUID HWMonitor.lnk = C:\Arquivos do Ricardo\Utilitários\HWMonitor\HWMonitor.exe (CPUID)
O4 - Startup: C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\GPU-Z.lnk = C:\Arquivos do Ricardo\Utilitários\GPU-Z\GPU-Z.0.3.8.exe (techPowerUp (www.techpowerup.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-884357618-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/12 13:49:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/06/01 23:32:00 | 001,073,152 | R--- | M] () - E:\AUTORUN.exe -- [ CDFS ]
O32 - AutoRun File - [2001/06/01 23:32:00 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{141c9e42-ff87-11de-8705-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{141c9e42-ff87-11de-8705-806d6172696f}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe -- File not found
O33 - MountPoints2\{e9a81b6c-4fb5-11df-82d4-002618f188c5}\Shell - "" = Autorun
O33 - MountPoints2\{e9a81b6c-4fb5-11df-82d4-002618f188c5}\Shell\Open\command - "" = RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/27 11:05:34 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2010/04/25 21:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Heroes of Newerth
[2010/04/25 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Help
[2010/04/25 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Help
[2010/04/25 13:24:06 | 001,039,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjet35.dll
[2010/04/25 13:24:06 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Vbar332.dll
[2010/04/25 13:24:06 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msrd2x35.dll
[2010/04/25 13:24:06 | 000,037,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjint35.dll
[2010/04/25 13:24:06 | 000,024,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msjter35.dll
[2010/04/25 13:23:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\WINDOWS
[2010/04/25 13:19:12 | 000,716,800 | ---- | C] (Sysinternals) -- C:\WINDOWS\System32\SysInternalsBluescreen.scr
[2010/04/20 13:45:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2
[2010/04/20 13:45:45 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\MSXML 4.0
[2010/04/20 09:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\HP
[2010/04/20 09:18:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\HP
[2010/04/20 09:17:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hewlett-Packard
[2010/04/20 09:16:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Hewlett-Packard
[2010/04/20 09:10:13 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/04/20 09:09:46 | 000,278,584 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZidr12.dll
[2010/04/20 09:09:46 | 000,204,800 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipr12.dll
[2010/04/20 09:09:46 | 000,094,208 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipt12.dll
[2010/04/20 09:09:46 | 000,069,632 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
[2010/04/20 09:09:46 | 000,061,440 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZinw12.exe
[2010/04/20 09:09:46 | 000,057,344 | ---- | C] (HP) -- C:\WINDOWS\System32\HPZisn12.dll
[2010/04/20 09:09:46 | 000,000,000 | ---D | C] -- C:\Program Files
[2010/04/20 09:06:50 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\HP
[2010/04/20 09:05:08 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/04/20 09:04:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Dados de aplicativos\HP
[2010/04/20 09:02:58 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010/04/20 09:02:47 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/04/20 08:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\.receitanet
[2010/04/16 17:20:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ProgramasRFB
[2010/04/16 16:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sun
[2010/04/16 16:33:49 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Java
[2010/04/16 16:33:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/16 16:33:40 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/16 16:33:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/16 16:33:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/16 16:33:40 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/16 16:33:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Java
[2010/04/16 16:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Sun
[2010/04/16 16:31:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Programas RFB
[2010/04/16 16:30:49 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2010/04/14 23:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2010/04/14 23:42:29 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Messenger Plus! Live
[2010/04/09 17:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\SKIDROW
[2010/04/09 17:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Sidhe
[2010/03/29 12:20:23 | 001,030,144 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.exe
[2010/03/29 12:20:23 | 000,432,640 | ---- | C] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.scr
[2010/03/28 02:36:07 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/03/28 02:36:07 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/03/28 02:36:06 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/03/28 02:36:05 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/03/28 02:23:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/03/28 01:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Criterion Games
[2010/03/22 15:12:52 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/03/22 15:12:52 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/03/21 20:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Meus arquivos recebidos
[2010/03/21 19:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Tracing
[2010/03/21 19:15:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft
[2010/03/21 19:15:16 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive
[2010/03/21 19:14:54 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live
[2010/03/21 19:12:28 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live
[2010/03/20 23:38:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\Electronic Arts
[2010/03/20 23:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Electronic Arts
[2010/03/17 13:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData
[2010/03/17 13:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Electronic Arts
[2010/03/17 11:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\NFS SHIFT
[2010/03/17 11:47:29 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Electronic Arts
[2010/03/14 19:39:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\EA Games
[2010/03/10 09:28:41 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/07 23:40:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Test Drive Unlimited
[2010/03/07 23:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Test Drive Unlimited
[2010/03/04 09:15:02 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Visual Studio
[2010/03/04 09:15:00 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Designer
[2010/03/04 09:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2010/03/04 09:12:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Twain32
[2010/03/04 09:12:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Microsoft Web Folders
[2010/03/04 09:12:31 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft Office
[2010/02/27 22:51:01 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSOSS.DLL
[2010/02/25 00:02:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/02/21 20:54:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Codemasters
[2010/02/21 20:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\SimBin
[2010/02/18 23:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\NFS Underground
[2010/02/18 16:52:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/02/18 01:51:27 | 000,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/02/18 01:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\DOSBox
[2010/02/12 01:34:55 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/01 06:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\NFS Underground 2
[2010/02/01 06:45:47 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\DirectX
[2010/01/31 22:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Battlefield 2
[2010/01/29 21:03:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\PunkBuster
[2010/01/29 21:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\BFBC2Beta
[2010/01/29 20:27:25 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2010/01/28 09:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Meus documentos\Anno 1404
[2010/01/28 08:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ricky\Dados de aplicativos\Ubisoft
[2010/01/28 08:14:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Tages
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/04/27 11:05:35 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ricky\Desktop\OTL.exe
[2010/04/27 10:29:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 10:29:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 16:15:54 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Ricky\NTUSER.DAT
[2010/04/26 16:15:54 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Ricky\ntuser.ini
[2010/04/26 12:38:13 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae Ricardo Meneghetti Peres Gebhardt (N).doc
[2010/04/26 10:46:05 | 003,259,904 | ---- | M] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum_Vitae.doc
[2010/04/25 23:19:18 | 001,092,024 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/25 23:19:18 | 000,482,000 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010/04/25 23:19:18 | 000,440,820 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/25 23:19:18 | 000,084,154 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010/04/25 23:19:18 | 000,071,138 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/25 13:38:59 | 001,575,398 | -H-- | M] () -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\IconCache.db
[2010/04/20 13:44:50 | 000,000,563 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/20 13:44:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/20 13:44:50 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/20 09:19:33 | 000,113,132 | ---- | M] () -- C:\WINDOWS\hpoins07.dat
[2010/04/16 16:33:35 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/16 16:33:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/16 16:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/16 16:33:35 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/16 16:33:35 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/16 10:38:24 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/04/14 10:05:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/10 22:40:07 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 09:51:53 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/26 14:52:09 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae Ricardo Meneghetti Peres Gebhardt.doc
[2010/03/21 19:34:56 | 000,020,976 | ---- | M] () -- C:\Documents and Settings\Ricky\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
[2010/03/21 19:34:48 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/20 23:38:30 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/03/19 09:11:07 | 000,006,189 | ---- | M] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae de Ricardo Meneghetti Peres Gebhardt.doc
[2010/03/15 23:04:16 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010/03/11 15:22:10 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\MSJCE.dll
[2010/03/09 08:10:39 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2010/03/09 08:10:39 | 000,430,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2010/03/06 11:28:34 | 001,030,144 | ---- | M] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.exe
[2010/03/04 09:40:51 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\PUCRS Adm 2010.lnk
[2010/03/04 09:15:43 | 000,000,415 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/04 09:15:43 | 000,000,063 | ---- | M] () -- C:\WINDOWS\mdm.ini
[2010/03/04 09:15:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\NSREX.INI
[2010/02/28 00:22:58 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Ricky\Desktop\Joguinhos.lnk
[2010/02/24 10:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/02/18 01:13:51 | 000,000,056 | ---- | M] () -- C:\WINDOWS\RALLYC.INI
[2010/02/17 14:07:18 | 002,194,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/02/17 10:48:10 | 000,432,640 | ---- | M] (J.C. Kessels) -- C:\WINDOWS\System32\MyDefragScreenSaver_v4.2.9.scr
[2010/02/16 16:07:16 | 002,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/02/16 16:07:12 | 002,150,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2010/02/16 16:07:12 | 002,150,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/02/16 16:07:12 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/02/16 16:07:12 | 002,028,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2010/02/12 01:34:55 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/02/11 09:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcpip6.sys
[2010/02/11 09:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip6.sys
[2010/02/04 10:01:14 | 000,528,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/02/04 10:01:14 | 000,238,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/02/04 10:01:14 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/02/04 10:01:14 | 000,022,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/01/31 17:37:26 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/31 16:13:39 | 000,139,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/29 20:57:42 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Ricky\Dados de aplicativos\PnkBstrK.sys
[2010/01/29 20:57:03 | 002,434,856 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/29 11:44:32 | 000,307,260 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codeca.acm
[2010/01/29 11:44:32 | 000,143,422 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\l3codecx.ax
[2010/01/28 08:29:16 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\CPUID HWMonitor.lnk
[2010/01/28 08:29:06 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\GPU-Z.lnk
[2010/01/28 07:59:36 | 000,281,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/28 07:59:35 | 000,025,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 12:38:12 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae Ricardo Meneghetti Peres Gebhardt (N).doc
[2010/04/26 10:46:05 | 003,259,904 | ---- | C] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum_Vitae.doc
[2010/04/20 09:04:49 | 000,113,132 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2010/04/20 09:04:49 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/04/20 09:04:49 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log
[2010/04/16 16:31:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\MSJCE.dll
[2010/04/16 10:38:23 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/03/26 14:51:51 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae Ricardo Meneghetti Peres Gebhardt.doc
[2010/03/15 23:31:51 | 000,001,054 | ---- | C] () -- C:\Documents and Settings\Ricky\exception.log
[2010/03/15 23:04:16 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/03/04 09:40:51 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\PUCRS Adm 2010.lnk
[2010/03/04 09:15:43 | 000,000,415 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/04 09:15:43 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/03/04 09:15:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/02/28 00:22:58 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Ricky\Desktop\Joguinhos.lnk
[2010/02/18 01:13:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\RALLYC.INI
[2010/01/29 21:03:48 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/29 20:57:42 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/29 20:57:42 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Ricky\Dados de aplicativos\PnkBstrK.sys
[2010/01/29 20:57:03 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/01/29 20:57:03 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/01/29 20:57:03 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010/01/28 12:33:27 | 000,006,189 | ---- | C] () -- C:\Documents and Settings\Ricky\Meus documentos\Curriculum Vitae de Ricardo Meneghetti Peres Gebhardt.doc
[2010/01/28 08:06:19 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\CPUID HWMonitor.lnk
[2010/01/28 08:05:59 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\Ricky\Menu Iniciar\Programas\Inicializar\GPU-Z.lnk
[2010/01/28 07:59:36 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/01/28 07:59:35 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/01/18 15:11:46 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/18 12:43:34 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nvRegDev.dll
[2010/01/12 15:40:17 | 000,062,232 | R--- | C] () -- C:\WINDOWS\System32\GameuxInstallHelper.dll
[2010/01/12 13:59:54 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/01/12 13:53:37 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/01/12 13:53:31 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/01/12 13:53:26 | 000,026,031 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/01/12 13:53:26 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2001/07/06 15:30:02 | 000,003,277 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
< End of report >

Spoiler

OTL Extras logfile created on: 27/4/2010 11:06:29 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Ricky\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 83,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 465,75 Gb Total Space | 222,89 Gb Free Space | 47,86% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 3,28 Gb Free Space | 2,93% Space Free | Partition Type: NTFS
Drive E: | 94,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICARDO
Current User Name: Ricky
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-484763869-884357618-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Arquivos do Ricardo\Utilitários\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2870:UDP" = 2870:UDP:*:Enabled:Windows Media Format SDK (firefox.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Arquivos do Ricardo\Utilitários\uTorrent\uTorrent.exe" = C:\Arquivos do Ricardo\Utilitários\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Arquivos do Ricardo\Meus Jogos\SEGA Rally Revo\SEGA Rally.exe" = C:\Arquivos do Ricardo\Meus Jogos\SEGA Rally Revo\SEGA Rally.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Arquivos do Ricardo\Meus Jogos\SEGA Rally Revo\SEGA Rally_SSE1.exe" = C:\Arquivos do Ricardo\Meus Jogos\SEGA Rally Revo\SEGA Rally_SSE1.exe:*:Enabled:SEGA Rally -- (SEGA Publishing Europe LTD)
"C:\Arquivos do Ricardo\Meus Jogos\DiRT 2\dirt2_game.exe" = C:\Arquivos do Ricardo\Meus Jogos\DiRT 2\dirt2_game.exe:*:EnablediRT2 -- (Codemasters)
"C:\Arquivos do Ricardo\Meus Jogos\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Arquivos do Ricardo\Meus Jogos\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Arquivos do Ricardo\Meus Jogos\Steam\Steam.exe" = C:\Arquivos do Ricardo\Meus Jogos\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\burnout(tm) paradise the ultimate box\BurnoutParadise.exe" = C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\burnout(tm) paradise the ultimate box\BurnoutParadise.exe:*:Enabled:Burnout Paradise: The Ultimate Box -- (Electronic Arts)
"C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe" = C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\burnout(tm) paradise the ultimate box\BurnoutConfigTool.exe:*:Enabled:Burnout Paradise: The Ultimate Box -- (Electronic Arts)
"C:\Arquivos do Ricardo\Utilitários\eMule\emule.exe" = C:\Arquivos do Ricardo\Utilitários\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Arquivos do Ricardo\Utilitários\Garena\Garena.exe" = C:\Arquivos do Ricardo\Utilitários\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Arquivos do Ricardo\Meus Jogos\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Arquivos do Ricardo\Meus Jogos\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Arquivos do Ricardo\Meus Jogos\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X -- File not found
"C:\Arquivos do Ricardo\Meus Jogos\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Arquivos do Ricardo\Meus Jogos\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\jmchawk\team fortress 2\hl2.exe" = C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\jmchawk\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Mirror's Edge\Binaries\MirrorsEdge.exe" = C:\Arquivos do Ricardo\Meus Jogos\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Arquivos do Ricardo\Meus Jogos\Mass Effect\Binaries\MassEffect.exe" = C:\Arquivos do Ricardo\Meus Jogos\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"C:\Arquivos do Ricardo\Meus Jogos\Mass Effect\MassEffectLauncher.exe" = C:\Arquivos do Ricardo\Meus Jogos\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"C:\Arquivos do Ricardo\Meus Jogos\ANNO 1404 Dawn of Discovery\Anno4.exe" = C:\Arquivos do Ricardo\Meus Jogos\ANNO 1404 Dawn of Discovery\Anno4.exe:*:Enabled:ANNO 1404 -- (Related Designs)
"C:\Arquivos do Ricardo\Meus Jogos\ANNO 1404 Dawn of Discovery\tools\Anno4Web.exe" = C:\Arquivos do Ricardo\Meus Jogos\ANNO 1404 Dawn of Discovery\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Bad Company 2 BETA\BFBC2BetaUpdater.exe" = C:\Arquivos do Ricardo\Meus Jogos\Bad Company 2 BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- File not found
"C:\Arquivos do Ricardo\Meus Jogos\Bad Company 2 BETA\BFBC2Game.exe" = C:\Arquivos do Ricardo\Meus Jogos\Bad Company 2 BETA\BFBC2Game.exe:*:Enabled:EA Battlefield: Bad Company™ 2 - BETA -- File not found
"C:\Arquivos do Ricardo\Meus Jogos\Battlefield 2\BF2.exe" = C:\Arquivos do Ricardo\Meus Jogos\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe" = C:\Arquivos do Ricardo\Meus Jogos\Steam\steamapps\common\unreal tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Need for Speed Underground\Speed.exe" = C:\Arquivos do Ricardo\Meus Jogos\Need for Speed Underground\Speed.exe:*:Enabled:Speed -- ()
"C:\Arquivos do Ricardo\Meus Jogos\Grid\GRID.exe" = C:\Arquivos do Ricardo\Meus Jogos\Grid\GRID.exe:*:Enabled:GRID Executable -- (Codemasters)
"C:\Arquivos do Ricardo\Meus Jogos\Need for Speed Underground 2\SPEED2.EXE" = C:\Arquivos do Ricardo\Meus Jogos\Need for Speed Underground 2\SPEED2.EXE:*:Enabled:SPEED2 -- ()
"C:\Arquivos do Ricardo\Meus Jogos\TDU\TestDriveUnlimited.exe" = C:\Arquivos do Ricardo\Meus Jogos\TDU\TestDriveUnlimited.exe:*isabled:Test Drive Unlimited -- (Eden Games)
"C:\Arquivos de programas\Electronic Arts\EADM\Core.exe" = C:\Arquivos de programas\Electronic Arts\EADM\Core.exe:*isabled:EA Download Manager -- (Electronic Arts)
"C:\Arquivos do Ricardo\Meus Jogos\Dead Space\Dead Space.exe" = C:\Arquivos do Ricardo\Meus Jogos\Dead Space\Dead Space.exe:*:Enabledead Space ™ -- ()
"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Arquivos de programas\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000416-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01840D1A-3B62-1E2A-9997-C9B9007F1E5F}" = Catalyst Control Center Core Implementation
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238C0184-F215-11D4-9B19-00010280B683}" = SegaGT
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{32BAA79B-CBB2-3693-A0E3-71EA4A1E9761}" = ccc-core-static
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{33BA828D-CF19-0B52-8483-61FCFD83F75D}" = Catalyst Control Center HydraVision Full
"{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362CCC45-63D1-9688-C74D-F32F1B0CD919}" = CCC Help English
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB
"{4183E4E3-F943-416C-D4E1-0673F1CBA6E1}" = ccc-utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69FAC221-570C-A7A2-10FF-30F3BDDED603}" = Catalyst Control Center Graphics Light
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77C4F53F-8618-B4AC-A54D-694CA504BC2E}" = Catalyst Control Center Graphics Full Existing
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52C4BAB-E8E7-906E-EF34-91EA765505BE}" = ccc-core-preinstall
"{A778A787-08A4-4089-CB68-02A9737DE532}" = Catalyst Control Center InstallProxy
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = Need For Speed Underground
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.2 - Português
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB2E2ED5-DE74-F09D-3B23-0C4BA51D8C60}" = Catalyst Control Center Graphics Previews Common
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FD3D9B16-44E4-4231-E1E2-85C40A115F87}" = ATI Catalyst Install Manager
"{FDE0EEEA-B1CD-BFED-22BB-AD87B886CC47}" = Catalyst Control Center Graphics Full New
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}" = DVC-3 v3.01
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ATI Display Driver" = ATI Display Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"EADM" = EA Download Manager
"eMule" = eMule
"Fraps" = Fraps (remove only)
"Garena" = Garena
"GTR Evolution_1.1.1.2_is1" = GTR Evolution
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Gerenciador de dispositivo de plataforma
"InstallShield_{4A05FF52-4AA8-4681-BC06-5EE7F812A441}" = SEGA Rally
"InstallWatch Pro 2.5" = InstallWatch Pro 2.5
"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio
"IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.1 (Basic)
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyDefrag v4.2.9_is1" = MyDefrag v4.2.9
"NFS SHIFT NoIntro FIX by JP-TEC" = NFS SHIFT NoIntro FIX by JP-TEC
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Race On_is1" = Race On
"Receitanet Java 2010.02a" = Receitanet Java 2010.02a
"SpeedFan" = SpeedFan (remove only)
"Steam App 13210" = Unreal Tournament 3
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 24740" = Burnout Paradise: The Ultimate Box
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"uTorrent" = µTorrent
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/3/2010 10:45:46 | Computer Name = RICARDO | Source = Application Error | ID = 1000
Description = Aplicativo com falha shift.exe, versão 1.0.0.0, módulo com falha shift.exe,
versão 1.0.0.0, endereço com falha 0x009837c7.

Error - 17/3/2010 10:45:52 | Computer Name = RICARDO | Source = Application Error | ID = 1000
Description = Aplicativo com falha shift.exe, versão 1.0.0.0, módulo com falha shift.exe,
versão 1.0.0.0, endereço com falha 0x009837c7.

Error - 17/3/2010 10:46:07 | Computer Name = RICARDO | Source = Application Error | ID = 1000
Description = Aplicativo com falha shift.exe, versão 1.0.0.0, módulo com falha shift.exe,
versão 1.0.0.0, endereço com falha 0x009837c7.

Error - 22/3/2010 22:13:47 | Computer Name = RICARDO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.2.3667, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 22/3/2010 22:14:20 | Computer Name = RICARDO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.2.3667, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 22/3/2010 22:15:23 | Computer Name = RICARDO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha firefox.exe, versão 1.9.2.3667, módulo com falha
hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 28/3/2010 01:20:47 | Computer Name = RICARDO | Source = Application Hang | ID = 1002
Description = Aplicativo com falha BurnoutParadise.exe, versão 1.1.0.0, módulo com
falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000.

Error - 28/3/2010 16:08:07 | Computer Name = RICARDO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.3.0, stamp 499dc616, faulting
module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0012f460.

Error - 6/4/2010 09:40:03 | Computer Name = RICARDO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.3.0, stamp 499dc616, faulting
module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0012f460.

Error - 6/4/2010 10:01:35 | Computer Name = RICARDO | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.3.0, stamp 499dc616, faulting
module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x0012f460.

[ System Events ]
Error - 23/4/2010 13:48:15 | Computer Name = RICARDO | Source = Dhcp | ID = 1002
Description = A concessão 192.168.1.1 do endereço IP para a placa de rede com endereço
de rede 002618F188C5 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).

Error - 24/4/2010 11:19:47 | Computer Name = RICARDO | Source = Dhcp | ID = 1002
Description = A concessão 192.168.1.1 do endereço IP para a placa de rede com endereço
de rede 002618F188C5 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).

Error - 25/4/2010 11:46:40 | Computer Name = RICARDO | Source = Service Control Manager | ID = 7031
Description = O serviço Chamada de procedimento remoto (RPC) foi finalizado inesperadamente.
Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 60000 milissegundos:
Reinicializar o computador.

Error - 25/4/2010 11:47:02 | Computer Name = RICARDO | Source = Service Control Manager | ID = 7034
Description = O serviço Assistente de aquisição de imagens do Windows (WIA) foi
encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error - 25/4/2010 12:07:34 | Computer Name = RICARDO | Source = Service Control Manager | ID = 7034
Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso
aconteceu 1 vez(es).

Error - 26/4/2010 09:43:12 | Computer Name = RICARDO | Source = Dhcp | ID = 1002
Description = A concessão 192.168.1.1 do endereço IP para a placa de rede com endereço
de rede 002618F188C5 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).

Error - 26/4/2010 14:05:54 | Computer Name = RICARDO | Source = Dhcp | ID = 1002
Description = A concessão 192.168.1.1 do endereço IP para a placa de rede com endereço
de rede 002618F188C5 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).

Error - 27/4/2010 10:04:53 | Computer Name = RICARDO | Source = Dhcp | ID = 1002
Description = A concessão 192.168.1.1 do endereço IP para a placa de rede com endereço
de rede 002618F188C5 foi negada pelo servidor DHCP 192.168.1.254 (O servidor DHCP
enviou uma mensagem DHCPNACK).

Error - 27/4/2010 10:04:59 | Computer Name = RICARDO | Source = W32Time | ID = 39452689
Description = Provedor de tempo NtpClient: erro durante a pesquisa de DNS do nível
de protocolo 'time.windows.com,0x1' configurado manualmente. O NtpClient fará uma
nova tentativa em 15 minutos. Erro: Uma operação de soquete foi tentada em um host
inacessível. (0x80072751)

Error - 27/4/2010 10:04:59 | Computer Name = RICARDO | Source = W32Time | ID = 39452701
Description = O provedor de tempo NtpClient foi configurado para obter tempo de
uma ou mais fontes de tempo; no entanto, nenhuma delas está acessível no momento.

Não será feita nenhuma tentativa de contatar uma fonte durante 14 minutos. O NtpClient
não tem uma fonte de tempo preciso.


< End of report >

Spoiler

Ferramenta de configura‡Æo do proxy padrÆo do Microsoft (R) WinHTTP
Copyright (c) Microsoft Corporation. Todos os direitos reservados.

Configura‡äes de proxy atualizadas
Configura‡äes atuais do proxy WinHTTP em:
HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\
WinHttpSettings :

Acesso direto (nenhum servidor proxy).

Muitíssimo obrigado, Wolf!

 

[carolgsn]

Mr. Wolf... Eu de novo...rsr

Estava testando os filtros para ver se estava funcionando... Aiiiiii...... acho que consegui pegar um virus... (que ódio viu...)
Outra coisa que vi agora... se eu entrar no site, clicando, google em "Em Cache", ele abre o conteúdo normal, sem passar pelo filtro do ccproxy.. tem um jeito de corrigir isso ou não? Pelo blokfree tá tranquilo... eu não consigo nem abrir o resultado da pesquisa, se tiver uma palavra da lista negra...
O que está acontecendo com ele é o seguinte... Baixei o blokfree do site do fabricante (gamesoft), prém na hr de instalar, o avira acusou um trojan... só que instalei assim msm... depois, ele acusou dois virus.. se não tiver enganda, dentro da pasta do blokfree.
Deops disso, tentei passar o antivirus, e ele reiniciou e soó consgui passar ele no modo de segurança (qeu não acusou virus nenhum), mas naõ sei resolveu...
Vc pode fazer o favor de analisar de novo o log? Desculpa o trabalho viu....
Ah, como vc consegue bloquear os sites pornográficos com 12 palavras?
Obrigada pelas Dicas e por tudo...

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:03, on 30/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Blok Free 4\abfiv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\CCProxy\CCProxy.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\1052\lsass.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\CidinhaAlencar\Desktop\HiJackThis.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.123:3128
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Blok Free 4] "C:\Arquivos de programas\Blok Free 4\abfiv.exe"
O4 - HKLM\..\Run: [sbfiv] C:\WINDOWS\system32\sbfiv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCProxy] C:\CCProxy\CCProxy.exe
O4 - HKCU\..\Run: [abfiv] "c:\arquivos de programas\blok free 4\abfiv.exe"
O4 - HKCU\..\Run: [sbfiv] C:\WINDOWS\System32\sbfiv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271467976062
O17 - HKLM\System\CCS\Services\Tcpip\..\{EE6EC8FF-9965-478E-9614-240478F2525A}: NameServer = 200.225.197.34,200.225.197.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System logon (Syslogon) - Unknown owner - C:\WINDOWS\System32\1052\lsass.exe

--
End of file - 6865 bytes

 

[Mr.Wolf]

Mauricio Fabiano, finalmente analisei o arquivo que você enviou e, infelizmente, você caiu em um golpe de phishing. Acredite, não é o primeiro, tampouco o único.

Trata-se de um trojan downloader. Este tipo de malware tem a finalidade de baixar outros malwares para a máquina, além de abrir brechas de segurança no sistema.

O ícone do malware é idêntico ao do Avast! verdadeiro, e, sim, ele instala um total de 3.5 GB de arquivos no sistema. É um espaço exagerado para um malware, mas, como no mundo da segurança digital nada é previsivel e óbvio, está dentro do contexto "praga virtual".

Como o malware cria mais de 100 arquivos no sistema, dando um total de 143 arquivos, incluindo entradas no registro, processos em background, etc, torna-se inviável postar todos eles aqui. Portanto, postarei (em spoiler) apenas os principais, a fim de ajudar outras pessoas que cairam no golpe também:

Spoiler

Arquivos

C:\Arquivos de programas\Avast Security Antivirus\Protection.MANIFEST
C:\Arquivos de programas\Avast Security Antivirus\DlCH.exe
C:\Arquivos de programas\APROL90\ehRtt.dll
C:\Arquivos de programas\APROL90\perMissionPP.dll
C:\Arquivos de programas\AVAST TOOLBAR PROTECTS\protectsie.dll
C:\Arquivos de programas\AVAST TOOLBAR PROTECTS\UiWIO.dll
C:\Arquivos de programas\AVAST TOOLBAR PROTECTS\Pqlss.dll
C:\Arquivos de programas\AVAST TOOLBAR PROTECTS\1344.dll

Nas pastas "Avast Security Antivirus" e "APROL90" existem vários arquivos

C:\Documents and Settings\Nome do Usuário\Dados de Aplicativos\AKGIP.exe
C:\Documents and Settings\Nome do Usuário\Dados de aplicativos\Protection\021589641.exe
C:\Documents and Settings\Nome do Usuário\Dados de aplicativos\hidden\04Kuhs.acjx
C:\Documents and Settings\Nome do Usuário\Dados de aplicativos\hidden\8iam00.vxd
C:\Documents and Settings\Nome do Usuário\Dados de aplicativos\hidden\opavast.exec

Na pasta "hidden" existem vários arquivos

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Hjotpetprotect.exe
C:\RTY.bat
C:\executar.exe
C:\pasta.bat
C:\pernins.reg
C:\WINDOWS\Icon.png
C:\WINDOWS\AvastIP.exe
C:\WINDOWS\OPSTI.EXE
C:\WINDOWS\AlandÇ.exe (arquivo oculto)
C:\WINDOWS\WBEM\Infosssecure.mof.exe
C:\WINDOWS\WBEM\largehard.dll.1
C:\WINDOWS\system32\HWPort.exe
C:\WINDOWS\system32\Listen.dll
C:\WINDOWS\system32\jahusnhdkls.exe (trojan vundo, os arquivos são aleatórios)
C:\WINDOWS\system32\Fireproxy.exe
C:\WINDOWS\system32\RestoreGP.exe
C:\WINDOWS\system32\Lan.exe
C:\WINDOWS\system32\NLAUNCH.exe
C:\WINDOWS\system32\Avaststart.dll
C:\WINDOWS\system32\Avastprot.exe
C:\WINDOWS\system32\Prolss.exe
C:\WINDOWS\system32\lamjsko0e.bat
C:\WINDOWS\system32\regs.reg
C:\WINDOWS\system32\securelks.exe
C:\WINDOWS\system32\OPRR\genuineLW.inf
C:\WINDOWS\system32\drivers\ATAPYI.SYS (rootkit)
C:\WINDOWS\system32\drivers\DRIVERSAV.SYS (rootkit)
C:\WINDOWS\system32\drivers\logingus.sys (rootkit)
C:\WINDOWS\system32\drivers\ollipdrv.sys
C:\WINDOWS\Tasks\sheduleavast.job

Entradas no registro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Startavast.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Lowsign.exe]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify[YhWZ.Dll] (trojan vundo)
[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Protects\AWER\[Runwill.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Protects\3.5.4\AWER\[asdfx.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\[{dsWADc44-gb77-2156-8ikm-123sderf5Ddc}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[{01928563-IMK9-5214-APLS-KMAJNSHUDTG5}]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{kmJhnhTG-LkmU-98U7-0PlP-llPojmanhj75}
HKEY_CURRENT_USER\Software\[Avast ZIP]
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\[DoItt.dll]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\[Promptadmin]
HKEY_USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\[javaconsole.exe]


Processos rodando em background

C:\WINDOWS\SYSTEM\HJANU.DRV
C:\WINDOWS\SYSTEM\AVAST.DRV
C:\WINDOWS\SYSTEM\IPOP.DRV
C:\WINDOWS\SYSTEM\VEFER.DLL

Processos rodando no gerenciador

AvastIP.exe
Avaststart.dll
securelks.exe
llipdrv.sys

Ficheiros criados em Adicionar ou Remover Programas

Avast Security Antivirus 5.9.1
Module Secure
AWER SOFTWARE (adware)

Drivers ocultos (rootkits)

ATALP.SYS
RGWW.SYS
AVATUAWER.SYS


OBS: Como eu salientei anteriormente, estes são alguns dos arquivos principais. O malware cria centenas, e eles podem ser aleatórios a cada instalação.

Submeti o arquivo ao banco de dados do Malwarebytes e do ComboFix, adicionando as linhas dos arquivos criados. E o enviei às empresas de antivirus também.

O Malwarebytes pode remover uma boa quantidade dos arquivos, não digo que removerá todos porque é algo incerto. Se quiser, pode instalar e rodar o MBAM aí.

No entanto, sendo honesto com você, Mauricio, eu formataria a máquina novamente. Aproveite que ainda não há nada instalado nela, afinal foi recém formatada, assim lhe poupa dor de cabeça e economiza tempo.

Porém, se preferir, posso ajudá-lo na remoção. Fica a seu critério.

Abraços

___________________________________


tosko, o UsbFix removeu as entradas maliciosas que haviam em seu sistema.

No mais, está limpo.

Peça que me faça um favor, amigo tosko.

Envie o arquivo C:\UsbFix_Upload_Me_Olivio-PC.zip (ele pode estar oculto), ao seguinte endereço: expert_malwaretech@hotmail.com

Esta pasta contém informações importantes das infecções. E enviando-a para a nossa equipe, poderemos adicionar as infecções no banco de dados de centenas de ferramentas, além de enviar as samples para as empresas de antivirus, para que, futuramente, possam vir a detectar e tratar estas infecções da melhor maneira.

Agradeço se puder fazer isso.

___________________________________


Opa Mchawk, meus parabéns pelo merecido estágio. Tudo de bom para você, muita sorte e sucesso!

O log do seu computador está limpo, Mchawk. Algumas entradas inválidas no registro, que podem ser resolvidas por um limpador, sem vínculo com malwares.

Já o log do computador de sua mãe contém entradas maliciosas.

Siga abaixo:

Spoiler

Pergunta: Tem conhecimento das seguintes pastas em destaque?

C:\_Bridge
C:\Windows\System32\M
C:\Windows\System32\TYFSR

1ª Etapa

- Dê um duplo clique no OTL.exe para executá-lo novamente.
- Copie este texto abaixo (começando por :OTL) e cole no campo

da janela do OTL.

:OTL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O4 - HKU\.DEFAULT..\RunOnce: [] File not found
O4 - HKU\S-1-5-18..\RunOnce: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [] File not found
O4 - HKU\S-1-5-20..\RunOnce: [] File not found
O33 - MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\Shell - "" = Autorun
O33 - MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\Shell\Open\command - "" = RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\
O33 - MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\Shell - "" = Autorun
O33 - MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\Shell\Open\command - "" = RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\configure\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\Shell\install\command - "" = D:\instalar.EXE -- File not found
O33 - MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\Shell\AutoRun\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe
O33 - MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\Shell\open\command - "" = RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe
O33 - MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\Shell\AutoRun\command - "" = p.exe
O33 - MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\Shell\open\Command - "" = p.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\AutoRun\command - "" = ReCYClER\\explorer.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\eXPLOre\cOMMANd - "" = rECyCLeR\\explorer.exe
O33 - MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\Shell\OPen\coMMaNd - "" = rECYCLEr\explorer.exe
O33 - MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\Shell\AutoRun\command - "" = E:\ji83j.exe -- File not found
O33 - MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\Shell\open\Command - "" = E:\ji83j.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found

:Reg

:Files

:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]

- Clique no botão

. Se aparecer uma mensagem perguntando se deseja reiniciar o PC, clique em OK e aguarde o reinicio.

- Um novo relatório contendo o resultado será aberto. Se não for aberto automaticamente, vá até a pasta C:\_OTL\MovedFiles e procure por um arquivo de log (.txt) descrito com a hora e a data do fix.

Copie e cole-o em sua próxima resposta.


2ª Etapa

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão

no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta, juntamente com o log do OTL e um novo do HijackThis.

___________________________________


carolgsn, cuidado quando for fazer estes testes de filtros de conteúdo na web, qualquer software pode falhar. Sugiro que quando for verificar isso, faça através de uma sandboxie ou de uma máquina virtual, pois o computador principal não correrá riscos de infecção.

Seu log está infectado por um keylogger. Troque as senhas digitadas na máquina.

Outra coisa que vi agora... se eu entrar no site, clicando, google em "Em Cache", ele abre o conteúdo normal, sem passar pelo filtro do ccproxy.. tem um jeito de corrigir isso ou não?

Pode ser pelo motivo que lhe expliquei anteriormente. Se o CCProxy estiver sendo utilizado na versão trial, alguns recursos podem estar indisponíveis, e somente na versão paga você tem acesso a todos os recursos do software. Não é normal um filtro de conteúdo não filtrar as páginas em cache, ele deve filtrar tudo. Mas, para isso, todas as funções dele devem estar habilitadas.

Baixei o blokfree do site do fabricante (gamesoft), prém na hr de instalar, o avira acusou um trojan... só que instalei assim msm... depois, ele acusou dois virus.. se não tiver enganda, dentro da pasta do blokfree.

É normal. Isso é um falso positivo do Avira. O BlockFree é totalmente seguro, já o testei várias vezes, em todas as versões. Ignore os alertas.

Tem muitos antivirus que não deixam o usuário sequer executar o aplicativo destinado à filtrar conteúdos da Internet.

Ah, como vc consegue bloquear os sites pornográficos com 12 palavras?

Os bloqueios são feitos através de palavras-chave localizadas nos títulos das janelas. Então, você tem que colocar as exatas palavras-chave que correspondem a este tipo de conteúdo. Porém, algumas páginas podem se safar do bloqueio mesmo. Que eu saiba, um software que bloqueie por completo, podendo adicionar inúmeras palavras no filtro, só irá lhe proporcionar isso mediante pagamento, ou seja, um software pago. A não ser que use os métodos alternativos que eu uso, com as versões Server do Windows ou com o Linux, como eu comentei em outro post.

Agora, Carol, não sei se trata-se de uma criança, pois neste caso, o correto seria a utilização de um programa de controle de pais. Mas o usuário que está acessando este tipo de conteúdo, deve ter o mínimo de bom senso. Não adianta você instalar "zilhões" de softwares de segurança, filtros, e etc, se a pessoa não coopera. Lembre-se de que nenhum software é 100% garantido, ele, por si só, não pode impedir as atividades inseguras que o usuário executa na web, não concorda? Estou apenas lhe dando um conselho de amigo, porque sei que isso é uma situação incômoda. Ou, em último caso, instrua o certo usuário à usufruir de uma máquina virtual para acessar tais conteúdos.

Siga abaixo:

Spoiler

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Se o ComboFix encontrar algum tipo de emulador de CD (como o DAEMON Tools, Alcohol, etc) aparecerá uma mensagem dizendo que precisa ser desabilitado. Clique em OK e aguarde o PC reiniciar.

● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Não;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

 

[tfarina]

Ola Mr. Wolf, tudo bem??

Meu CPU está com 100% da memória sendo usada. Não sei o que aconteceu, pois faz um bom tempo q nao instalo nada novo...
O IE aberto agora, está consumindo 52Mb, esta única janela....

Mal consigo rodar o HiJack ou o Malware.... o que me recomenda??

Conhece o nvvsvc.exe??? é ualgum arquivo malicioso?

Obrigado e desculpe mais um incomodo... hehehe

Abs

 

[carolgsn]

Olá Mr. Wolf...

Obrigada pela dicas... terei masi cuidado a partir de agora....
Mr. Wolf, a pior parte é que não se trata de uma criança... é uma pessoa que não tem é vergonha nenhuma... Qdo for entregar a maquina, vou conversar com minha tia, vou colocar pra ela tudo isso que vc me disse aqui e ela toma uma atitude.... Eu acho que mesmo não se tratando de uma criança vou arrumar o controle dos pais.... rsrsrsr

Concordo plenamente com tudo que vc disse, principalmente pq há todo tempo surgem novos sites, novas pragas... e se não for com cuidado, não adianta nem ter internet, pq o pc vai ficar só na manutenção...

Vc tem razão... é uma situção mtu incomoda... Se fosse meu computador eu acho que morreira de vergonha, pois quem arruma sabe o que aconteceu... pq ele pegou certos virus, principalemtne tendo acesso à maquina, aos documentos...


Ps. Obrigada pelos conselhos...

Desculpa o trabalhão...

Segue o log...

Spoiler

ComboFix 10-04-29.05 - CidinhaAlencar 30/04/2010 18:20:00.2.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1247.992 [GMT -3:00]
Executando de: C:\Documents and Settings\CidinhaAlencar\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADA !!
.
ADS - drivers: deleted 204 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\addon.dat
C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\inst.exe
C:\WINDOWS\system32\system32
C:\WINDOWS\system32\System32\klog.dat

.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))
.

2010-04-30 15:51:10 . 2010-04-30 15:51:13 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-04-29 15:50:03 . 2010-04-29 15:50:03 -------- d-----w- C:\WINDOWS\Sun
2010-04-28 22:13:33 . 2010-04-28 22:13:33 13312 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Thinstall\Novo Dicionário Aurélio\4000001ca00002h\aurelio.exe
2010-04-28 22:13:33 . 2010-04-28 22:13:33 -------- d-----w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Thinstall
2010-04-28 21:18:18 . 2010-04-28 17:59:44 700416 ---h--w- C:\WINDOWS\system32\babfiv.sys
2010-04-28 21:18:17 . 2010-04-30 15:22:18 542 ---h--w- C:\Documents and Settings\All Users\gwp.sys
2010-04-28 21:18:17 . 2010-04-28 21:18:17 -------- d--h--w- C:\WINDOWS\system32\1052
2010-04-28 21:18:11 . 2010-04-28 21:18:17 -------- d--h--w- C:\Arquivos de programas\Blok Free 4
2010-04-28 14:27:43 . 2010-04-28 14:27:43 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
2010-04-27 18:17:51 . 2008-04-13 18:45:12 60032 -c--a-w- C:\WINDOWS\system32\dllcache\usbaudio.sys
2010-04-27 18:17:51 . 2008-04-13 18:45:12 60032 ----a-w- C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-04-27 14:56:18 . 2008-05-09 10:55:06 90112 -c----w- C:\WINDOWS\system32\dllcache\wshext.dll
2010-04-27 14:56:18 . 2008-05-09 10:55:05 180224 -c----w- C:\WINDOWS\system32\dllcache\scrobj.dll
2010-04-27 14:56:18 . 2008-05-09 10:55:05 172032 -c----w- C:\WINDOWS\system32\dllcache\scrrun.dll
2010-04-27 14:56:17 . 2008-05-09 08:45:51 135168 -c----w- C:\WINDOWS\system32\dllcache\cscript.exe
2010-04-27 14:56:17 . 2008-05-08 11:24:44 155648 -c----w- C:\WINDOWS\system32\dllcache\wscript.exe
2010-04-24 18:02:17 . 2010-04-24 18:02:17 -------- d-sh--w- C:\WINDOWS\system32\config\systemprofile\IETldCache
2010-04-24 16:18:47 . 2010-04-24 16:18:47 -------- d-sh--w- C:\Documents and Settings\CidinhaAlencar\IECompatCache
2010-04-24 16:18:18 . 2010-04-24 16:18:18 -------- d-sh--w- C:\Documents and Settings\CidinhaAlencar\PrivacIE
2010-04-24 16:16:11 . 2010-04-24 16:16:11 -------- d-sh--w- C:\Documents and Settings\CidinhaAlencar\IETldCache
2010-04-24 15:50:11 . 2010-02-25 06:17:52 12800 -c----w- C:\WINDOWS\system32\dllcache\xpshims.dll
2010-04-24 15:50:09 . 2010-02-25 06:17:47 247808 -c----w- C:\WINDOWS\system32\dllcache\ieproxy.dll
2010-04-24 15:50:05 . 2010-04-27 14:58:01 -------- d-----w- C:\WINDOWS\ie8updates
2010-04-24 15:50:02 . 2010-02-16 04:50:23 64000 -c----w- C:\WINDOWS\system32\dllcache\iecompat.dll
2010-04-24 15:48:57 . 2010-04-24 15:49:59 -------- dc-h--w- C:\WINDOWS\ie8
2010-04-24 15:41:44 . 2010-04-24 15:41:44 -------- d-----w- C:\Arquivos de programas\MSXML 6.0
2010-04-24 15:32:41 . 2004-08-04 03:45:24 21504 ----a-w- C:\WINDOWS\system32\drivers\hidserv.dll
2010-04-24 15:23:44 . 2009-07-31 13:03:48 1372672 -c----w- C:\WINDOWS\system32\dllcache\msxml6.dll
2010-04-24 15:23:44 . 2008-04-13 20:58:06 86016 -c----w- C:\WINDOWS\system32\dllcache\msxml6r.dll
2010-04-24 14:45:17 . 2008-06-14 17:34:41 272384 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys
2010-04-24 14:44:40 . 2009-12-31 16:50:03 353792 -c----w- C:\WINDOWS\system32\dllcache\srv.sys
2010-04-24 14:43:14 . 2010-02-24 13:11:07 455680 -c----w- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2010-04-24 14:43:04 . 2009-11-21 15:58:49 471552 -c----w- C:\WINDOWS\system32\dllcache\aclayers.dll
2010-04-24 14:29:30 . 2010-04-27 14:55:29 -------- d-----w- C:\CCProxy
2010-04-24 14:28:36 . 2010-04-24 14:28:36 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Java
2010-04-24 14:28:09 . 2010-04-24 14:27:56 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-04-24 14:24:25 . 2008-05-08 14:02:52 203136 -c----w- C:\WINDOWS\system32\dllcache\rmcast.sys
2010-04-24 14:23:23 . 2009-07-10 13:27:51 1315328 -c----w- C:\WINDOWS\system32\dllcache\msoe.dll
2010-04-24 14:22:28 . 2008-04-11 19:05:45 691712 -c----w- C:\WINDOWS\system32\dllcache\inetcomm.dll
2010-04-24 14:18:35 . 2008-10-15 16:36:42 337408 -c----w- C:\WINDOWS\system32\dllcache\netapi32.dll
2010-04-24 14:10:09 . 2008-04-21 21:15:18 216064 -c----w- C:\WINDOWS\system32\dllcache\wordpad.exe
2010-04-24 13:57:50 . 2010-04-24 13:57:52 -------- d-----w- C:\Arquivos de programas\Messenger Plus! Live
2010-04-17 01:35:12 . 2009-03-30 12:33:07 96104 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2010-04-17 01:35:12 . 2009-02-13 14:29:11 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-04-17 01:35:12 . 2009-02-13 14:17:49 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-04-17 01:35:10 . 2010-04-17 01:35:10 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Avira
2010-04-17 01:35:10 . 2010-04-17 01:35:10 -------- d-----w- C:\Arquivos de programas\Avira
2010-04-17 01:23:23 . 2010-04-17 01:23:24 -------- d-----w- C:\Arquivos de programas\Windows Media Connect 2
2010-04-17 01:21:29 . 2010-04-17 01:22:30 -------- d-----w- C:\WINDOWS\system32\drivers\UMDF
2010-04-17 01:21:29 . 2010-04-17 01:21:29 -------- d-----w- C:\WINDOWS\system32\LogFiles
2010-04-17 00:29:50 . 2010-04-17 00:29:50 -------- d-----w- C:\Arquivos de programas\Trend Micro
2010-04-17 00:15:58 . 2001-10-28 12:07:28 101376 -c--a-w- C:\WINDOWS\system32\dllcache\srusbusd.dll
2010-04-17 00:14:59 . 2001-10-28 12:06:40 9216 -c--a-w- C:\WINDOWS\system32\dllcache\iwrps.dll
2010-04-17 00:13:58 . 2001-10-28 12:06:10 45568 -c--a-w- C:\WINDOWS\system32\dllcache\browscap.dll
2010-04-17 00:12:55 . 2004-08-04 03:45:28 221184 ----a-w- C:\WINDOWS\system32\wmpns.dll
2010-04-17 00:11:20 . 2001-10-28 12:06:40 16384 -c--a-w- C:\WINDOWS\system32\dllcache\isignup.exe
2010-04-17 00:00:52 . 2001-10-28 12:07:28 24661 -c--a-w- C:\WINDOWS\system32\dllcache\spxcoins.dll
2010-04-17 00:00:52 . 2001-10-28 12:07:28 24661 ----a-w- C:\WINDOWS\system32\spxcoins.dll
2010-04-17 00:00:52 . 2001-10-28 12:06:38 13312 -c--a-w- C:\WINDOWS\system32\dllcache\irclass.dll
2010-04-17 00:00:52 . 2001-10-28 12:06:38 13312 ----a-w- C:\WINDOWS\system32\irclass.dll

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 18:20:43 . 2001-10-28 12:07:18 48744 ----a-w- C:\WINDOWS\system32\perfc016.dat
2010-04-27 18:20:43 . 2001-10-28 12:07:18 344724 ----a-w- C:\WINDOWS\system32\perfh016.dat
2010-04-24 19:23:32 . 2010-01-25 15:17:02 -------- d-----w- C:\Arquivos de programas\CCleaner
2010-04-24 15:33:07 . 2010-04-24 15:33:07 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-04-24 15:33:05 . 2010-04-24 15:33:05 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-04-17 01:24:08 . 2010-03-06 21:34:11 -------- d-----w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Skype
2010-04-17 01:24:03 . 2010-03-06 21:36:36 -------- d-----w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\skypePM
2010-04-17 00:09:42 . 2010-01-25 13:08:26 23040 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
2010-03-10 06:16:48 . 2004-08-04 03:45:28 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll
2010-03-06 21:36:37 . 2010-03-06 21:36:37 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat
2010-03-06 21:10:45 . 2010-03-06 21:10:45 -------- d-----w- C:\Arquivos de programas\Microsoft
2010-03-06 21:10:41 . 2010-03-06 21:10:10 -------- d-----w- C:\Arquivos de programas\Windows Live
2010-03-06 21:10:30 . 2010-03-06 21:10:30 -------- d-----w- C:\Arquivos de programas\Windows Live SkyDrive
2010-03-06 21:08:29 . 2010-03-06 21:08:25 -------- d-----r- C:\Arquivos de programas\Skype
2010-03-06 21:08:29 . 2010-03-06 21:08:21 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Skype
2010-03-06 21:08:28 . 2010-03-06 21:08:28 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Skype
2010-02-25 06:17:52 . 2004-08-04 03:45:28 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-02-24 13:11:07 . 2004-08-04 02:15:18 455680 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2010-02-18 13:20:44 . 2010-02-12 16:11:15 30752 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys
2010-02-17 17:07:18 . 2004-08-04 03:40:34 2194176 ----a-w- C:\WINDOWS\system32\ntoskrnl.exe
2010-02-16 19:07:16 . 2004-08-04 00:40:22 2071040 ----a-w- C:\WINDOWS\system32\ntkrnlpa.exe
2010-02-14 11:30:24 . 2010-02-14 11:30:24 503808 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c32c15f-n\msvcp71.dll
2010-02-14 11:30:24 . 2010-02-14 11:30:24 499712 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c32c15f-n\jmc.dll
2010-02-14 11:30:24 . 2010-02-14 11:30:24 348160 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c32c15f-n\msvcr71.dll
2010-02-14 11:29:58 . 2010-02-14 11:29:58 61440 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-39a2486a-n\decora-sse.dll
2010-02-14 11:29:58 . 2010-02-14 11:29:58 12800 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-39a2486a-n\decora-d3d.dll
2010-02-12 16:11:17 . 2010-02-12 16:02:58 1882 ----a-w- C:\Arquivos de programas\Diagnóstico BB.log
2010-02-12 16:09:54 . 2010-02-12 16:09:54 79488 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\jre1.6.0_18\gtapi.dll
2010-02-12 16:09:54 . 2010-02-12 16:09:54 152576 ----a-w- C:\Documents and Settings\CidinhaAlencar\Dados de aplicativos\Sun\Java\jre1.6.0_18\lzma.dll
2010-02-12 16:02:52 . 2010-02-12 16:02:49 2070432 ----a-w- C:\Arquivos de programas\DiagnosticoBB.exe
2010-02-12 04:34:55 . 2004-08-04 03:45:22 100864 ----a-w- C:\WINDOWS\system32\6to4svc.dll
2010-02-11 12:02:15 . 2004-08-04 02:07:46 226880 ----a-w- C:\WINDOWS\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCProxy"="C:\CCProxy\CCProxy.exe" [2009-10-30 16:37:54 1044480]
"abfiv"="c:\arquivos de programas\blok free 4\abfiv.exe" [2010-04-28 17:59:44 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 10:15:12 106496]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 09:01:36 68096]
"avgnt"="C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 15:08:47 209153]
"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040]
"Blok Free 4"="C:\Arquivos de programas\Blok Free 4\abfiv.exe" [2010-04-28 17:59:44 700416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2010-02-18 13:19:34 323360 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\InterVideo\\DVD7\\WinDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\CCProxy\\CCProxy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCPxpsp2res.dll,-22015
"1701:UDP"= 1701:UDPxpsp2res.dll,-22016
"500:UDP"= 500:UDPxpsp2res.dll,-22017

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [12/2/2010 13:11:15 30752]
R0 SiSRaid1;SiSRaid1;C:\WINDOWS\system32\drivers\SiSRaid1.sys [25/1/2010 11:28:53 45568]
S0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [26/1/2010 22:35:24 717296]
S2 AntiVirSchedulerService;Avira AntiVir Programador;C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [16/4/2010 22:35:11 108289]
S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [12/2/2010 13:11:15 54048]
S2 Syslogon;System logon;C:\WINDOWS\system32\1052\lsass.exe [28/4/2010 18:18:17 461312]
.
Conteúdo da pasta 'Tarefas Agendadas'

2010-04-30 C:\WINDOWS\Tasks\AWC AutoSweep.job
- C:\Arquivos de programas\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-25 15:41:06 . 2009-11-20 15:51:20]

2010-04-24 C:\WINDOWS\Tasks\FRU Task 2003-04-06 08:52:06ewlett-Packard2003-04-06 08:52:06p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8264430792.job
- C:\Arquivos de programas\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 02:52:08 . 2003-04-06 02:52:08]

2010-04-30 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AF33A137-14A7-4547-B35B-6AED88FF33DF}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 20:36:40 . 2009-03-08 07:31:54]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.terra.com.br/
uInternet Settings,ProxyServer = 192.168.0.123:3128
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.br\www.bancobrasil
Trusted Zone: com.br\www.bb
Trusted Zone: com.br\www14.bancobrasil
Trusted Zone: com.br\www2.bancobrasil
TCP: {EE6EC8FF-9965-478E-9614-240478F2525A} = 200.225.197.34,200.225.197.37
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-30 18:23:19
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...


C:\WINDOWS\RGI1.tmp

Varredura completada com sucesso
arquivos/ficheiros ocultos: 1

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(240)
C:\Arquivos de programas\GbPlugin\gbieh.dll

- - - - - - - > 'explorer.exe'(536)
C:\WINDOWS\system32\WININET.dll
C:\Arquivos de programas\GbPlugin\gbieh.dll
.
Tempo para conclusão: 2010-04-30 18:24:43
ComboFix-quarantined-files.txt 2010-04-30 21:24:39

Pré-execução: 6 pasta(s) 26.495.512.576 bytes disponíveis
Pós execução: 7 pasta(s) 26.485.837.824 bytes disponíveis

Current=2 Default=2 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - BB48F3413F5FBB90F9C646C850C97A05

 

[tfarina]

Ola Mr. Wolf, tudo bem??

Meu CPU está com 100% da memória sendo usada. Não sei o que aconteceu, pois faz um bom tempo q nao instalo nada novo...
O IE aberto agora, está consumindo 52Mb, esta única janela....

Mal consigo rodar o HiJack ou o Malware.... o que me recomenda??

Conhece o nvvsvc.exe??? é ualgum arquivo malicioso?

Obrigado e desculpe mais um incomodo... hehehe

Abs

Consegui rodar o Hi Jack:

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:19, on 30/04/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\ZSSnp211.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270995972773
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - d:\jogos\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--
End of file - 7801 bytes

Rodei o OTL:
OTL.txt:

Spoiler

OTL logfile created on: 4/30/2010 7:08:10 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = D:\Users\THIAGO\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 43.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.78 Gb Total Space | 76.88 Gb Free Space | 44.50% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 130.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THIAGO-PC
Current User Name: THIAGO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - D:\Users\THIAGO\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\GbPlugin\GbpSv.exe ( )
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\ZSSnp211.exe (ZSMCSNAP)


========== Modules (SafeList) ==========

MOD - D:\Users\THIAGO\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- d:\Jogos\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (GbpSv) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe ( )
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (VSS) -- C:\Windows\Vss [2009/07/14 00:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 00:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (ZSMC211) ZSMC USB PC Camera (ZS211) -- C:\Windows\SysNative\drivers\ZS211.sys (ZSMC.Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)
DRV - (CSC) -- C:\Windows\CSC [2010/02/02 00:39:05 | 000,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
DRV - (papycpu2) -- C:\Windows\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\Windows\System32\DRIVERS\papyjoy.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 53 EA 1B 8E A3 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Unibanco)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe (ZSMCSNAP)
O4 - HKLM..\Run: [EVGAPrecision] C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe ()
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1270995972773 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking.unibanco.com.br/GbPlugin/cab/GbPluginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.184 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\ GbPluginUni: DllName - C:\PROGRA~2\GbPlugin\gbiehUni.dll - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Unibanco)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8b8ec75-0f8c-11df-a7aa-001e8c0049bd}\Shell - "" = AutoRun
O33 - MountPoints2\{d8b8ec75-0f8c-11df-a7aa-001e8c0049bd}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 19:03:14 | 000,000,000 | ---D | C] -- C:\Users\THIAGO\AppData\Roaming\Malwarebytes
[2010/04/30 19:01:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/30 19:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/04/30 19:01:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/30 19:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/04/30 18:26:52 | 070,825,992 | ---- | C] ( ) -- D:\Users\THIAGO\Desktop\setup_9.0.0.722_30.04.2010_23-21.exe
[2010/04/30 18:15:30 | 000,562,176 | ---- | C] (OldTimer Tools) -- D:\Users\THIAGO\Desktop\OTL.exe
[2010/04/30 18:14:27 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- D:\Users\THIAGO\Desktop\mbam-setup-1.46.exe
[2010/04/28 12:44:08 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/04/28 12:44:08 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010/04/22 20:54:46 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/04/22 20:54:43 | 000,000,000 | ---D | C] -- C:\Users\THIAGO\AppData\Roaming\Sun
[2010/04/19 21:46:37 | 000,000,000 | ---D | C] -- C:\Users\THIAGO\AppData\Local\ElevatedDiagnostics
[2010/04/19 21:34:52 | 000,057,344 | ---- | C] (ZSMCSNAP) -- C:\Windows\ZSSnp211.exe
[2010/04/19 21:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vimicro
[2010/04/19 21:34:31 | 000,000,000 | ---D | C] -- C:\Users\THIAGO\AppData\Roaming\InstallShield
[2010/04/18 15:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010/04/15 22:47:05 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/15 22:47:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/15 22:47:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/15 22:47:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/14 12:43:01 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/04/14 12:43:01 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/04/14 12:42:58 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/04/14 12:42:58 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/04/14 12:42:58 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/04/14 12:42:12 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/04/14 12:42:12 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/04/14 12:42:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/04/14 12:42:11 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/04/11 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GbPlugin
[2010/04/11 21:56:52 | 000,030,336 | ---- | C] (GAS Tecnologia) -- C:\Windows\SysWow64\drivers\GbpKm.sys
[2010/04/09 11:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin
[2010/04/06 20:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/06 20:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/04/06 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010/04/01 22:01:51 | 000,314,880 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/03/31 23:26:07 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/03/31 23:26:07 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010/03/31 23:26:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010/03/31 23:26:06 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/03/31 23:26:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/03/31 23:26:06 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/03/31 23:26:06 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/03/31 23:26:06 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/30 20:39:44 | 003,670,016 | -HS- | M] () -- C:\Users\THIAGO\NTUSER.DAT
[2010/04/30 19:02:10 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/30 18:27:24 | 070,825,992 | ---- | M] ( ) -- D:\Users\THIAGO\Desktop\setup_9.0.0.722_30.04.2010_23-21.exe
[2010/04/30 18:15:41 | 000,562,176 | ---- | M] (OldTimer Tools) -- D:\Users\THIAGO\Desktop\OTL.exe
[2010/04/30 18:14:37 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- D:\Users\THIAGO\Desktop\mbam-setup-1.46.exe
[2010/04/30 17:53:21 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 17:53:19 | 000,018,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/30 17:27:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/30 17:27:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/30 17:27:02 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/22 13:24:23 | 000,000,747 | ---- | M] () -- C:\Users\Public\Desktop\CTDP's ChampionShipManager NX.lnk
[2010/04/19 23:06:05 | 000,024,744 | ---- | M] () -- D:\Users\THIAGO\Desktop\andreia_1[1].odt
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/04/11 11:21:43 | 001,520,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/04/11 11:21:43 | 000,663,766 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2010/04/11 11:21:43 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/04/11 11:21:43 | 000,129,764 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2010/04/11 11:21:43 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/04/11 11:19:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/04/05 13:27:44 | 000,046,747 | ---- | M] () -- D:\Users\THIAGO\Desktop\NewStrategyF1Time.xlsm
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/30 19:02:10 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/22 13:24:23 | 000,000,747 | ---- | C] () -- C:\Users\Public\Desktop\CTDP's ChampionShipManager NX.lnk
[2010/04/19 23:06:04 | 000,024,744 | ---- | C] () -- D:\Users\THIAGO\Desktop\andreia_1[1].odt
[2010/04/19 21:34:52 | 000,049,152 | ---- | C] () -- C:\Windows\Domino.exe
[2010/04/11 11:19:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/03/25 22:03:35 | 001,535,256 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/03/23 21:02:31 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu2.sys
[2010/03/23 21:02:31 | 000,001,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\papyjoy.sys
[2010/03/23 21:00:50 | 000,000,207 | ---- | C] () -- C:\Windows\Sierra.ini
[2010/02/02 22:27:49 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/02/02 22:27:48 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/02/02 22:27:45 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/02/02 22:27:45 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/02/02 22:27:44 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010/02/02 22:27:43 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/02/02 22:27:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/01 19:19:18 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2010/03/25 22:20:45 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\2K Sports
[2010/02/04 20:51:57 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\DAEMON Tools Lite
[2010/02/06 09:39:32 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\HD Tune Pro
[2010/02/16 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\Leadertech
[2010/02/14 18:55:29 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\MAXON
[2010/02/05 12:14:06 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\Sports Interactive
[2010/04/30 17:44:54 | 000,000,000 | ---D | M] -- C:\Users\THIAGO\AppData\Roaming\uTorrent
[2010/04/05 12:58:23 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
< End of report >

Extra.txt do OTL:

Spoiler

OTL Extras logfile created on: 4/30/2010 7:08:11 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = D:\Users\THIAGO\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 43.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.78 Gb Total Space | 76.88 Gb Free Space | 44.50% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 130.04 Gb Free Space | 44.39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THIAGO-PC
Current User Name: THIAGO
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EF54987-EE4A-4096-90CB-8B21214B50E8}" = Microsoft Antimalware Service PT-BR Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call
"{44B660BB-EAC5-4D4F-9890-C607DD5F7630}" = Thrustmaster Calibration Tool
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = USB PC Camera(ZS0211)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92C7D009-A464-4948-A980-7A3E28CB2F49}" = Richard Burns Rally
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger
"{BF0BC679-A503-43AF-9104-E8842999955E}_is1" = CTDP's ChampionShipManager NX 2.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Football Manager 2010" = Football Manager 2010
"HD Tach_is1" = HD Tach version 3
"HD Tune Pro_is1" = HD Tune Pro 4.01
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.6.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MV AntiSpy 4.0_is1" = MV AntiSpy 4.0
"MV Defrag 1.9_is1" = MV Defrag 1.9
"MV RegClean 5.9_is1" = MV RegClean 5.9
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PokerStars.net" = PokerStars.net
"Precision" = EVGA Precision 1.9.1
"RBRTM" = RBR Tournament plugin (remove only)
"rFactor" = rFactor (remove only)
"SpeedFan" = SpeedFan (remove only)
"Steam App 17450" = Dragon Age: Origins
"Steam App 20510" = S.T.A.L.K.E.R.: Clear Sky
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 8600" = RACE 07
"Steam App 8660" = GTR Evolution
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2010 11:43:21 AM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: AcXtrnal.DLL, version: 6.1.7600.16385,
time stamp: 0x4a5bd98a Exception code: 0xc0000374 Fault offset: 0x00008518 Faulting
process id: 0xb98 Faulting application start time: 0x01cada56dc6324d5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\AppPatch\AcXtrnal.DLL Report Id: 1efe9110-464a-11df-9283-001e8c0049bd

Error - 4/12/2010 7:51:12 PM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x003481f6 Faulting
process id: 0x324 Faulting application start time: 0x01cada96f35cec43 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\mshtml.dll Report Id: 45ee4721-468e-11df-9860-001e8c0049bd

Error - 4/12/2010 8:02:06 PM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x003481f6 Faulting
process id: 0xac Faulting application start time: 0x01cada9b099e7da0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\mshtml.dll Report Id: cb947b1e-468f-11df-9860-001e8c0049bd

Error - 4/15/2010 8:07:29 PM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: javaw.exe, version: 6.0.190.4, time stamp:
0x4b960e0a Faulting module name: java.dll, version: 6.0.190.4, time stamp: 0x4b963ed1
Exception
code: 0xc0000005 Fault offset: 0x00005875 Faulting process id: 0x6ac Faulting application
start time: 0x01cadcf8cb840792 Faulting application path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe
Faulting
module path: C:\Program Files (x86)\Java\jre6\bin\java.dll Report Id: 0b8f0d5c-48ec-11df-b16d-001e8c0049bd

Error - 4/18/2010 1:14:09 PM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FFB Power 1.03.exe, version: 0.0.0.0, time
stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdbdf Exception code: 0x0eedfade Fault offset: 0x0000b727 Faulting
process id: 0x10bc Faulting application start time: 0x01cadf1a8d06693e Faulting application
path: C:\Users\THIAGO\AppData\Local\Temp\Rar$EX00.040\FFB Power 1.03.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: ccbf008e-4b0d-11df-9cb8-001e8c0049bd

Error - 4/19/2010 11:48:57 AM | Computer Name = THIAGO-PC | Source = Application Hang | ID = 1002
Description = The program fm.exe version 10.1.1.24200 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 538 Start Time:
01cadfd6c77178ab Termination Time: 0 Application Path: D:\Jogos\Football Manager
2010\fm.exe Report Id:

Error - 4/20/2010 8:26:20 PM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: IEFRAME.dll, version: 8.0.7600.16535,
time stamp: 0x4b838822 Exception code: 0xc0000005 Fault offset: 0x00008c6b Faulting
process id: 0xa9c Faulting application start time: 0x01cae0e90c85633a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 81afa3a6-4cdc-11df-89a8-001e8c0049bd

Error - 4/22/2010 12:09:16 AM | Computer Name = THIAGO-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bc69e Faulting module name: mshtml.dll, version: 8.0.7600.16535,
time stamp: 0x4b83889f Exception code: 0xc0000005 Fault offset: 0x003481f6 Faulting
process id: 0xe4c Faulting application start time: 0x01cae1c53d63bec0 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\mshtml.dll Report Id: d08fd70c-4dc4-11df-a96e-001e8c0049bd

Error - 4/25/2010 10:22:31 PM | Computer Name = THIAGO-PC | Source = Application Hang | ID = 1002
Description = The program fm.exe version 10.1.1.24200 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: ff8 Start Time:
01cae4e74e0a7fb8 Termination Time: 40 Application Path: D:\Jogos\Football Manager
2010\fm.exe Report Id: 8fa2115a-50da-11df-acfd-001e8c0049bd

Error - 4/30/2010 5:27:16 PM | Computer Name = THIAGO-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 4/30/2010 5:31:01 PM | Computer Name = THIAGO-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 4/30/2010 5:31:31 PM | Computer Name = THIAGO-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 4/30/2010 5:32:01 PM | Computer Name = THIAGO-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 4/30/2010 5:33:19 PM | Computer Name = THIAGO-PC | Source = DCOM | ID = 10010
Description =

Error - 4/30/2010 5:53:40 PM | Computer Name = THIAGO-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 4/30/2010 6:23:16 PM | Computer Name = THIAGO-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 4/30/2010 6:45:46 PM | Computer Name = THIAGO-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 4/30/2010 6:47:04 PM | Computer Name = THIAGO-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 4/30/2010 6:55:41 PM | Computer Name = THIAGO-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%834 Error Code: 0x80004005 Error description: Unspecified error Reason: %%838

Error - 4/30/2010 7:18:21 PM | Computer Name = THIAGO-PC | Source = Service Control Manager | ID = 7000
Description = The WMPNetworkSvc service failed to start due to the following error:
%%3


< End of report >

Malwarebytes:

Spoiler

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versão da base de dados: 4056

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01/05/2010 09:17:41
mbam-log-2010-05-01 (09-17-41).txt

Tipo de pesquisa: Completa (C:\|D:\|)
Objectos verificados: 406024
Tempo decorrido: 12 hora(s), 17 minuto(s), 30 segundo(s)

Processos de memória infectados: 0
módulos de Memória infectados: 0
Chaves do Registo Infectadas: 0
Valores do Registo infectados: 0
Itens de dados do Registo Infectados: 0
Pastas Infectadas: 0
Ficheiros Infectados: 0

Processos de memória infectados:
(Nenhum item malicioso detectado)

módulos de Memória infectados:
(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:
(Nenhum item malicioso detectado)

Valores do Registo infectados:
(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:
(Nenhum item malicioso detectado)

Pastas Infectadas:
(Nenhum item malicioso detectado)

Ficheiros Infectados:
(Nenhum item malicioso detectado)

O engraçado é que tem momentos do dia, que funciona.... Acho que é algum bot....
ontem, ate umas 23h nao rodava nada, de repente começou a funcionar normal... hj de manha estava melhor, ams logo depois ficou impossivel usar, ate agora, umas 19h, que voltou a funcionar normalmente

 

[Mauricio Fabiano]

Caro Mr.Wolf

Nem sei como te agradecer pela analise que fez. Não é todo dia que encontramos pessoas dispostas a ajudar assim as outras. Vc é muito gente boa e inteligente. Como posso me orientar melhor desse phishing de agora em diante? Não baixar programas de sites desconhecidos, e o que mais vc me recomenda??

Formatarei imediatamente o Micro de novo.

Só alguns detalhes, coloquei alguns arquivos de textos, Pdf, Html e Doc meu aqui no sistema por causa que era necessário, e fiz isso antes de saber que o Avast que eu baixei era falso de um phishing, e um aplicativo em visual basic que eu estava inventando pra um trabalho da faculdade.

Precisarei fazer backups deles. Mas não sei se é seguro.

Nisso te pergunto posso salvá-los no meu Pendrive e formatar depois?

Ps: sou um zero a esquerdo com esse negócio de vírus.

Muitissimo obrigado pela análise e desculpe qualquer incomodo, valeu mesmo o tempo reservado para o meu caso.

Atenciosamente,
Mauricio

 

[tarcisinho]

Ae Mr. Wolf, meu PC tem ficado lerdo e travando em algumas coisas mesmo quando estou usando poucos programas (pra um PC com memória de 3gb não é normal) e também alguns sites da internet não abrem (e ja verifiquei com outras pessoas e funciona normal), além do meu antivirus não querer iniciar mais, da um erro...

Quase certeza que é virus, então me da uma mãozinha aí Mr Wolf

Obrigado

Spoiler

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:27, on 01/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFAB.EXE
C:\Users\Tarcísio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com?o=15788&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USB Gamepad] C:\Windows\USB Vibration\dr100&110\USB Gamepad.exe -boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EPSON T24 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFAB.EXE /FU "C:\Windows\TEMP\E_S484B.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = ?
O4 - Startup: NHL® 09 Registration.lnk = C:\Program Files\EA Sports\NHL 09\Support\EAregister.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1caafe5b3048081) (gupdate1caafe5b3048081) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--
End of file - 7089 bytes

 

[Mchawk]

Fala Wolf! Obrigado pelas palavras!


Seguinte. A pasta C:\_Bridge eu conheço, e é confiável (Bridge porque está relacionado ao jogo de cartas Bridge, e contem só um arquivo, um .doc com as regras do jogo). Agora as duas pastas que tu citou no system32 eu não encontrei, mesmo pedindo ao explorer mostrar arquivos e pastas ocultas.

Segui todas as instruções, salvo a atualização do AVZ4, pois o programa não reconheceu as configurações de rede (imagina se não). Infelizmente, o problema persiste.

Segue o log do OTL e do HijackThis, respectivamente.

Spoiler

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f418fd2-5202-11df-bf7a-00140b64e415}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f418fd2-5202-11df-bf7a-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f418fd2-5202-11df-bf7a-00140b64e415}\ not found.
File C:\RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455abae-4fb3-11df-80fc-0017c44302f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6455abae-4fb3-11df-80fc-0017c44302f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455abae-4fb3-11df-80fc-0017c44302f9}\ not found.
File C:\RECYCLER\S-7-9-51-100014447-100014769-100013599-2638.com h:\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
File D:\instalar.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
File D:\instalar.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8edfbbdf-87a8-11de-b81d-806e6f6e6963}\ not found.
File D:\instalar.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f04bcce-c57f-11de-a61a-00140b64e415}\ not found.
File RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f04bcce-c57f-11de-a61a-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f04bcce-c57f-11de-a61a-00140b64e415}\ not found.
File RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\sweet.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e05809dd-9f1c-11de-ad59-00140b64e415}\ not found.
File p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05809dd-9f1c-11de-ad59-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e05809dd-9f1c-11de-ad59-00140b64e415}\ not found.
File p.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
File C:\ReCYClER\\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
File C:\rECyCLeR\\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e05809f1-9f1c-11de-ad59-00140b64e415}\ not found.
File C:\rECYCLEr\explorer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff180c8-3c2d-11df-b835-00140b64e415}\ not found.
File E:\ji83j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff180c8-3c2d-11df-b835-00140b64e415}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff180c8-3c2d-11df-b835-00140b64e415}\ not found.
File E:\ji83j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\Setup.exe not found.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public

User: Uca
->Temp folder emptied: 1007734248 bytes
->Temporary Internet Files folder emptied: 16407673 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6191821 bytes
->Flash cache emptied: 6880 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 22016 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53917414 bytes
RecycleBin emptied: 268308763 bytes

Total Files Cleaned = 1.290,00 mb


OTL by OldTimer - Version 3.2.3.0 log created on 05012010_113732

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Spoiler

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:42, on 01/05/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\s3trayp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Power Manager\PM.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Uca\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] X:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\RunOnce: [NCInstallQueue] rundll32 netman.dll,ProcessQueue
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agendador do LiveUpdate automático (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: DPSUCJFM - Unknown owner - C:\Users\Uca\AppData\Local\Temp\DPSUCJFM.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: RWFZDASWLG - Unknown owner - C:\Users\Uca\AppData\Local\Temp\RWFZDASWLG.exe (file missing)
O23 - Service: YEXSENATYGMNUY - Unknown owner - C:\Users\Uca\AppData\Local\Temp\YEXSENATYGMNUY.exe (file missing)

--
End of file - 5577 bytes

Segue em anexo o arquivo .zip do AVZ4 (Não tenho permissão para anexar?!?)
http://www.easy-share.com/1910088872/virusinfo_syscheck.zip

Muitíssimo obrigado, mestre!

 

[cerveja]

Mr.Wolf, tu poderia analisar meu log amigo? Se sim, segue:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:09:09, on 02/05/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Usuario\Desktop\HiJackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 4790 bytes

 

[Megadeeth]

Faaala grande Mestre tdo blzinha?????

Disculpe te amolar mais uma veiz Mestre,mais eh que o forum aki ta bem lento e acho que pode ser algum virus!!!!! Faz tempo que eu ñ coloco um Log do Hijack This aqui pra vc analisar pra mim.

Se vc poder pode analisar meu Log Mestre Wolf???

Spoiler

Logfile of HijackThis v1.99.1
Scan saved at 14:30:33, on 2/5/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 2322 bytes

Obrigadao Mestre

Um abraçao

 

[Mr.Wolf]

Boa tarde pessoal!


Megadeeth, seu log está limpo.

O fórum estar lento, não tem absolutamente nenhuma relação com vírus. Isso você deve perguntar aos administradores responsáveis pela manutenção do fórum. Dá uma espiada lá na área de Comentários e Sugestões e veja se não há alguma declaração do staff sobre isto.

Aqui também está lento, mas eu moro nos EUA, então acredito que seja o DNS.

____________________________


Opa tfarina

O arquivo nvvsvc.exe é um driver da placa de vídeo NVIDIA.

tfarina, os logs do OTL estão limpos. Assim como o do HijackThis e do MBAM (Malwarebytes).

Seu IE está consumindo 52 MB ou 52 K? Acho que você se equivocou, amigo. Fiz um teste aqui, entrando no fórum, e o consumo do IE foi para 57 K, veja na imagem:

Agora, se for MB, realmente é um consumo exagerado e anormal.

Quanto ao uso de 100% do CPU, há diversos fatores que podem influenciar para que isso ocorra, como o GbPlugin, plugin instalado por internet bankings, que está instalado em seu sistema. Porém, vi que você não está utilizando antivirus. Desta maneira, seu PC fica vulnerável a ataques virtuais mesmo.

Siga abaixo:

Spoiler

- Faça download do Kaspersky AVP Tool e salve na pasta de C:\Arquivos de programas;

● Dê um duplo clique no setup e instale o programa.
● Após a instalação, o programa será executado. Caso não seja, execute-o.
● Na tela inicial, marque todas as caixas de seleção e clique sobre a opção Recommended > Settings. Veja como fazer na imagem abaixo:

● Ao abrir a outra janela, na aba Scope, marque a opção configure como mostra a imagem:

● Clique na aba Additional e configure conforme a imagem, atentando-se para todos os detalhes da configuração:

● Clique no botão OK, lá embaixo da janela, para retornar à tela incial.
● Clique no botão Start Scan para iniciar o scan.
● Seja paciente, o scan pode demorar bastante.
● Ao longo do scan, a ferramenta poderá ir se deparando com infecções e/ou vulnerabilidades, e nisso, apresentará a você, no canto inferior direito do desktop, uma janela com opções de escolha para remover ou manter os arquivos encontrados.
● Se a janela que se abrir for vermelha, trata-se de uma infecção. Clique no botão Delete para remover o arquivo.
● Se a janela que se abrir for verde normal, é uma vulnerabilidade (provavelmente de programas desatualizados ou algo do gênero). Clique no botão Skip para manter o arquivo.
● Ao término do scan, clique em Reports, na tela inicial.
● Clique no "+" ao lado de Autoscan para expandir a lista.

● Tecle Ctrl + A para selecionar tudo e depois Ctrl + C para copiar.
● Cole este texto no Bloco de Notas e salve no desktop com a extensão .txt.
● Clique em Exit para fechar o programa. Ao ser perguntado se deseja desinstalar o programa, clique em Yes.
● Se for necessário reiniciar o PC, reinicie-o.

Poste o relatório do scan em sua próxima resposta.

____________________________


carolgsn, siga abaixo:

Spoiler

- Baixe o programa RegLooks e salve-o no desktop:

- Dê um duplo clique em reglooks.exe e aguarde;
- Cole o log criado em C:\result.txt na sua próxima resposta.

____________________________


Mauricio, leia este artigo, para entender melhor sobre como se proteger dos phishings.

Entre os malwares, haviam trojans vundo. Este tipo de trojan pode comprometer certos arquivos salvos no sistema, incluindo os de texto.

Portanto, não é seguro fazer o backup antes de verificar se eles estão integralmente limpos. Entretanto, sugiro utilizar um DVD/CD para fazer o backup, ao invés de pen drive.

Em relação ao aplicativo em Visual Basic, o qual está desenvolvendo, não se preocupe, ele não corre risco de infecção. Se fosse um aplicativo em Delphi, sim, o risco seria grande.

____________________________


tacisinho, acesse esta página, interprete o resultado (Status) e informe em sua próxima resposta.

Siga abaixo:

Spoiler

1ª Etapa

Baixe o Rkill e salve no desktop.

Feche todas as janelas e programas abertos, e execute o rkill.exe
Uma tela preta do prompt surgirá, apenas aguarde!
Ao término do procedimento da ferramenta, a tela se fechará e um log abrirá automaticamente.
O log será encontrado em C:\rkill.log.

Poste-o aqui.


2ª Etapa

Faça o download do DDS e salve no desktop

• Desative temporariamente seu antivirus e dê um duplo clique em dds.scr;
• Abrirá uma tela do DOS para você. Apenas aguarde;
• Ao término, serão abertos automaticamente dois logs. Um com o nome DDS.txt e outro Attach.txt. Estes logs também estarão salvos no desktop.

Cole os logs em sua próxima resposta.

____________________________


Mchawk, podemos cogitar a possibilidade deste problema com a rede não estar relacionado com vírus. As únicas entradas perigosas, que foram apresentadas no log pelo menos, foram removidas, e o problema com a conexão não foi sanada. Pode ser que haja outros malwares na máquina de sua mãe, que não apareceram nos logs. Com o AVZ4 desatualizado também não tem como fazer uma análise, pois muitos arquivos não são mostrados devido a isto.

Uma pergunta: O Norton está atualizando normalmente?

Siga abaixo Mchawk:

Spoiler

Primeiramente, vamos ver se resetando os setores Winsock do sistema, a rede volta ao normal.

Abra o prompt de comando como administrador. Na tela, digite o comando abaixo e tecle Enter:

netsh winsock reset

Reinicie o computador e verifique se a conexão é realizada.

Faça o download do SystemLook e salve-o no desktop;

• Dê um duplo clique em SystemLook.exe para executá-lo;
• Copie e cole este texto abaixo na janela da ferramenta:

:dir
C:\Windows\System32\M /s
C:\Windows\System32\TYFSR /s /md5

• Clique no botão Look. Abrirá um log no bloco de notas para você.
• O mesmo estará no desktop com o nome SystemLook.txt.

Cole este log em sua próxima resposta.

____________________________


cerveja, é claro que posso analisá-lo meu amigo.

Aparentemente está limpo.

Mas gostaria de dar olhar uma olhada em alguns itens, se me permite.

Siga abaixo no spoiler (clique no botão Mostrar):

Spoiler

Abra o HijackThis e clique em Open the Misc Tools section > Open Uninstall Manager > Save List. Salve o relatório no desktop e poste-o aqui.

● Faça o download do ShowVundo e execute-o dando um duplo no ícone dele;

● Apenas aguarde o término da verificação;
● Abrirá um log automaticamente no Bloco de Notas para você. O mesmo também estará em C:\vundo-bho.txt.

Cole este log em sua próxima resposta.

 

[carolgsn]

Olá Mr. Wolf

Segue o log...

Spoiler

REGLOOKS logfile - version 0.985
Scan started: dom 02/05/2010 20:18:30,81

--- INFORMATION ---

Manufacturer: To Be Filled By O.E.M. - Model: To Be Filled By O.E.M.
Operating System: Microsoft Windows XP Professional -- 5.1.2600 -- Service Pack 3 --
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz
Number of Processors: 1
Work Station
Bootmode: Normal boot
Total RAM: 1246 MB (free 756 MB - 60%)

Computername: CIDINHAA-3E75D7
Domain: GRUPO
User: CidinhaAlencar (Administrator account)

Bootdevice: \Device\HarddiskVolume1
Systemdrive: C:
Windowsdirectory: C:\WINDOWS
Systemdirectory: C:\WINDOWS\system32

Internet Explorer Version: 8.0.6001.18702

Antivirus Program: AntiVir Desktop 9.0.1.32 [Enabled - Outdated]



--- SIGCHECK ---

C:\WINDOWS\explorer.exe -- [1035776] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\appmgmts.dll -- [172032] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\browser.dll -- [77824] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\comres.dll -- [821760] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\comctl32.dll -- [617472] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\cryptsvc.dll -- [62464] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\es.dll -- [253952] -- [07/07/2008 17:28] -- sigcheck OK
C:\WINDOWS\system32\eventlog.dll -- [56320] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\ias.dll NOT found
C:\WINDOWS\system32\imm32.dll -- [110080] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\kernel32.dll -- [1028608] -- [21/03/2009 11:08] -- sigcheck OK
C:\WINDOWS\system32\linkinfo.dll -- [19968] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\lpk.dll -- [22016] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\lsass.exe -- [13312] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\mfc40u.dll -- [927504] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\msgsvc.dll -- [33792] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\mshtml.dll -- [5944832] -- [25/02/2010 03:17] -- sigcheck OK
C:\WINDOWS\system32\mspmsnsv.dll -- [27136] -- [18/10/2006 21:47] -- sigcheck OK
C:\WINDOWS\system32\mswsock.dll -- [247808] -- [20/06/2008 14:48] -- sigcheck OK
C:\WINDOWS\system32\netlogon.dll -- [407040] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\netman.dll -- [198144] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\ntkrnlpa.exe -- [2071040] -- [16/02/2010 16:07] -- sigcheck OK
C:\WINDOWS\system32\ntmssvc.dll -- [437248] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\ntoskrnl.exe -- [2194176] -- [17/02/2010 14:07] -- sigcheck OK
C:\WINDOWS\system32\pchsvc.dll NOT found
C:\WINDOWS\system32\powrprof.dll -- [17408] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\qmgr.dll -- [409088] -- [13/04/2008 18:20] -- sigcheck OK
C:\WINDOWS\system32\rasauto.dll -- [88576] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\regsvc.dll -- [59904] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\rpcss.dll -- [401408] -- [09/02/2009 07:53] -- sigcheck OK
C:\WINDOWS\system32\scecli.dll -- [184832] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\schedsvc.dll -- [193536] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\services.exe -- [111104] -- [09/02/2009 08:25] -- sigcheck OK
C:\WINDOWS\system32\sfc.dll -- [5120] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\sfcfiles.dll -- [1571840] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\spoolsv.exe -- [57856] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\srsvc.dll -- [171520] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\ssdpsrv.dll -- [71680] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\svchost.exe -- [14336] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\tapisrv.dll -- [249856] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\termsrv.dll -- [296960] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\upnphost.dll -- [186368] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\user32.dll -- [579072] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\userinit.exe -- [26112] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\wininet.dll -- [916480] -- [25/02/2010 03:17] -- sigcheck OK
C:\WINDOWS\system32\winlogon.exe -- [509952] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\ws2_32.dll -- [82432] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\wscntfy.exe -- [13824] -- [13/04/2008 23:21] -- sigcheck OK
C:\WINDOWS\system32\wuauclt.exe -- [53472] -- [06/08/2009 19:24] -- sigcheck OK
C:\WINDOWS\system32\xmlprov.dll -- [129024] -- [13/04/2008 23:20] -- sigcheck OK
C:\WINDOWS\system32\drivers\acpiec.sys -- [11904] -- [28/10/2001 09:06] -- sigcheck OK
C:\WINDOWS\system32\drivers\aec.sys -- [142592] -- [13/04/2008 13:39] -- sigcheck OK
C:\WINDOWS\system32\drivers\asyncmac.sys -- [14336] -- [13/04/2008 15:57] -- sigcheck OK
C:\WINDOWS\system32\drivers\atapi.sys -- [96512] -- [13/04/2008 15:40] -- sigcheck OK
C:\WINDOWS\system32\drivers\beep.sys -- [4224] -- [28/10/2001 09:06] -- sigcheck OK
C:\WINDOWS\system32\drivers\classpnp.sys -- [49536] -- [13/04/2008 16:16] -- sigcheck OK
C:\WINDOWS\system32\drivers\disk.sys -- [36352] -- [13/04/2008 15:40] -- sigcheck OK
C:\WINDOWS\system32\drivers\iaStor.sys NOT found
C:\WINDOWS\system32\drivers\ip6fw.sys -- [36608] -- [13/04/2008 15:53] -- sigcheck OK
C:\WINDOWS\system32\drivers\kbdclass.sys -- [25088] -- [13/04/2008 22:58] -- sigcheck OK
C:\WINDOWS\system32\drivers\ndis.sys -- [182656] -- [13/04/2008 16:20] -- sigcheck OK
C:\WINDOWS\system32\drivers\ntfs.sys -- [574976] -- [13/04/2008 16:15] -- sigcheck OK
C:\WINDOWS\system32\drivers\tcpip.sys -- [361600] -- [20/06/2008 08:51] -- sigcheck OK


--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: %Systemroot%\system32\webcheck.dll -- [?]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [18/10/2006 21:47]


--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente" -- File: %SystemRoot%\system32\browseui.dll -- [?]


--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
File: C:\WINDOWS\system32\userinit.exe -- [26112] -- [13/04/2008 23:21]


--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1035776] -- [13/04/2008 23:20]


--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found


--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GbPluginBb]
-- not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [605184] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [102400] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93184] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93184] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [21504] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [93184] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93184] -- [13/04/2008 23:20]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
-- File: C:\WINDOWS\system32\WgaLogon.dll -- [265096] -- [10/03/2009 22:18]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [93184] -- [13/04/2008 23:20]


--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
[Windows\Load]


--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
"{E37CB5F0-51F5-4395-A808-5FA49E399F83}"="GbPlugin ShlObj" -- File: C:\Arquivos de programas\GbPlugin\gbieh.dll -- [323360] -- [18/02/2010 10:19]


--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found


--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG" -- File C:\WINDOWS\SiSUSBrg.exe -- [106496] -- [12/07/2002 07:15]
"SoundMan" -- File: SOUNDMAN.EXE -- [?]
"avgnt" -- File: "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min -- [?]
"SunJavaUpdateSched" -- File "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" -- [248040] -- [18/02/2010 11:43]
"Blok Free 4" -- File "C:\Arquivos de programas\Blok Free 4\abfiv.exe" -- [700416] -- [28/04/2010 14:59]
hidden keys:
"CloneCDTray"="\"C:\\Arquivos de programas\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"NeroFilterCheck"="C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NeroCheck.exe"


--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found


--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
key not found


--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCProxy" -- File C:\CCProxy\CCProxy.exe -- [1044480] -- [30/10/2009 13:37]
"abfiv" -- File "c:\arquivos de programas\blok free 4\abfiv.exe" -- [700416] -- [28/04/2010 14:59]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [13/04/2008 23:20]
hidden keys:
"AnyDVD"="C:\\Arquivos de programas\\SlySoft\\AnyDVD\\AnyDVDtray.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Arquivos de programas\\Arquivos comuns\\Ahead\\Lib\\NMBgMonitor.exe\""


--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
no runonce values found


--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
no runonceex values found


--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
no runservices values found


--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
no runservicesonce values found


--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [13/04/2008 23:20]


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE" -- File C:\WINDOWS\system32\CTFMON.EXE -- [15360] -- [13/04/2008 23:20]


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found


--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
no run values found


--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
-- File: C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll -- [1088296] -- [16/03/2009 18:47]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
-- File: C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll -- [408448] -- [22/01/2009 15:41]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}]
-- File: C:\Arquivos de programas\GbPlugin\gbieh.dll -- [323360] -- [18/02/2010 10:19]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
-- File: C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll -- [41760] -- [24/04/2010 11:27]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [79648] -- [24/04/2010 11:27]


--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
no toolbars found


--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found


--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11070976] -- [25/02/2010 11:47]


--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
"SCRNSAVE.EXE" -- File C:\WINDOWS\system32\logon.scr -- [220672] -- [13/04/2008 23:21]


--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [400896] -- [13/04/2008 23:20]


--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [13/04/2008 23:20]
File: C:\WINDOWS\system32\schannel.dll -- [147456] -- [25/06/2009 05:27]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [13/04/2008 23:20]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [13/04/2008 23:20]


--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [08/03/2009 04:32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41070-b2b1-21d1-b5c1-0305f4055515}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}]
-- filepath not found


--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFS2K]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnyDVD]
-- File: System32\Drivers\AnyDVD.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpKm]
-- File: system32\drivers\gbpkm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\GbpSv]
-- File: C:\ARQUIV~1\GbPlugin\GbpSv.exe -- [54048] -- [18/02/2010 10:20]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService]
-- File: "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmimirr]
-- File: system32\DRIVERS\lmimirr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NuidFltr]
-- File: system32\DRIVERS\NuidFltr.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSkp]
-- File: system32\DRIVERS\srvkp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swwd]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Syslogon]
-- File: C:\WINDOWS\System32\1052\lsass.exe -- [461312] -- [25/04/2010 07:18]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{EE6EC8FF-9965-478E-9614-240478F2525A}]
-- filepath not found


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
PEVSystemStart
procexp90.Sys
{533C5B84-EC70-11D2-9505-00C04F79DEAF}


--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
DnsCache
PEVSystemStart
procexp90.Sys


--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations key not found


--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
only standard values found


--- DNS SERVER regkeys ---

no "NameServer" values found


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


--- STARTUP FOLDERS ---

C:\Documents and Settings\CidinhaAlencar\Menu Iniciar\Programas\Inicializar\desktop.ini -- [84] -- [25/01/2010 10:12]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\desktop.ini -- [84] -- [16/04/2010 21:12]
C:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\desktop.ini -- [84] -- [25/01/2010 10:12]
C:\WINDOWS\system32\config\systemprofile\Menu Iniciar\Programas\Inicializar\desktop.ini -- [84] -- [25/01/2010 10:12]


--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\AWC AutoSweep.job -- [426] -- [02/05/2010 20:15]
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1264430792.job -- [424] -- [24/04/2010 12:46]
C:\WINDOWS\tasks\User_Feed_Synchronization-{AF33A137-14A7-4547-B35B-6AED88FF33DF}.job -- [472] -- [02/05/2010 20:19]


Scan completed: dom 02/05/2010 20:19:21,35
FINISHED