Remoção de vírus

Renan DARK · 27/02/2010

Olá

Estou enfrentando um problema com um arquivo que nao consigo excluir. Pode ajudar?

Segue o log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:04, on 27/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\FolderCastleAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Alarm Master Plus 5.04\AlarmMasterPlus.exe
C:\Users\Renan\AppData\Roaming\UpdateStar\UpdateStar.exe
C:\Windows\explorer.exe
C:\Program Files\Hijack This\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager 3.0.871\iefdm2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [RecFreeToolbar] rundll32 "C:\Program Files\RecFree.com\RecFreeToolbar\1.3.23.2\escortApp.dll",newUsrRgstr (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [RecFreeToolbar] rundll32 "C:\Program Files\RecFree.com\RecFreeToolbar\1.3.23.2\escortApp.dll",newUsrRgstr (User 'Default user')
O4 - Startup: Alarm Master Plus.lnk = C:\Program Files\Alarm Master Plus 5.04\AlarmMasterPlus.exe
O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DEA1905-EB27-4C50-BE80-EE7E68DFA62E}: NameServer = 189.50.192.6 200.98.237.18
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 1.6.2\SDWinSec.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 4940 bytes

Obrigado

Mr.Wolf · 27/02/2010

Desinstale o programa RecFreeToolbar. É um adware.

Renan DARK disse:
Olá

Estou enfrentando um problema com um arquivo que nao consigo excluir. Pode ajudar?

Nome do arquivo e sua localização?

Renan DARK · 27/02/2010

Olá

Desinstalei o programa. O arquivo tá no desktop e o nome dele é randomappinstall.exe é um plugin que eu baixei ontem pra instalar um jogo. Mas deu problema o jogo e desinstalei ele mas o plugin não saiu e to achando que pode ser vírus.

Obrigado

Mr.Wolf · 27/02/2010

O "plugin" é um crack, por acaso?!

Abra o Bloco de Notas e cole este texto abaixo dentro:

Código:

@echo off
dir /o:d /a "%userprofile%\desktop" > "%userprofile%\desktop\desktop.txt"
C:\Windows\notepad.exe "%userprofile%\desktop\desktop.txt"
del "%USERPROFILE%\Desktop\desktop.txt"
del Showme.bat
exit

Salve no desktop como Showme.bat. Dê um duplo clique nele e cole aqui o texto que aparecer no Bloco de Notas.

Renan DARK · 27/02/2010

Não não é crack não. Era pra instalar uma barra lateral pra mostrar no jogo.

Segue o log

O volume na unidade C não tem nome.
O número de série do volume é 4310-F3A7

Pasta de C:\Documents and Settings\Renan\desktop

21/09/2009 07:39 1.470 Conexão.lnk
07/10/2009 14:47 1.574 Músicas Juliane.lnk
22/10/2009 04:14 <DIR> PES 2009
24/10/2009 16:49 1.700 Mozilla Firefox.lnk
03/11/2009 13:20 <DIR> 1993 - Filmes de Guerra, Canções de Amor
17/02/2010 14:35 <DIR> Desktop
19/02/2010 20:05 170.496 Proteus.doc
22/02/2010 18:38 20.992 Carta[1].doc
24/02/2010 15:26 <DIR> Scoobs
25/02/2010 08:40 CCleaner.ink
26/02/2010 13:22 randomappinstall.exe
27/02/2010 16:15 207 Showme.bat
27/02/2010 16:15 <DIR> ..
27/02/2010 16:15 <DIR> .
27/02/2010 16:15 0 desktop.txt
9 arquivo(s) 58.296.439 bytes
6 pasta(s) 40.857.739.264 bytes disponíveis

Mr.Wolf · 27/02/2010

Abra o prompt de comando, digite o texto abaixo e tecle Enter:

Código:

del "%userprofile%\desktop\randomappinstall.exe"

Veja se ele será removido.

Renan DARK · 27/02/2010

Não deu certo

Mr.Wolf · 27/02/2010

Baixe o catchme e salve no desktop.

Execute-o e clique na aba Script. Cole este texto abaixo dentro e clique no botão Run:

Código:

files to kill:
C:\Documents and Settings\Renan\desktop\randomappinstall.exe -r -p

reboot:
end:

Aguarde o PC reiniciar e veja.

Renan DARK · 27/02/2010

Deu certo !!!

Muito obrigado.

Porque sera que o arquivo não tava sendo excluido?

cassianosmi · 27/02/2010

Computador está travando e não consigo instalar o anti virus..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:40, on 27/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe
C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\vsnpstd2.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\LogMeIn\x86\LMIGuardian.exe
C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Arquivos de programas\Makito\ImpCry\ImpCry.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Visual DataFlex 12.1\Bin\VDFDAEMON.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Rar$EX00.265\HijackThis.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.innet.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compartilhando.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Arquivos de programas\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TomcatStartup] C:\Arquivos de programas\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [raidhost] raidhost.exe
O4 - HKLM\..\RunServices: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Makito Monitor Etiquetas.lnk = C:\Arquivos de programas\Makito\ImpCry\ImpCry.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1272401224343
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBE583B8-B683-4D0B-80BE-4D08D712ADAA}: NameServer = 201.10.120.2,201.10.128.3
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate1c9bac4dbf81116) (gupdate1c9bac4dbf81116) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9297 bytes

Rodrimack · 27/02/2010

Mr.Wolf boa noite!

Ultimamente tenho recebido muito e-mails de spam(seguidos do tipo vc ganhou uma quantia em dinheiro ou vc precisa confirmar o deposito) com mensagem para "CLICAR AQUI" e aí vc já viu. Então rodei meu avira e apareceu isso:

C:\Documents and Settings\User\Dados de aplicativos\Thinstall\{EB8C2B22-9813-4712-99E5-A15602B66160}\400000f900002i\racing.exe
[DETECTION] Is the TR/Agent.7168.CK Trojan

Rodando o Malware Bytes diz que tá tudo limpo, o que será que pode estar acontecendo?

Log:

Logfile of HijackThis v1.99.1
Scan saved at 20:43:45, on 27/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\User\Desktop\Nova pasta\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\avira\antivir desktop\avsda.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

ATIprogamer · 28/02/2010

Mr Wolf,meu ponteiro do mouse ultimamente tem travado aos poucos,e as vezes fica louco e até abrindo progamas sozinho,ele treme as vezes trava de uma vez e só reiniciando o PC para voltar,eu ja scaniei com Avira e Malwarebits e não pegou nada,gostaria de ajuda ajuda!

Rodrigo Marques · 01/03/2010

Micro reiniciando sozinho

Fala meu grande, tudo certinho?

Meu micro está reiniciando sozinho sem eu fazer absolutamente nada. Não estou conseguindo fazer logoff também, além do meu Anti-Virus estar detectando vírus a todo instante. Só que eu me lembre já mandei uns 14 vírus para a quarentena dele.

Estarei colando meu Log do HijackThis adiante, se puder dar uma analisada nele só pra ver certinho pra mim porque sou noob nisso.

Abração!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:56:54, on 1/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\csass.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\SafeMusic\WindowsMixStateMusic.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Windows Media Player\wmplayer.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Rodrigão\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yah...?fr=mcafee&p=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [BitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9610 bytes

luisednardo · 02/03/2010

Caramba!!!! Nem acredito no que estou vendo!!! O Mr Wolf voltou???!!! Será mesmo!!?
E aí grande Wolf, o que houve com vc amigo? Sumiu por um bocado de tempo, ja estava achando que esse tópico seria deletado, mas que bom que está de volta... espero que dessa vez seja pra ficar.
Mr Wolf, aproveitando que vc está aí queria te perguntar uma coisa. Eu tenho o PC da assinatura e estou usando agora o Windows 7 Home Premium 64bits, só que a minha máquina fica ligada por alguns dias já que faço muitos downloads nela, o que acontece é que venho notando que a quantidade de memoria ram livre vai diminuindo muito com o tempo. Por exemplo, quando ligo a máquina o computador me mostra disponível livre algo em torno de 2,9gb livre dos meus 4GB. Daí depois de 1 ou 2 dias ligada, fazendo download, jogando, etc... esse número cai drasticamente para 1,3gb livre, isso deixa o sistema muito lento, os núcleos do processador estão totalmente vazios mas o uso da memória está lá em cima. Só consigo deixar a máquina normal de novo depois que reinicio o PC. Queria saber se isso é normal ou é um bug do Windows 7? Tem como liberar a memoria ram sem ter que reiniciar o PC? Já testei medir o uso da memoria com todos os programas fechados mas mesmo assim o uso fica alto.
Detalhe... a máquina não tem vírus, certeza absoluta.

P.S.: Postei essa dúvida logo após vc "sumir" do mapa, tinha até postado uma foto e um log do hijackthis. vou procurar e te passo o link.
Abraço amigo, espero que volte pra ficar!

Link do Post
http://adrenaline.com.br/forum/area-windows/207948-remocao-de-virus-303.html#post5246691

FredDarrell · 02/03/2010

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:01 PM, on 3/2/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Fred\AppData\Local\Temp\Uxr.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [D3DOverrider] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Fred\AppData\Local\Temp\Uxr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{739AC3D7-75D0-46B1-8F79-FEA7F567CC26}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33C321E-A70E-4E32-8174-43325455A98F}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10293 bytes

Amigo, esse trojan não quer sair de jeito nenhum, é o Kryptik.

Valeu.

Mr.Wolf · 02/03/2010

cassianomsi, se estiver precisando de ajuda ainda, poste um novo log.

_________________________________________________

Rodrimack, se registrou em algum site ou fórum recentemente? Ou tem o costume de disponibilizar seu endereço de e-mail na Internet?

Siga abaixo:

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Scan All Users e Minimal Output. No item "File Age" coloque a opção 90 Days;
● Clique no botão

e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estão salvos no desktop. Cole-os em sua próxima resposta.

_________________________________________________

ATIprogamer, já testou um outro mouse? Poste um log do HijackThis.

_________________________________________________

Rodrigo Marques, siga abaixo:

1ª Etapa

Baixe o mxdefrem e salve no desktop.

- Feche todos os programas abertos e execute-o. Não se assuste, o programa é em alemão!
- Clique em Installeren e aguarde a instalação.
- Vá até a pasta da instalação do programa e execute o arquivo mxdefrem.bat.
- Logo após, execute o swsc.exe, digite o texto abaixo e tecle Enter.

Código:

REM -t -p \reboot \delete on reboot

O computador reiniciará automaticamente.

2ª Etapa

Baixe o ProcessExplorer e salve no desktop.

- Extraia-o e execute-o.
- Clique com o direito do mouse sobre o processo "csass.exe". Selecione Set Priority > Idle: 4.
- Clique novamente com o direito neste processo e selecione Kill Process Del. Feche o programa.

Veja se a máquina continuará reiniciando sozinha.

3ª Etapa

Vá em Iniciar > Executar, digite msconfig e dê um Enter. Na aba "Geral" marque Inicialização Normal. Na aba "Inicializar" marque todas as caixas de seleção disponíveis.

Reinicie o computador, faça um novo log do HijackThis e poste-o.

_________________________________________________

Opa luisednardo, tudo jóia?

Eu mudei de país, estou morando atualmente nos Estados Unidos (Nova York). Devido a isso e, por outros motivos pessoais, precisei me ausentar de todos os fóruns que eu participo durante um período indeterminado. Como o ritmo aqui é bem mais intenso que no Brasil, não tenho muito tempo para participar ativamente dos fóruns. Ainda tenho que me estabilizar melhor, creio que até o meio do ano eu consiga deixar tudo mais tranquilo.

Quanto à sua dúvida luisednardo, não é bug do Windows. Isto acontece no Windows XP e no Vista também. Já passei por isso em um PC antigo com o Vista instalado. A memória é efetivamente utilizada como um cache para os dados no disco, composto por várias informações necessárias, como arquivos de aplicativos, dados de aplicativos e arquivos de paginação. Um princípio fundamental de um cache é manter-se cheio em todos os momentos, a menos que esteja interferindo negativamente em suas atividades, está?

Embora não haja muito o que fazer nestes casos (pelo menos que eu saiba), como você deixa o computador ligado durante dias e em constante atividade (downloads, que já geram um grande aumento no cache), é até compreensível este consumo exagerado da memória. No entanto, posso lhe indicar o uso deste pequeno programa: CleanMem — que tende a otimizar o uso da memória. Não sei se fará algum efeito em seu sistema, mas não custa tentar!

Abraços

_________________________________________________

FredDarrell, temos um grande problema aí!

Foi você quem configurou este endereço de DNS? 66.90.65.89,4.2.2.1

Siga abaixo:

- Faça o download do AVZ4 e salve-o no desktop;

- Extraia os arquivos do WinZip para o desktop, onde será criada uma pasta chamada avz4 no mesmo local;
- Entre nesta pasta e dê um duplo clique sobre o arquivo AVZ.exe para rodar a ferramenta;
- Ao abrir a janela do programa, clique no menu File > Database Update. Ou clique no botão

no canto direito do painel da ferramenta, e clique no botão Start para atualizar a ferramenta;
- Clique no menu File > Standard scripts e marque a opção "2. Advanced System Analysis";
- Clique então no botão Execute selected scripts e clique em Yes na próxima mensagem. Aguarde a análise;
- Quando a análise terminar, clique em OK na mensagem. Voltando à janela Standard scripts, clique em Close para fechá-la. E feche também a janela do AVZ4;
- Vá até a pasta avz4 no desktop, e abra a pasta LOG que está dentro dela;
- Nesta estará os logs e uma pasta zipada denominada: virusinfo_syscheck.zip.

Anexe esta pasta em sua próxima resposta.

Rodrigo Marques · 02/03/2010

Fala meu grande, agradeço muito o help.

Fiz tudo como você pediu e o relatório final está todo aqui, segue só

Ps: o micro até agora não reinicou mais. Obrigado de coração!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:17, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Domino.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\Arquivos de programas\Ares\Ares.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rodrigão\Desktop\HiJackThis.exe
C:\WINDOWS\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yah...?fr=mcafee&p=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.4.4525.17 52\swg.dll
O2 - BHO: CBHO Object - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStickBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.d ll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Arquivos de programas\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C:\WINDOWS\zebutisd.exe] C:\WINDOWS\zebutisd.exe
O4 - HKLM\..\Run: [Winaddmanager] C:\WINDOWS\system32\asafirfe.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Arquivos de programas\Acelerador Click21\click21core.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Update Gjs] asterfgs.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Cortgord Microsoft Gold] C:\WINDOWS\hgn microsoft.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rodrigão\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Arquivos de programas\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolb arNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail....ol/MSNPUpld.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c9f0603e0f074e) (gupdate1c9f0603e0f074e) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Arquivos de programas\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenDNS Updater (OpenDNS Updater.exe) - OpenDNS - C:\Arquivos de programas\OpenDNS Updater\OpenDNS Updater.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Arquivos de programas\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9948 bytes

Rodrimack · 02/03/2010

Mr.Wolf disse:
cassianomsi, se estiver precisando de ajuda ainda, poste um novo log.

_________________________________________________

Rodrimack, se registrou em algum site ou fórum recentemente? Ou tem o costume de disponibilizar seu endereço de e-mail na Internet?

Siga abaixo:

Faça o download do OTL e salve-o no desktop;

● Dê um duplo clique em OTL.exe para executá-lo;
● Marque as opções: Scan All Users e Minimal Output. No item "File Age" coloque a opção 90 Days;
● Clique no botão

e aguarde o scan;
● Dois logs serão abertos no Bloco de Notas:

- OTL.Txt <- este será aberto
- Extras.Txt <- este estará minimizado

Eles também estão salvos no desktop. Cole-os em sua próxima resposta.

_________________________________________________

Agora não mas eu tive disponibilizando meu email pra sites que tenha spam, infelizmente cagada minha.O estranho é que meu MSN tmb ficam pessoas me add e mandando spam. São boots? Eu bloqueio tudo.

O log Extras.txt:

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 37,25 Gb Total Space | 2,19 Gb Free Space | 5,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOME-195A66C457
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ccProxy) -- File not found
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (dpti930) -- C:\WINDOWS\system32\drivers\ndnomp.sys ()
DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (BTHprint) -- C:\WINDOWS\system32\drivers\bthprint.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (ZSMC30x) -- C:\WINDOWS\system32\drivers\ZS211.sys (ZSMC.Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WINIO) -- C:\WINDOWS\system32\WinIo.sys (http://www.internals.com)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br

IE - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.br"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100207
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/09 13:03:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/02/22 22:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/02/19 06:27:50 | 000,000,000 | ---D | M]

[2010/01/07 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions
[2010/01/07 22:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/01 12:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2009/03/09 09:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/01 18:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions
[2010/02/26 10:56:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/11 01:15:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 23:08:04 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/05 16:09:37 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/09 07:46:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/06 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\nasaboom@brandthunder.com
[2010/02/08 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\nasanightlaunch@example.com
[2010/03/01 18:18:35 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/11/08 13:21:34 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/06/30 22:17:23 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/02/19 06:27:45 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/06/30 22:17:23 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/06/30 22:17:24 | 000,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/02/27 21:00:54 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005..\Run: [H/PC Connection Agent] C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.184 201.6.0.101
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/03 16:42:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/03/02 18:06:59 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/03/02 09:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Meus documentos\HTC_P3451 Os Meus Documentos
[2010/03/02 09:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\aplicativos e jogos
[2010/03/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\fotos do meu celular
[2010/03/01 18:12:45 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/03/01 18:12:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hexacto Games
[2010/03/01 17:56:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Machine Works NW
[2010/03/01 02:47:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/02/28 23:58:22 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft ActiveSync
[2010/02/27 19:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Eletronic Music
[2010/02/16 07:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\country music
[2010/02/12 22:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\BitComet
[2010/02/12 22:59:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\BitComet
[2010/02/11 17:52:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\The KMPlayer
[2010/02/10 08:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\VA - Trance Maniacs Party - Melody Of Heartbeat #13 2010
[2010/02/10 08:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Armada Trance 8 (2010) 2CD 320KB 2Lions-Team
[2010/02/09 17:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Real
[2010/02/08 07:34:13 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/02/08 07:34:13 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/02/08 07:34:13 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/02/08 07:34:13 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/02/08 07:34:08 | 000,839,680 | ---- | C] (www.mp3dev.org - mp3devÂ*) -- C:\WINDOWS\System32\lameACM.acm
[2010/02/08 07:34:08 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/02/08 07:34:07 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/02/08 07:34:05 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/08 07:34:04 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/02/08 07:33:56 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack
[2010/01/28 08:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Above & Beyond - Trance Around The World 304 (2010-01-22)
[2010/01/24 07:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\VA - Trance Season Melody Of Winter #1 (2010)
[2010/01/23 18:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Trance Maniacs Party - Melody Of Heartbeat #12 [Trance][320kbps][2010][PCTrecords.com]
[2010/01/17 21:13:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/01/17 21:13:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/01/17 21:08:26 | 000,057,344 | ---- | C] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.exe
[2010/01/17 21:08:06 | 001,537,024 | ---- | C] (ZSMC.Corporation) -- C:\WINDOWS\System32\drivers\ZS211.sys
[2010/01/17 21:08:06 | 000,274,432 | ---- | C] (ZSMC) -- C:\WINDOWS\System32\ZS211Prp.Ax
[2010/01/17 21:08:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\amcap.exe
[2010/01/17 21:08:06 | 000,081,920 | ---- | C] (zsmc) -- C:\WINDOWS\System32\ZS211STI.dll
[2010/01/17 21:08:06 | 000,077,824 | ---- | C] (ZSMC) -- C:\WINDOWS\ZS211Cap.exe
[2010/01/17 21:07:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Vimicro
[2010/01/17 21:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\InstallShield
[2010/01/08 06:34:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\xerox
[2010/01/07 22:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Thunderbird
[2010/01/07 22:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Thunderbird
[2009/12/25 16:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\salvador
[2009/12/17 04:41:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 21:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Nova pasta
[2009/12/14 08:12:15 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\SpeedFan
[2009/12/14 04:09:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/12 09:50:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/08 07:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Desktopicon
[2009/12/08 07:47:49 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/12/08 07:47:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DsNET Corp
[2009/11/17 09:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Apple
[2009/10/31 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/19 09:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe
[2008/07/18 14:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Mozilla
[2008/06/13 00:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Mozilla
[2008/06/12 06:09:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2008/06/05 20:17:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2008/06/03 16:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/03/02 18:13:01 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{296B2BB7-81AE-4AE6-850C-79AB0C908CBA}.job
[2010/03/02 18:06:59 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/03/02 17:02:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 16:14:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 16:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 12:05:18 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/03/02 12:05:18 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/03/02 12:04:15 | 012,266,734 | -H-- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\IconCache.db
[2010/03/02 10:31:07 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/01 10:24:13 | 000,477,920 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010/03/01 10:24:13 | 000,441,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 10:24:13 | 000,083,618 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010/03/01 10:24:12 | 001,088,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 10:24:12 | 000,071,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 02:46:23 | 000,000,923 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 23:59:27 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\User\Dados de aplicativos\$_hpcst$.hpc
[2010/02/22 22:28:08 | 000,017,411 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro.docx
[2010/02/15 12:01:14 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes 1.doc
[2010/02/11 17:53:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\User\Desktop\KMPlayer.lnk
[2010/02/10 09:56:18 | 019,545,074 | ---- | M] () -- C:\Documents and Settings\User\Desktop\18.Kyau & Albert - I Love You (Cosmic Gate Remix).mp3
[2010/02/10 08:27:32 | 012,334,020 | ---- | M] () -- C:\Documents and Settings\User\Desktop\14. Espen Gulbrandsen Vs. DJ Julian Vincent Feat. Maria Nayler - Perfect Sky (Max Graham Remix).mp3
[2010/02/10 08:27:23 | 008,647,620 | ---- | M] () -- C:\Documents and Settings\User\Desktop\08. DJ Cosmo Feat. Ray Wilson - Show Me The Way.mp3
[2010/02/08 19:30:21 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes.doc
[2010/02/02 18:29:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 15:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/02/02 15:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/02/02 15:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/02 15:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/02/02 15:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/02/02 15:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/01/23 22:19:59 | 016,867,831 | ---- | M] () -- C:\Documents and Settings\User\Desktop\006. Tritonal & Christina Soto - Crash Into Reason (Moonbeam) [PCTrecords.com].mp3
[2010/01/23 22:19:58 | 018,823,880 | ---- | M] () -- C:\Documents and Settings\User\Desktop\020. Giuseppe Ottaviani feat. Faith - Fallen (Original mix) [PCTrecords.com].mp3
[2010/01/23 22:19:57 | 022,523,864 | ---- | M] () -- C:\Documents and Settings\User\Desktop\021. Solarstone ft. Alucard - Late Summer Fields (Ferry Corsten Remix) [PCTrecords.com].mp3
[2010/01/23 22:14:01 | 017,374,606 | ---- | M] () -- C:\Documents and Settings\User\Desktop\016. Filo & Peri feat. Linnea Handberg - Let You Know (Vocal Mix) [PCTrecords.com].mp3
[2010/01/19 17:46:42 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/01/19 17:46:42 | 000,887,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/01/19 17:46:42 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/01/19 17:46:42 | 000,084,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/01/19 17:46:36 | 009,721,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/01/19 17:46:36 | 001,489,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/01/19 17:46:30 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/01/19 17:46:30 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/01/19 17:46:30 | 000,051,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/01/19 17:46:24 | 002,177,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/01/19 17:46:18 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/01/19 17:46:18 | 000,285,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/01/19 17:46:12 | 000,064,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/01/19 17:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/01/17 12:18:08 | 000,151,552 | ---- | M] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/01/13 12:17:32 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/01/07 15:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 15:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 15:38:00 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes BA.doc
[2009/12/31 13:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/21 16:08:00 | 001,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/21 16:08:00 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/21 16:07:59 | 005,942,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/21 16:07:59 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/12/21 16:07:56 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/21 16:07:56 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/12/21 16:07:56 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/12/21 16:07:56 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/12/21 16:07:56 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/21 16:07:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/12/21 16:07:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/21 16:07:56 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/21 16:07:56 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/21 16:07:55 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/21 16:07:55 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/21 16:07:54 | 011,070,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/21 16:07:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/12/21 16:07:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/12/21 10:22:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/21 10:22:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/17 04:41:40 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/17 04:41:40 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 21:40:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/16 21:40:11 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/14 08:12:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/12/14 04:09:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 04:09:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/12 11:15:30 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/09 07:09:22 | 002,193,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/12/09 07:09:22 | 002,193,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/09 07:09:21 | 002,070,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/12/09 07:09:21 | 002,070,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/09 07:09:18 | 002,149,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/09 07:09:18 | 002,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/09 02:54:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/09 02:54:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/08 06:24:25 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/07 20:00:53 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/04 15:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/04 11:18:26 | 000,157,432 | ---- | M] () -- C:\WINDOWS\hpoins33.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 23:59:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\User\Dados de aplicativos\$_hpcst$.hpc
[2010/02/22 22:12:53 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro.docx
[2010/02/15 12:01:13 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes 1.doc
[2010/02/11 17:53:37 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\User\Desktop\KMPlayer.lnk
[2010/02/10 12:49:08 | 012,334,020 | ---- | C] () -- C:\Documents and Settings\User\Desktop\14. Espen Gulbrandsen Vs. DJ Julian Vincent Feat. Maria Nayler - Perfect Sky (Max Graham Remix).mp3
[2010/02/10 12:23:01 | 019,545,074 | ---- | C] () -- C:\Documents and Settings\User\Desktop\18.Kyau & Albert - I Love You (Cosmic Gate Remix).mp3
[2010/02/10 08:06:53 | 008,647,620 | ---- | C] () -- C:\Documents and Settings\User\Desktop\08. DJ Cosmo Feat. Ray Wilson - Show Me The Way.mp3
[2010/02/08 07:34:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/08 07:34:08 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/02/08 07:34:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/08 07:34:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/08 07:34:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/08 07:34:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/08 07:34:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 23:42:45 | 022,523,864 | ---- | C] () -- C:\Documents and Settings\User\Desktop\021. Solarstone ft. Alucard - Late Summer Fields (Ferry Corsten Remix) [PCTrecords.com].mp3
[2010/01/23 23:29:38 | 018,823,880 | ---- | C] () -- C:\Documents and Settings\User\Desktop\020. Giuseppe Ottaviani feat. Faith - Fallen (Original mix) [PCTrecords.com].mp3
[2010/01/23 22:57:53 | 017,374,606 | ---- | C] () -- C:\Documents and Settings\User\Desktop\016. Filo & Peri feat. Linnea Handberg - Let You Know (Vocal Mix) [PCTrecords.com].mp3
[2010/01/23 22:41:41 | 016,867,831 | ---- | C] () -- C:\Documents and Settings\User\Desktop\006. Tritonal & Christina Soto - Crash Into Reason (Moonbeam) [PCTrecords.com].mp3
[2010/01/17 21:08:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2010/01/14 06:31:04 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes.doc
[2009/12/29 17:01:26 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes BA.doc
[2009/12/08 07:47:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2009/11/09 18:10:11 | 002,529,622 | ---- | C] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\[j0002]-[p01].bmp
[2009/11/08 06:19:27 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys
[2009/11/08 01:58:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2009/11/07 19:46:51 | 000,034,790 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log
[2009/06/17 13:02:46 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/03/21 11:39:27 | 000,000,071 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2009/03/21 11:39:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2009/02/07 11:14:59 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2008/10/03 13:11:38 | 000,005,477 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndnomp.sys
[2008/07/20 15:02:27 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2008/07/19 10:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/10 14:27:34 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/23 10:52:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/23 10:46:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4700.ini
[2008/06/13 21:48:07 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/10 21:50:57 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/06/05 20:16:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 01:24:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/04 09:43:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2008/06/03 17:02:41 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2008/06/03 17:02:41 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2008/06/03 17:02:41 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2008/06/03 17:02:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2008/06/03 17:02:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2008/06/03 16:52:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 23:02:50 | 000,016,478 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23:02:48 | 000,022,300 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23:02:46 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/04/23 18:34:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/05 01:58:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DvsNDKEx.dll
[2007/08/24 05:39:10 | 000,434,270 | ---- | C] () -- C:\WINDOWS\System32\Mp4ADecoder.dll
[2007/04/18 06:21:44 | 000,011,192 | ---- | C] () -- C:\WINDOWS\DVRWebGUI.ini
[2006/01/31 22:30:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TextOverlayEx.dll
[2005/11/16 01:57:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Audio.dll
[2005/04/18 09:45:34 | 000,001,418 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/02 23:30:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\decompress.dll
[2004/07/07 06:18:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CreateAvi.dll
[2004/05/05 04:22:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AudioACM.dll
[2002/09/13 00:14:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\netdecdll.dll
[1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

FC5A2B2
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

1B5B4F1
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:679ABA25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

D4DD9B9
< End of report >

OTL.TXT:

OTL logfile created on: 2/3/2010 18:08:22 - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

494,00 Mb Total Physical Memory | 127,00 Mb Available Physical Memory | 26,00% Memory free
987,00 Mb Paging File | 548,00 Mb Available in Paging File | 56,00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 37,25 Gb Total Space | 2,19 Gb Free Space | 5,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOME-195A66C457
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Arquivos de programas\Outlook Express\msimn.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (ccProxy) -- File not found
SRV - (AntiVirService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirFirewallService) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH)
SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (Adobe LM Service) -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (FLEXnet Licensing Service) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (StarWindServiceAE) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (btnetBUs) -- C:\WINDOWS\system32\drivers\btnetBus.sys ()
DRV - (avfwot) -- C:\WINDOWS\system32\drivers\avfwot.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avfwim) -- C:\WINDOWS\system32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgio) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (s0017mdm) -- C:\WINDOWS\system32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\WINDOWS\system32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\WINDOWS\system32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\WINDOWS\system32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\WINDOWS\system32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\WINDOWS\system32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (dpti930) -- C:\WINDOWS\system32\drivers\ndnomp.sys ()
DRV - (BtHidBus) -- C:\WINDOWS\System32\Drivers\BtHidBus.sys (IVT Corporation.)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IvtBtBUs) -- C:\WINDOWS\system32\drivers\IvtBtBus.sys (IVT Corporation.)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (BTHprint) -- C:\WINDOWS\system32\drivers\bthprint.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (ZSMC30x) -- C:\WINDOWS\system32\drivers\ZS211.sys (ZSMC.Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (WINIO) -- C:\WINDOWS\system32\WinIo.sys (http://www.internals.com)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.semptoshiba.com.br

IE - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.br"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:0.8.19
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100207
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/11/09 13:03:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2010/02/22 22:48:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2010/02/19 06:27:50 | 000,000,000 | ---D | M]

[2010/01/07 22:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions
[2010/01/07 22:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/01/01 12:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2009/03/09 09:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/01 18:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions
[2010/02/26 10:56:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/07/11 01:15:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/11 23:08:04 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
[2009/11/05 16:09:37 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/09 07:46:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/10/06 10:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\nasaboom@brandthunder.com
[2010/02/08 12:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Dados de aplicativos\Mozilla\Firefox\Profiles\kjrdc0n1.default\extensions\nasanightlaunch@example.com
[2010/03/01 18:18:35 | 000,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions
[2009/11/08 13:21:34 | 000,000,000 | ---D | M] (BlueSoleil Extension) -- C:\Arquivos de programas\Mozilla Firefox\extensions\{231D7D17-4F1B-4933-AB61-E502DB82FD11}
[2009/06/30 22:17:23 | 000,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml
[2010/02/19 06:27:45 | 000,001,212 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml
[2009/06/30 22:17:23 | 000,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml
[2009/06/30 22:17:24 | 000,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2010/02/27 21:00:54 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005..\Run: [H/PC Connection Agent] C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Arquivos de programas\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 201.6.0.184 201.6.0.101
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-4294710607-957213101-1005835743-1005 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/03 16:42:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/03/02 18:06:59 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/03/02 09:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Meus documentos\HTC_P3451 Os Meus Documentos
[2010/03/02 09:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\aplicativos e jogos
[2010/03/01 19:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\fotos do meu celular
[2010/03/01 18:12:45 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2010/03/01 18:12:30 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Hexacto Games
[2010/03/01 17:56:09 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Machine Works NW
[2010/03/01 02:47:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/02/28 23:58:22 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft ActiveSync
[2010/02/27 19:31:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Eletronic Music
[2010/02/16 07:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\country music
[2010/02/12 22:59:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\BitComet
[2010/02/12 22:59:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\BitComet
[2010/02/11 17:52:46 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\The KMPlayer
[2010/02/10 08:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\VA - Trance Maniacs Party - Melody Of Heartbeat #13 2010
[2010/02/10 08:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Armada Trance 8 (2010) 2CD 320KB 2Lions-Team
[2010/02/09 17:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Real
[2010/02/08 07:34:13 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/02/08 07:34:13 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/02/08 07:34:13 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/02/08 07:34:13 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/02/08 07:34:08 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010/02/08 07:34:08 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/02/08 07:34:07 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/02/08 07:34:05 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/08 07:34:04 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/02/08 07:33:56 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\K-Lite Codec Pack
[2010/01/28 08:21:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Above & Beyond - Trance Around The World 304 (2010-01-22)
[2010/01/24 07:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\VA - Trance Season Melody Of Winter #1 (2010)
[2010/01/23 18:30:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Trance Maniacs Party - Melody Of Heartbeat #12 [Trance][320kbps][2010][PCTrecords.com]
[2010/01/17 21:13:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/01/17 21:13:06 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/01/17 21:08:26 | 000,057,344 | ---- | C] (ZSMCSNAP) -- C:\WINDOWS\ZSSnp211.exe
[2010/01/17 21:08:06 | 001,537,024 | ---- | C] (ZSMC.Corporation) -- C:\WINDOWS\System32\drivers\ZS211.sys
[2010/01/17 21:08:06 | 000,274,432 | ---- | C] (ZSMC) -- C:\WINDOWS\System32\ZS211Prp.Ax
[2010/01/17 21:08:06 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\amcap.exe
[2010/01/17 21:08:06 | 000,081,920 | ---- | C] (zsmc) -- C:\WINDOWS\System32\ZS211STI.dll
[2010/01/17 21:08:06 | 000,077,824 | ---- | C] (ZSMC) -- C:\WINDOWS\ZS211Cap.exe
[2010/01/17 21:07:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Vimicro
[2010/01/17 21:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\InstallShield
[2010/01/08 06:34:21 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\xerox
[2010/01/07 22:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Thunderbird
[2010/01/07 22:19:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\Thunderbird
[2009/12/25 16:38:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\salvador
[2009/12/17 04:41:40 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 21:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Nova pasta
[2009/12/14 08:12:15 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\SpeedFan
[2009/12/14 04:09:23 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/12 09:50:15 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/08 07:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dados de aplicativos\Desktopicon
[2009/12/08 07:47:49 | 000,124,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/12/08 07:47:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DsNET Corp
[2009/11/17 09:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Apple
[2009/10/31 17:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft
[2009/08/19 09:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Adobe
[2008/07/18 14:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Mozilla
[2008/06/13 00:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Mozilla
[2008/06/12 06:09:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft
[2008/06/05 20:17:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft
[2008/06/03 16:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/03/02 18:13:01 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{296B2BB7-81AE-4AE6-850C-79AB0C908CBA}.job
[2010/03/02 18:06:59 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/03/02 17:02:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/02 16:14:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/02 16:14:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/02 12:05:18 | 014,680,064 | ---- | M] () -- C:\Documents and Settings\User\ntuser.dat
[2010/03/02 12:05:18 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/03/02 12:04:15 | 012,266,734 | -H-- | M] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\IconCache.db
[2010/03/02 10:31:07 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/01 10:24:13 | 000,477,920 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010/03/01 10:24:13 | 000,441,898 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 10:24:13 | 000,083,618 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010/03/01 10:24:12 | 001,088,174 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 10:24:12 | 000,071,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 02:46:23 | 000,000,923 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/28 23:59:27 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\User\Dados de aplicativos\$_hpcst$.hpc
[2010/02/22 22:28:08 | 000,017,411 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro.docx
[2010/02/15 12:01:14 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes 1.doc
[2010/02/11 17:53:37 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\User\Desktop\KMPlayer.lnk
[2010/02/10 09:56:18 | 019,545,074 | ---- | M] () -- C:\Documents and Settings\User\Desktop\18.Kyau & Albert - I Love You (Cosmic Gate Remix).mp3
[2010/02/10 08:27:32 | 012,334,020 | ---- | M] () -- C:\Documents and Settings\User\Desktop\14. Espen Gulbrandsen Vs. DJ Julian Vincent Feat. Maria Nayler - Perfect Sky (Max Graham Remix).mp3
[2010/02/10 08:27:23 | 008,647,620 | ---- | M] () -- C:\Documents and Settings\User\Desktop\08. DJ Cosmo Feat. Ray Wilson - Show Me The Way.mp3
[2010/02/08 19:30:21 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes.doc
[2010/02/02 18:29:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/02 15:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/02/02 15:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/02/02 15:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/02 15:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/02/02 15:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/02/02 15:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/01/23 22:19:59 | 016,867,831 | ---- | M] () -- C:\Documents and Settings\User\Desktop\006. Tritonal & Christina Soto - Crash Into Reason (Moonbeam) [PCTrecords.com].mp3
[2010/01/23 22:19:58 | 018,823,880 | ---- | M] () -- C:\Documents and Settings\User\Desktop\020. Giuseppe Ottaviani feat. Faith - Fallen (Original mix) [PCTrecords.com].mp3
[2010/01/23 22:19:57 | 022,523,864 | ---- | M] () -- C:\Documents and Settings\User\Desktop\021. Solarstone ft. Alucard - Late Summer Fields (Ferry Corsten Remix) [PCTrecords.com].mp3
[2010/01/23 22:14:01 | 017,374,606 | ---- | M] () -- C:\Documents and Settings\User\Desktop\016. Filo & Peri feat. Linnea Handberg - Let You Know (Vocal Mix) [PCTrecords.com].mp3
[2010/01/19 17:46:42 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2010/01/19 17:46:42 | 000,887,328 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2010/01/19 17:46:42 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/01/19 17:46:42 | 000,084,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/01/19 17:46:36 | 009,721,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2010/01/19 17:46:36 | 001,489,440 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2010/01/19 17:46:30 | 018,790,432 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2010/01/19 17:46:30 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/01/19 17:46:30 | 000,051,232 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RtkCoInstXP.dll
[2010/01/19 17:46:24 | 002,177,568 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2010/01/19 17:46:18 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/01/19 17:46:18 | 000,285,216 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/01/19 17:46:12 | 000,064,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2010/01/19 17:36:48 | 005,818,400 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2010/01/17 12:18:08 | 000,151,552 | ---- | M] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/01/13 12:17:32 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2010/01/07 15:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 15:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/05 15:38:00 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes BA.doc
[2009/12/31 13:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/21 16:08:00 | 001,208,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/21 16:08:00 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/21 16:07:59 | 005,942,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/21 16:07:59 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/12/21 16:07:56 | 001,985,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009/12/21 16:07:56 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/12/21 16:07:56 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/12/21 16:07:56 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/12/21 16:07:56 | 000,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009/12/21 16:07:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/12/21 16:07:56 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009/12/21 16:07:56 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/12/21 16:07:56 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/21 16:07:55 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/12/21 16:07:55 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/21 16:07:54 | 011,070,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/12/21 16:07:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/12/21 16:07:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/12/21 10:22:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/12/21 10:22:00 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/12/17 04:41:40 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/12/17 04:41:40 | 000,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2009/12/16 21:40:11 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2009/12/16 21:40:11 | 000,000,265 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/14 08:12:15 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2009/12/14 04:09:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\csrsrv.dll
[2009/12/14 04:09:23 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\csrsrv.dll
[2009/12/12 11:15:30 | 000,178,176 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/09 07:09:22 | 002,193,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2009/12/09 07:09:22 | 002,193,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/09 07:09:21 | 002,070,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2009/12/09 07:09:21 | 002,070,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/09 07:09:18 | 002,149,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/09 07:09:18 | 002,028,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/09 02:54:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/12/09 02:54:42 | 000,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/08 06:24:25 | 000,474,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/07 20:00:53 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/12/04 15:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/04 11:18:26 | 000,157,432 | ---- | M] () -- C:\WINDOWS\hpoins33.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/28 23:59:27 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\User\Dados de aplicativos\$_hpcst$.hpc
[2010/02/22 22:12:53 | 000,017,411 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro.docx
[2010/02/15 12:01:13 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes 1.doc
[2010/02/11 17:53:37 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\User\Desktop\KMPlayer.lnk
[2010/02/10 12:49:08 | 012,334,020 | ---- | C] () -- C:\Documents and Settings\User\Desktop\14. Espen Gulbrandsen Vs. DJ Julian Vincent Feat. Maria Nayler - Perfect Sky (Max Graham Remix).mp3
[2010/02/10 12:23:01 | 019,545,074 | ---- | C] () -- C:\Documents and Settings\User\Desktop\18.Kyau & Albert - I Love You (Cosmic Gate Remix).mp3
[2010/02/10 08:06:53 | 008,647,620 | ---- | C] () -- C:\Documents and Settings\User\Desktop\08. DJ Cosmo Feat. Ray Wilson - Show Me The Way.mp3
[2010/02/08 07:34:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/02/08 07:34:08 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/02/08 07:34:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/02/08 07:34:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/08 07:34:05 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/02/08 07:34:01 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/02/08 07:34:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/23 23:42:45 | 022,523,864 | ---- | C] () -- C:\Documents and Settings\User\Desktop\021. Solarstone ft. Alucard - Late Summer Fields (Ferry Corsten Remix) [PCTrecords.com].mp3
[2010/01/23 23:29:38 | 018,823,880 | ---- | C] () -- C:\Documents and Settings\User\Desktop\020. Giuseppe Ottaviani feat. Faith - Fallen (Original mix) [PCTrecords.com].mp3
[2010/01/23 22:57:53 | 017,374,606 | ---- | C] () -- C:\Documents and Settings\User\Desktop\016. Filo & Peri feat. Linnea Handberg - Let You Know (Vocal Mix) [PCTrecords.com].mp3
[2010/01/23 22:41:41 | 016,867,831 | ---- | C] () -- C:\Documents and Settings\User\Desktop\006. Tritonal & Christina Soto - Crash Into Reason (Moonbeam) [PCTrecords.com].mp3
[2010/01/17 21:08:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2010/01/14 06:31:04 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes.doc
[2009/12/29 17:01:26 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Rodrigo Landeiro Lopes BA.doc
[2009/12/08 07:47:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2009/11/09 18:10:11 | 002,529,622 | ---- | C] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\[j0002]-[p01].bmp
[2009/11/08 06:19:27 | 000,011,860 | ---- | C] () -- C:\WINDOWS\System32\drivers\VBTEnum.sys
[2009/11/08 01:58:44 | 000,000,095 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2009/11/07 19:46:51 | 000,034,790 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log
[2009/06/17 13:02:46 | 000,029,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/03/21 11:39:27 | 000,000,071 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2009/03/21 11:39:26 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2009/02/07 11:14:59 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2008/10/03 13:11:38 | 000,005,477 | ---- | C] () -- C:\WINDOWS\System32\drivers\ndnomp.sys
[2008/07/20 15:02:27 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2008/07/19 10:00:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/10 14:27:34 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/06/23 10:52:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/23 10:46:18 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4700.ini
[2008/06/13 21:48:07 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/10 21:50:57 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/06/05 20:16:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\User\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/05 01:24:32 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/04 09:43:31 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56spn.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56itl.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56eng.dll
[2008/06/03 17:02:41 | 000,069,632 | R--- | C] () -- C:\WINDOWS\sm56brz.dll
[2008/06/03 17:02:41 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56ger.dll
[2008/06/03 17:02:41 | 000,061,440 | R--- | C] () -- C:\WINDOWS\sm56fra.dll
[2008/06/03 17:02:41 | 000,053,248 | R--- | C] () -- C:\WINDOWS\sm56jpn.dll
[2008/06/03 17:02:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56cht.dll
[2008/06/03 17:02:41 | 000,049,152 | R--- | C] () -- C:\WINDOWS\sm56chs.dll
[2008/06/03 16:52:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 23:02:50 | 000,016,478 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 23:02:48 | 000,022,300 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 23:02:46 | 000,015,796 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/04/23 18:34:48 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/05 01:58:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DvsNDKEx.dll
[2007/08/24 05:39:10 | 000,434,270 | ---- | C] () -- C:\WINDOWS\System32\Mp4ADecoder.dll
[2007/04/18 06:21:44 | 000,011,192 | ---- | C] () -- C:\WINDOWS\DVRWebGUI.ini
[2006/01/31 22:30:32 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TextOverlayEx.dll
[2005/11/16 01:57:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Audio.dll
[2005/04/18 09:45:34 | 000,001,418 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/02 23:30:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\decompress.dll
[2004/07/07 06:18:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\CreateAvi.dll
[2004/05/05 04:22:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AudioACM.dll
[2002/09/13 00:14:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\netdecdll.dll
[1996/04/03 16:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

FC5A2B2
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

1B5B4F1
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:679ABA25
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

D4DD9B9

ATIprogamer · 02/03/2010

Ainda não testei outro mouse,mas caso não de nada neste log eu testo

Segue o log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:05, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Rockstar Games\GTA San Andreas\samp.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.turkojan.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Djalma\Menu Iniciar\Programas\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC2C8211-441F-48AB-96D3-5AF54F8B895C}: NameServer = 200.204.0.10 200.204.0.138
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Djalma\CONFIG~1\Temp\AVSETUP_4b6f3631\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5304 bytes

Mr.Wolf · 03/03/2010

Rodrigo Marques, você está infectado por dois malwares da SmitFraud. Após removê-los, é recomendável que você reinstale o antivirus. Pode utilizar esta ferramenta de remoção do Avira.

Siga abaixo:

- Faça o download do SmitFraudFix e salve-o em C:;

● Crie uma pasta própria em C: e descompacte os arquivos do zip para esta pasta própria;
● Reinicie o computador em Modo de Segurança (segurando a tecla F8 na inicialização e escolhendo a opção Modo Seguro);
● Vá até a pasta do programa e execute o arquivo SmitfraudFix.cmd, com um duplo clique;
● Tecle 2 e dê um Enter;
● Quando aparecer a mensagem: “Do you want to clean the registry”, tecle Y e dê um Enter;
● Ao término, tecle Q + Enter para fechar a ferramenta;
● Reinicie seu computador em Modo Normal;
● Caso tenha ocorrido mudanças, no desktop, me diga;
● Será criado um log em C:\repport.txt.

Cole este log em sua próxima resposta.

_________________________________________________

Rodrimack disse:
Agora não mas eu tive disponibilizando meu email pra sites que tenha spam, infelizmente cagada minha.O estranho é que meu MSN tmb ficam pessoas me add e mandando spam. São boots? Eu bloqueio tudo.

Está explicado, amigo Rodrimack. Isto são bots sim. O recebimento de spams pode ser por tempo prolongado e as vezes difícil pará-los, principalmente você que divulgou seu endereço de e-mail em sites de spams.

Sempre que receber um spam de agora em diante, nem abra-o, exclua-o direto. Pois abrindo, nem que seja somente para leitura, você dará a confirmação que o spammer precisa para saber que você existe e que seu e-mail é real. Você utiliza um filtro anti-spam? Caso não, é uma boa utilizar um.

Quando precisar disponibilizar seu endereço de e-mail a algum site, digite-o disfarçadamente, ou seja, não digite em texto normal. Exemplo: rodrimack arroba hotmail ponto com. Isso impedirá que os bots identifique-o!

Siga abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

_________________________________________________

ATIprogamer, há duas entradas ocultas em seu log. Vamos dar uma olhada nelas.

Siga abaixo:

Faça o download do DDS e salve no desktop

• Desative temporariamente seu antivirus e dê um duplo clique em dds.scr;
• Abrirá uma tela do DOS para você. Apenas aguarde;
• Ao término, serão abertos automaticamente dois logs. Um com o nome DDS.txt e outro Attach.txt. Estes logs também estarão salvos no desktop.

Cole os logs em sua próxima resposta.

Rodrigo Marques · 03/03/2010

Fala truta

Não houve nenhum mudança no desktop e nem no resto do micro. Pelo contrario ele está muito melhor e o Avira nem está mais acusando vírus. Vou reinstalar ele depois como você mandou. Eu preciso apenas usar o programinha que você passou que remove ele?

Segue o log do SmitFraudFix

Aguardo seu retorno

T+

SmitFraudFix v2.424

Scan done at 17:49:17,70, qua 03/03/2010
Run from C:\Documents and Settings\Rodrigão\Desktop\SmitfraudFix
OS: Microsoft Windows XP [versão 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\jshnahsud.dll Deleted.
C:\WINDOWS\hjsnumic.dll Deleted.
C:\WINDOWS\dfmxx.dll Deleted.
C:\WINDOWS\iospld.dll Deleted.
C:\WINDOWS\5tags67.dll Deleted.
C:\WINDOWS\ptgbahsmicrosoft.dll Deleted.

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\bhsnj mm.exe Deleted.
C:\WINDOWS\dfrompic.exe Deleted.
C:\WINDOWS\hgn microsoft.exe Deleted.
C:\WINDOWS\nmhsju.exe Deleted.
C:\WINDOWS\zebutisd.exe Deleted.
C:\WINDOWS\system32\asafirfe.exe Deleted.
C:\WINDOWS\system32\microsoftantivirusgold.exe Deleted.
C:\WINDOWS\system32\proantivirus2000.exe Deleted.
C:\WINDOWS\system32\xpantivirusxppro.exe Deleted.

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B3EDB30E-1EBD-4CE2-97CC-763A59984A90}: DhcpNameServer=200.204.0.10 200.204.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B3EDB30E-1EBD-4CE2-97CC-763A59984A90}: DhcpNameServer=200.204.0.10 200.204.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B3EDB30E-1EBD-4CE2-97CC-763A59984A90}: DhcpNameServer=200.204.0.10 200.204.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=200.204.0.10 200.204.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=200.204.0.10 200.204.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=200.204.0.10 200.204.0.138

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

FredDarrell · 03/03/2010

Eu consegui excluir manualmente o arquivo que o NOD4 estava acusando de ser o Kryptik, mas não conseguia apagar, e agora ele nao detecta nada, ta ai o novo log do HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:07 PM, on 3/3/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverrider.exe
C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSS.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~2\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~2\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [RTSS] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\RTSS\RTSSWrapper.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [D3DOverrider] "C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\Tools\D3DOverrider\D3DOverriderWrapper.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~2\FlashGet\flashget.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://software.kuaiche.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{739AC3D7-75D0-46B1-8F79-FEA7F567CC26}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D33C321E-A70E-4E32-8174-43325455A98F}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{43C87826-DA45-419D-A8BE-C31986F1ACA1}: NameServer = 66.90.65.89,4.2.2.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10297 bytes

E aí está o arquivo zip, valeu Mr. Wolf :]

http://sharex.xpg.com.br/files/2437341176/virusinfo_syscheck.zip.html

Rodrimack · 03/03/2010

Mr.Wolf disse:
Está explicado, amigo Rodrimack. Isto são bots sim. O recebimento de spams pode ser por tempo prolongado e as vezes difícil pará-los, principalmente você que divulgou seu endereço de e-mail em sites de spams.

Sempre que receber um spam de agora em diante, nem abra-o, exclua-o direto. Pois abrindo, nem que seja somente para leitura, você dará a confirmação que o spammer precisa para saber que você existe e que seu e-mail é real. Você utiliza um filtro anti-spam? Caso não, é uma boa utilizar um.

Quando precisar disponibilizar seu endereço de e-mail a algum site, digite-o disfarçadamente, ou seja, não digite em texto normal. Exemplo: rodrimack arroba hotmail ponto com. Isso impedirá que os bots identifique-o!

Siga abaixo:

- Faça o download do ComboFix e salve-o na área de trabalho;

● Desative temporariamente o seu antivirus para não detectar a ferramenta como vírus;
● Duplo clique no ícone combofix.exe para iniciar o scan;
● Leia o contrato que aparecerá e clique em Sim para continuar;
● Abrirá uma janela do Console de Recuperação, clique em Sim para instalar. Se aparecer outra janela do Console, clique em OK > Sim;
● Aguarde enquanto o ComboFix faz o scan;
● Se ocorrer algum problema durante o scan, reinicie seu computador em Modo de Segurança e repita o procedimento;
● Não clique na janela do ComboFix e procure não utilizar o teclado também, para não atrapalhar a varredura da ferramenta;
● Se quiser sair ou parar o ComboFix, tecle N;
● Quando terminar seu micro será reiniciado. Após o reinicio, a ferramenta executará novamente, aguarde;
● Será gerado um log em C:\ComboFix.txt.

Cole este log em sua próxima resposta.

_________________________________________________

ATIprogamer, há duas entradas ocultas em seu log. Vamos dar uma olhada nelas.

Siga abaixo:

Faça o download do DDS e salve no desktop

• Desative temporariamente seu antivirus e dê um duplo clique em dds.scr;
• Abrirá uma tela do DOS para você. Apenas aguarde;
• Ao término, serão abertos automaticamente dois logs. Um com o nome DDS.txt e outro Attach.txt. Estes logs também estarão salvos no desktop.

Cole os logs em sua próxima resposta.

Mr.Wolf o Combo Fix não está executando, ele instala em uma pasta no C: Na verdade ele só instala mas nao faz scan nenhum mas tem vários arquivos executaveis nessa pasta. Qual executo?

Desde já agradeço pela sua atenção e boa vontade!

snw · 03/03/2010

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:31, on 03/03/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Steam\Steam.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\EVGA Precision\EVGAPrecision.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files (x86)\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate1ca9e067668b6d5) (gupdate1ca9e067668b6d5) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9450 bytes

luisednardo · 04/03/2010

Mr.Wolf disse:
Opa luisednardo, tudo jóia?

Eu mudei de país, estou morando atualmente nos Estados Unidos (Nova York). Devido a isso e, por outros motivos pessoais, precisei me ausentar de todos os fóruns que eu participo durante um período indeterminado. Como o ritmo aqui é bem mais intenso que no Brasil, não tenho muito tempo para participar ativamente dos fóruns. Ainda tenho que me estabilizar melhor, creio que até o meio do ano eu consiga deixar tudo mais tranquilo.

Quanto à sua dúvida luisednardo, não é bug do Windows. Isto acontece no Windows XP e no Vista também. Já passei por isso em um PC antigo com o Vista instalado. A memória é efetivamente utilizada como um cache para os dados no disco, composto por várias informações necessárias, como arquivos de aplicativos, dados de aplicativos e arquivos de paginação. Um princípio fundamental de um cache é manter-se cheio em todos os momentos, a menos que esteja interferindo negativamente em suas atividades, está?

Embora não haja muito o que fazer nestes casos (pelo menos que eu saiba), como você deixa o computador ligado durante dias e em constante atividade (downloads, que já geram um grande aumento no cache), é até compreensível este consumo exagerado da memória. No entanto, posso lhe indicar o uso deste pequeno programa: CleanMem — que tende a otimizar o uso da memória. Não sei se fará algum efeito em seu sistema, mas não custa tentar!

Abraços

Olá Grande Wolf!
Comigo está tudo bem Graças a Deus! Com vc deve estar melhor ainda né? Já que agora foi pra terra do Tio Sam e escolheu logo o metro quadrado mais caro do mundo!!!! EIta! Parabéns pela mega promoção amigo! Você merece!
Em relação ao programa vou testá-lo esses dias e te aviso se ele cumpre o que promete.

Forte Abraço e Muita Sorte mesmo na sua nova vida!

Remoção de vírus

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Malware Removal

Member

Hungry Member

Banido

Active Member

New Member

Spider's

Hungry Member

Malware Removal

New Member

Banido

Active Member

Malware Removal

New Member

Hungry Member

Banido

Living the Dream

Spider's

Users who are viewing this thread