Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I want to check if my computer has any keylogger or similar. [Solved]


  • This topic is locked This topic is locked

#1
srg.garou

srg.garou

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

I want to check if my computer has any keylogger or similar malware. It is not showing any kind of problems, but my Firefox was reseted and I lost the installed plugins, so maybe someone used my computer when I wasn't around.

Here is the OTL log:



OTL logfile created on: 6/9/2012 22:39:48 - Run 2
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\João Mário\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,50 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 77,49% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,36% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 78,13 Gb Total Space | 11,74 Gb Free Space | 15,03% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 38,18 Gb Free Space | 24,67% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: João Mário | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 22:25:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
PRC - [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/06/07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/01/29 10:57:17 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
PRC - [2005/04/15 00:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/12/29 06:01:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/11/03 12:32:28 | 000,425,984 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2004/10/15 14:27:22 | 000,065,536 | ---- | M] (3M) -- C:\Arquivos de programas\3M\PSNLite\PSNGive.exe
PRC - [2004/10/15 14:26:54 | 002,080,768 | ---- | M] (3M) -- C:\Arquivos de programas\3M\PSNLite\PsnLite.exe


========== Modules (No Company Name) ==========

MOD - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2009/02/27 19:49:12 | 000,311,296 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\pdfshell.PTB
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2004/11/11 01:16:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2004/11/10 04:42:22 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2004/11/10 04:42:22 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2004/11/10 04:42:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll


========== Services (SafeList) ==========

SRV - [2012/09/06 21:41:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/04/03 23:26:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOOMRI~1\CONFIG~1\Temp\YIYD.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aihyd2l4)
DRV - [2012/08/16 21:46:35 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/22 12:54:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005/04/18 23:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/01 01:12:00 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/22 15:00:00 | 000,265,984 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2005/01/11 07:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2003/11/20 01:58:02 | 000,018,004 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\..\SearchScopes,DefaultScope = {7674BC1D-81BB-43BA-95E5-A33AC72DDC4F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=pt_BR
IE - HKCU\..\SearchScopes\{7674BC1D-81BB-43BA-95E5-A33AC72DDC4F}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{B4563F48-A80B-4474-82D4-9EC4B623D293}: "URL" = http://br.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Arquivos de programas\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/09/06 21:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/09/06 21:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/02/21 11:53:37 | 000,000,000 | ---D | M]

[2011/04/03 17:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Extensions
[2012/09/06 22:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions
[2012/09/06 21:43:20 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\[email protected]
[2012/09/06 21:48:12 | 000,470,149 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\[email protected]
[2012/09/06 22:15:33 | 000,340,132 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/09/06 21:48:12 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/09/06 22:15:33 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/09/06 21:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\[email protected]
[2012/09/06 21:41:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2012/08/29 12:25:06 | 000,002,465 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\bing.xml
[2012/08/29 12:25:06 | 000,002,253 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/03 23:10:57 | 000,001,263 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Office Keyboard] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [QuickGammaLoader] C:\Arquivos de programas\QuickGamma\QuickGammaLoader.exe (Eberhard Werle)
O4 - HKCU..\Run: [QuickGammaResume] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Altap Salamander 2.51.lnk = C:\Arquivos de programas\Altap Salamander 2.5\salamand.exe (ALTAP)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.38 189.7.32.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24042687-C25C-49E0-BB15-36A7BBC78D01}: DhcpNameServer = 189.7.32.38 189.7.32.33
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 22:51:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0646f852-8dac-11e1-9fb5-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{0646f852-8dac-11e1-9fb5-00e0760815f3}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{35e89d32-1ef9-11df-9bab-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{35e89d32-1ef9-11df-9bab-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{74bc94c0-112a-11df-9ba0-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{74bc94c0-112a-11df-9ba0-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{74bc94c3-112a-11df-9ba0-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{74bc94c3-112a-11df-9ba0-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 22:39:22 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
[2012/09/06 21:41:36 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox
[2012/09/06 15:42:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Tor Browser
[2012/09/03 16:28:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João Mário\Recent
[2012/09/02 20:30:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\URUSoft
[2012/08/16 22:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Acronis
[2012/08/16 21:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Acronis
[2012/08/16 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acronis
[2012/08/16 21:46:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Acronis
[2012/08/16 21:46:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Acronis
[2012/08/14 18:40:11 | 000,000,000 | ---D | C] -- C:\openssl
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 22:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/06 22:35:02 | 2683,621,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/06 22:33:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-725345543-1177238915-1003UA.job
[2012/09/06 22:25:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
[2012/09/06 00:33:42 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-725345543-1177238915-1003Core.job
[2012/09/05 01:17:22 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/04 21:39:48 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\Google Chrome.lnk
[2012/09/04 03:06:25 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\João Mário\Dados de aplicativos\vso_ts_preview.xml
[2012/09/03 10:19:09 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012/09/03 10:19:09 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/09/03 10:19:09 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/09/03 10:19:09 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2012/09/03 10:19:09 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2012/08/30 20:51:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/29 23:29:06 | 000,144,519 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\dump.sql
[2012/08/29 14:07:23 | 000,138,333 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2012/08/25 23:42:46 | 002,635,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/19 09:03:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/18 19:35:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2012/08/16 23:43:46 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\autopart.opt
[2012/08/16 21:46:34 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/29 23:28:54 | 000,144,519 | ---- | C] () -- C:\Documents and Settings\João Mário\Desktop\dump.sql
[2012/08/16 22:58:47 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\autopart.opt
[2012/08/16 21:46:34 | 000,001,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2012/08/07 18:52:07 | 000,866,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2012/07/19 23:36:06 | 000,235,724 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\census.cache
[2012/07/19 23:35:51 | 000,215,941 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\ars.cache
[2012/07/19 23:23:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\housecall.guid.cache
[2012/06/20 23:06:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/05/23 10:36:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft.SqlServer.Compact.351.32.bc
[2012/03/11 03:28:37 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\João Mário\Dados de aplicativos\vso_ts_preview.xml
[2012/02/16 11:23:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/06 17:50:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2011/09/02 23:36:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/05/09 00:42:00 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/05/09 00:42:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/05/09 00:42:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/05 16:51:08 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/02 16:11:59 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys
[2010/02/02 16:11:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\11063DB4C4.sys
[2010/01/31 10:43:34 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/16 21:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Acronis
[2010/02/21 11:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET
[2010/02/02 15:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/01/28 23:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Innovative Solutions
[2011/09/08 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations
[2010/02/01 01:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2011/05/09 00:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Minnetonka Audio Software
[2010/02/22 12:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MySQL
[2011/11/19 18:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia
[2012/03/24 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NokiaInstallerCache
[2011/07/04 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2011/06/21 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony
[2012/03/23 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
[2012/03/11 04:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk
[2012/04/28 23:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\3M
[2011/08/07 19:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\AMPSoft
[2011/06/26 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\AnvSoft
[2011/11/07 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Artisteer
[2012/09/05 02:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\BitTorrent
[2010/02/22 12:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\DAEMON Tools
[2012/08/21 11:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Dropbox
[2011/04/07 03:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\MySQL
[2012/01/24 09:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia
[2011/07/19 23:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia Ovi Suite
[2011/11/25 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia Suite
[2011/07/05 10:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\NSeries
[2011/07/05 15:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\PC Suite
[2011/06/21 00:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Publish Providers
[2011/08/18 21:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Sony
[2011/10/04 03:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Stellarium
[2012/09/04 01:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please go to: VirusTotal
Posted Image
  • Click the Choose File button and search for the following file (one by one):

    C:\WINDOWS\System32\sysprs7.dll

    Click Open > Scan It!.
  • Please be patient while the file is scanned.
  • Copy and past the Link (URL) with the results.

NEXT


Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\JOOMRI~1\CONFIG~1\Temp\YIYD.tmp -- (GarenaPEngine)
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask....s}&locale=pt_BR
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
FINALLY:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,

Here is the link from VirusTotal (not sure if is the correct one, but is the only one):

https://www.virustot...sis/1347231677/

---- Here is the OTL log ------

All processes killed
========== OTL ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
File C:\DOCUME~1\JOOMRI~1\CONFIG~1\Temp\YIYD.tmp not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: João Mário
->Temp folder emptied: 6245678 bytes
->Temporary Internet Files folder emptied: 3560766 bytes
->FireFox cache emptied: 55546903 bytes
->Google Chrome cache emptied: 17981038 bytes
->Flash cache emptied: 570 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2339411 bytes
%systemroot%\System32 .tmp files removed: 2969 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 707500 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb


OTL by OldTimer - Version 3.2.61.1 log created on 09092012_200506

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

---- End OTL log ------

---- Here is the aswMBR log ------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 20:29:22
-----------------------------
20:29:22.546 OS Version: Windows 5.1.2600 Service Pack 3
20:29:22.546 Number of processors: 1 586 0x2F02
20:29:22.546 ComputerName: GAROU-PC UserName:
20:29:22.765 Initialize success
20:29:37.890 AVAST engine defs: 12090901
20:29:41.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0
20:29:41.375 Disk 0 Vendor: SAMSUNG_ VT10 Size: 238475MB BusType: 1
20:29:41.375 Disk 0 MBR read successfully
20:29:41.375 Disk 0 MBR scan
20:29:41.406 Disk 0 Windows XP default MBR code
20:29:41.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80003 MB offset 63
20:29:41.406 Disk 0 Partition - 00 0F Extended LBA 158469 MB offset 163846935
20:29:41.421 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 158469 MB offset 163846998
20:29:41.421 Disk 0 scanning sectors +488392065
20:29:41.484 Disk 0 scanning C:\WINDOWS\system32\drivers
20:29:47.984 Service scanning
20:29:56.359 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
20:29:59.531 Modules scanning
20:30:04.937 Disk 0 trace - called modules:
20:30:04.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a1651f8]<<
20:30:04.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a13e548]
20:30:04.953 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target0Lun0[0x8a14aa38]
20:30:04.953 \Driver\viamraid[0x8a140a08] -> IRP_MJ_CREATE -> 0x8a1651f8
20:30:07.250 AVAST engine scan C:\WINDOWS
20:30:13.937 AVAST engine scan C:\WINDOWS\system32
20:33:35.531 AVAST engine scan C:\WINDOWS\system32\drivers
20:33:47.125 AVAST engine scan C:\Documents and Settings\João Mário
20:38:11.609 AVAST engine scan C:\Documents and Settings\All Users
20:39:36.250 Scan finished successfully
20:39:52.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\João Mário\Desktop\MBR.dat"
20:39:52.281 The log file has been saved successfully to "C:\Documents and Settings\João Mário\Desktop\aswMBR.txt"

---- End aswMBR log ------

But there really is a keylogger in my computer or is this just preventive actions?

Thanks.
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

But there really is a keylogger in my computer or is this just preventive actions?

I didn't found nothing on your logs that could be related to a keylogger. Let's keep looking.

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


NEXT

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic


  • 0

#5
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,

All actions taken and the logs you requested:

---- Here is Malware Bytes Log -----

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.10.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
João Mário :: GAROU-PC [administrator]

10/9/2012 17:36:18
mbam-log-2012-09-10 (17-36-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 450185
Time elapsed: 1 hour(s), 6 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 19
C:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163427.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163428.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP450\A0160350.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP450\A0160351.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163429.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163430.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163431.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163432.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163433.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163434.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163435.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163437.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163438.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163439.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163440.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163441.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163442.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{11E96D77-397C-498A-A65D-4A4842D90346}\RP463\A0163443.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

(end)


---- End Malware Bytes log ---------

--- Here is the second OTL log -----

OTL logfile created on: 10/9/2012 19:35:59 - Run 3
OTL by OldTimer - Version 3.2.61.1 Folder = C:\Documents and Settings\João Mário\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

2,50 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 72,16% Memory free
3,85 Gb Paging File | 3,38 Gb Available in Paging File | 87,90% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 78,13 Gb Total Space | 11,50 Gb Free Space | 14,72% Space Free | Partition Type: NTFS
Drive D: | 154,76 Gb Total Space | 38,12 Gb Free Space | 24,64% Space Free | Partition Type: NTFS

Computer Name: GAROU-PC | User Name: João Mário | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 22:25:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
PRC - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Arquivos de programas\Skype\Updater\Updater.exe
PRC - [2012/01/03 04:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/06/07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2010/09/22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2010/01/29 10:57:17 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe
PRC - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/05/14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/04/14 09:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe
PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe
PRC - [2005/04/15 00:01:46 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/12/29 06:01:56 | 000,544,768 | ---- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2004/11/03 12:32:28 | 000,425,984 | ---- | M] (Netropa Corp.) -- C:\WINDOWS\MMKeybd.exe
PRC - [2004/10/15 14:27:22 | 000,065,536 | ---- | M] (3M) -- C:\Arquivos de programas\3M\PSNLite\PSNGive.exe
PRC - [2004/10/15 14:26:54 | 002,080,768 | ---- | M] (3M) -- C:\Arquivos de programas\3M\PSNLite\PsnLite.exe


========== Modules (No Company Name) ==========

MOD - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2009/02/27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MOD - [2009/02/27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MOD - [2004/11/11 01:16:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2004/11/10 04:42:22 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2004/11/10 04:42:22 | 000,049,152 | ---- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2004/11/10 04:42:20 | 000,045,056 | ---- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2004/11/02 10:12:20 | 000,065,536 | ---- | M] () -- C:\WINDOWS\sm56brz.dll


========== Services (SafeList) ==========

SRV - [2012/09/06 21:41:43 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Arquivos de programas\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/04/03 23:26:50 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/25 19:53:46 | 002,139,400 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2009/07/24 19:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/05/14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/09/20 15:35:38 | 000,382,248 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 12:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Arquivos de programas\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (awl62s2c)
DRV - [2012/08/16 21:46:35 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/22 12:54:13 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/05/14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2005/04/18 23:40:52 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2005/04/01 01:12:00 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/02/22 15:00:00 | 000,265,984 | R--- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mrv8000c.sys -- (W8335XP)
DRV - [2005/01/11 07:25:10 | 000,923,826 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2003/11/20 01:58:02 | 000,018,004 | R--- | M] (Silan Micro-Electronics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slnt.sys -- (slnt)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsof...ss/allinone.asp
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\..\SearchScopes,DefaultScope = {7674BC1D-81BB-43BA-95E5-A33AC72DDC4F}
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\..\SearchScopes\{7674BC1D-81BB-43BA-95E5-A33AC72DDC4F}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\..\SearchScopes\{B4563F48-A80B-4474-82D4-9EC4B623D293}: "URL" = http://br.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledAddons: ra[email protected]:1.5.1
FF - prefs.js..extensions.enabledAddons: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.2.2
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.1
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Arquivos de programas\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Documents and Settings\João Mário\Dados de aplicativos\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2012/09/06 21:41:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2012/09/06 21:41:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/02/21 11:53:37 | 000,000,000 | ---D | M]

[2011/04/03 17:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Extensions
[2012/09/06 22:15:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions
[2012/09/06 21:43:20 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\[email protected]
[2012/09/06 21:48:12 | 000,470,149 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\[email protected]
[2012/09/06 22:15:33 | 000,340,132 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/09/06 21:48:12 | 001,268,546 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2012/09/06 22:15:33 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\João Mário\Dados de aplicativos\Mozilla\Firefox\Profiles\10q0gpb2.default-1346978255546\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/09/06 21:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de programas\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\JOãO MáRIO\DADOS DE APLICATIVOS\MOZILLA\FIREFOX\PROFILES\10Q0GPB2.DEFAULT-1346978255546\EXTENSIONS\[email protected]
[2012/09/06 21:41:43 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Arquivos de programas\mozilla firefox\components\browsercomps.dll
[2012/08/29 12:25:06 | 000,002,465 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\bing.xml
[2012/08/29 12:25:06 | 000,002,253 | ---- | M] () -- C:\Arquivos de programas\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Arquivos de programas\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Arquivos de programas\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jo\u00E3o M\u00E1rio\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/04/03 23:10:57 | 000,001,263 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Arquivos de programas\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Arquivos de programas\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Arquivos de programas\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Office Keyboard] C:\WINDOWS\MMKeybd.exe (Netropa Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003..\Run: [QuickGammaLoader] C:\Arquivos de programas\QuickGamma\QuickGammaLoader.exe (Eberhard Werle)
O4 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003..\Run: [QuickGammaResume] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Altap Salamander 2.51.lnk = C:\Arquivos de programas\Altap Salamander 2.5\salamand.exe (ALTAP)
O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Post-it® Software Notes Lite.lnk = C:\Arquivos de programas\3M\PSNLite\PsnLite.exe (3M)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-725345543-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1347197958703 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.32.38 189.7.32.33
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24042687-C25C-49E0-BB15-36A7BBC78D01}: DhcpNameServer = 189.7.32.38 189.7.32.33
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/28 22:51:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0646f852-8dac-11e1-9fb5-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{0646f852-8dac-11e1-9fb5-00e0760815f3}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{35e89d32-1ef9-11df-9bab-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{35e89d32-1ef9-11df-9bab-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{74bc94c0-112a-11df-9ba0-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{74bc94c0-112a-11df-9ba0-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{74bc94c3-112a-11df-9ba0-00e0760815f3}\Shell - "" = AutoRun
O33 - MountPoints2\{74bc94c3-112a-11df-9ba0-00e0760815f3}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/09 20:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João Mário\Desktop\Sketches
[2012/09/09 20:10:28 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\João Mário\Desktop\aswMBR.exe
[2012/09/09 20:05:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/07 20:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João Mário\Dados de aplicativos\raidcall
[2012/09/07 20:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João Mário\Menu Iniciar\Programas\RaidCall
[2012/09/07 20:55:43 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\RaidCall
[2012/09/06 22:39:22 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
[2012/09/06 21:41:36 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Mozilla Firefox
[2012/09/06 15:42:26 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Tor Browser
[2012/09/03 16:28:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João Mário\Recent
[2012/09/02 20:30:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\URUSoft
[2012/08/16 22:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Acronis
[2012/08/16 21:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Acronis
[2012/08/16 21:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acronis
[2012/08/16 21:46:13 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Acronis
[2012/08/16 21:46:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Acronis
[2012/08/14 18:40:11 | 000,000,000 | ---D | C] -- C:\openssl

========== Files - Modified Within 30 Days ==========

[2012/09/10 19:34:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/10 19:34:07 | 2683,621,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/10 18:33:07 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-725345543-1177238915-1003UA.job
[2012/09/10 02:20:25 | 006,496,871 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\Sponsors.ai
[2012/09/10 00:33:00 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-725345543-1177238915-1003Core.job
[2012/09/09 21:29:58 | 022,988,963 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\Sponsors.eps
[2012/09/09 20:10:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\João Mário\Desktop\aswMBR.exe
[2012/09/09 10:35:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/08 23:17:41 | 000,138,333 | ---- | M] () -- C:\WINDOWS\FontData.fdb
[2012/09/07 20:56:01 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\RaidCall.lnk
[2012/09/07 15:53:17 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/09/06 22:25:35 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Mário\Desktop\OTL.exe
[2012/09/04 21:39:48 | 000,002,419 | ---- | M] () -- C:\Documents and Settings\João Mário\Desktop\Google Chrome.lnk
[2012/09/04 03:06:25 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\João Mário\Dados de aplicativos\vso_ts_preview.xml
[2012/09/03 10:19:09 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012/09/03 10:19:09 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012/09/03 10:19:09 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2012/09/03 10:19:09 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2012/09/03 10:19:09 | 000,000,021 | ---- | M] () -- C:\WINDOWS\SurCode.INI
[2012/08/30 20:51:00 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/25 23:42:46 | 002,635,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 19:35:05 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2012/08/16 23:43:46 | 000,000,163 | ---- | M] () -- C:\WINDOWS\System32\autopart.opt
[2012/08/16 21:46:34 | 000,001,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk

========== Files Created - No Company Name ==========

[2012/09/10 02:20:20 | 006,496,871 | ---- | C] () -- C:\Documents and Settings\João Mário\Desktop\Sponsors.ai
[2012/09/09 21:26:55 | 022,988,963 | ---- | C] () -- C:\Documents and Settings\João Mário\Desktop\Sponsors.eps
[2012/09/07 20:56:01 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\João Mário\Desktop\RaidCall.lnk
[2012/08/16 22:58:47 | 000,000,163 | ---- | C] () -- C:\WINDOWS\System32\autopart.opt
[2012/08/16 21:46:34 | 000,001,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acronis Disk Director Home.lnk
[2012/08/07 18:52:07 | 000,866,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2012/07/19 23:36:06 | 000,235,724 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\census.cache
[2012/07/19 23:35:51 | 000,215,941 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\ars.cache
[2012/07/19 23:23:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\housecall.guid.cache
[2012/06/20 23:06:25 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/05/23 10:36:40 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft.SqlServer.Compact.351.32.bc
[2012/03/11 03:28:37 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\João Mário\Dados de aplicativos\vso_ts_preview.xml
[2012/02/16 11:23:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/06 17:50:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2011/09/02 23:36:12 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2011/05/09 00:42:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2011/05/09 00:42:00 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2011/05/09 00:42:00 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2011/05/09 00:42:00 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI
[2011/04/05 16:51:08 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/02/02 16:11:59 | 000,002,672 | -HS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys
[2010/02/02 16:11:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\11063DB4C4.sys
[2010/01/31 10:43:34 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\João Mário\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/16 21:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Acronis
[2010/02/21 11:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET
[2010/02/02 15:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2010/01/28 23:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Innovative Solutions
[2011/09/08 16:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Installations
[2010/02/01 01:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!
[2011/05/09 00:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Minnetonka Audio Software
[2010/02/22 12:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MySQL
[2011/11/19 18:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nokia
[2012/03/24 10:41:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NokiaInstallerCache
[2011/07/04 19:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PC Suite
[2011/06/21 00:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony
[2012/03/23 16:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp
[2012/03/11 04:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk
[2012/04/28 23:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\3M
[2011/08/07 19:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\AMPSoft
[2011/06/26 21:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\AnvSoft
[2011/11/07 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Artisteer
[2012/09/05 02:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\BitTorrent
[2010/02/22 12:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\DAEMON Tools
[2012/08/21 11:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Dropbox
[2011/04/07 03:48:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\MySQL
[2012/01/24 09:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia
[2011/07/19 23:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia Ovi Suite
[2011/11/25 17:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Nokia Suite
[2011/07/05 10:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\NSeries
[2011/07/05 15:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\PC Suite
[2011/06/21 00:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Publish Providers
[2012/09/07 22:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\raidcall
[2011/08/18 21:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Sony
[2011/10/04 03:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Stellarium
[2012/09/04 01:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Mário\Dados de aplicativos\Vso

========== Purity Check ==========



< End of report >


--- End of second OTL log ----------
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#7
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the log:

---- ESET Online Scanner log ----
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fee42550577acf43b92d2a384cecf4b5
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-11 04:34:26
# local_time=2012-09-11 01:34:26 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 81640613 81640613 0 0
# compatibility_mode=8199 39157157 100 100 0 104087593 0 0
# scanned=228916
# found=1
# cleaned=1
# scan_time=6019
# nod_component=V3 Build:0x30000000
D:\Sergio\_Games\LIMBO.v1.0r4.multi9.cracked-THETA\LIMBO.exe a variant of Win32/HackTool.Crack.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


  • 0

#9
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the requested log:

Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 4.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

Update your Flash Player:
http://get.adobe.com/br/flashplayer/

Uncheck the box Yes, I want install McAfee Security Scan Plus

Next:

Update your Adobe Reader:
http://get.adobe.com/br/reader/

Uncheck the box Yes, I want install McAfee Security Scan Plus
  • 0

#11
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,

My computer is the same as before. It is not showing any kind of problems, except that one of my Firefox was reseted and I lost the installed plugins, which got me suspicious that maybe someone did something to my computer, and then I came here asking for help =)

I updated both Flash Player and Acrobat Reader.
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello,

I didn't found nothing wrong with your computer.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#13
srg.garou

srg.garou

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

I'll keep things updated and run checks regularly. Maybe I was being just overzealous about it, but better safe than sorry =).
Thanks for all your help.
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP