Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Não estou conseguindo abrir o internet explorer nem o google chrome....penso que ha algum elemento malicioso no meu computador, ajudem me por favor...o que devo fazer, deixo aqui o meu log para que me possam ajudar:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:07:16, on 09-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\AVG\AVG9\avgchsvx.exe
C:\Programas\AVG\AVG9\avgrsx.exe
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\Programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programas\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
C:\Programas\AVG\AVG9\avgnsx.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programas\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\regedit.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 12696 bytes
Obrigado
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Versão da base de dados: 4183
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
09-06-2010 20:39:03
mbam-log-2010-06-09 (20-39-03).txt
Tipo de pesquisa: Completa (C:\|D:\|E:\|)
Objectos verificados: 272022
Tempo decorrido: 1 hora(s), 16 minuto(s), 9 segundo(s)
Processos de memória infectados: 0
módulos de Memória infectados: 0
Chaves do Registo Infectadas: 2
Valores do Registo infectados: 0
Itens de dados do Registo Infectados: 0
Pastas Infectadas: 0
Ficheiros Infectados: 3
Processos de memória infectados:
(Nenhum item malicioso detectado)
módulos de Memória infectados:
(Nenhum item malicioso detectado)
Chaves do Registo Infectadas:
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valores do Registo infectados:
(Nenhum item malicioso detectado)
Itens de dados do Registo Infectados:
(Nenhum item malicioso detectado)
Pastas Infectadas:
(Nenhum item malicioso detectado)
Ficheiros Infectados:
C:\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\WINDOWS\Ifetaa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
__________________________________________________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:13, on 09-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\AVG\AVG9\avgchsvx.exe
C:\Programas\AVG\AVG9\avgrsx.exe
C:\Programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programas\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
C:\Programas\AVG\AVG9\avgnsx.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programas\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Programas\Windows Live\Contacts\wlcomm.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe
C:\Programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe
C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 13030 bytes
____________________________________________________________________________________________________
OTL logfile created on: 09-06-2010 20:40:48 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\João Bezerra\Ambiente de trabalho
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 48,94 Gb Total Space | 5,66 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
Drive D: | 48,15 Gb Total Space | 6,35 Gb Free Space | 13,19% Space Free | Partition Type: NTFS
Drive E: | 14,69 Gb Total Space | 7,11 Gb Free Space | 48,39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 9116B118D86A470
Current User Name: João Bezerra
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe (OldTimer Tools)
PRC - C:\Programas\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programas\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programas\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programas\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe ()
PRC - C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe ()
PRC - C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\João Bezerra\Definições locais\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe ()
PRC - C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe (BinarySense, Inc.)
PRC - C:\Programas\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
PRC - C:\Programas\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Programas\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programas\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programas\ESRI\License\arcgis9x\ARCGIS.EXE ()
PRC - C:\Programas\ESRI\License\arcgis9x\lmgrd.exe ()
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\atsec6.dll ()
MOD - C:\Programas\eMail ID\OEAddOn\OEldr_7.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (wpasvc) -- File not found
SRV - (avg9wd) -- C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (IconixService) -- C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (odserv) -- C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (HDDlife HDD Access service) -- C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe (BinarySense, Inc.)
SRV - (rcp_service) -- C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe (ReaSoft)
SRV - (LVSrvLauncher) -- C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (ose) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Programas\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Programas\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Programas\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ArcGIS License Manager) -- C:\Programas\ESRI\License\arcgis9x\lmgrd.exe ()
========== Driver Services (SafeList) ==========
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NETw5x32) Controlador da placa Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)
DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {1253D21B-263B-1843-275C-1726DA8B2A12}:3.90.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG9\Firefox [2010-06-07 03:12:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programas\Mozilla Firefox\components [2010-04-16 18:20:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2010-06-08 11:53:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programas\Mozilla Thunderbird\components [2009-09-29 12:29:46 | 000,000,000 | ---D | M]
[2008-12-23 15:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Extensions
[2010-06-09 03:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions
[2009-07-27 18:10:27 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009-11-20 00:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions\firefox@tvunetworks.com
[2010-06-09 03:43:21 | 000,000,000 | ---D | M] -- C:\Programas\Mozilla Firefox\extensions
[2010-03-14 17:08:26 | 000,000,000 | ---D | M] (Iconix) -- C:\Programas\Mozilla Firefox\extensions\{1253D21B-263B-1843-275C-1726DA8B2A12}
[2010-06-08 11:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008-09-04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npbittorrent.dll
[2010-06-08 11:52:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-03-14 17:08:22 | 000,195,928 | ---- | M] () -- C:\Programas\Mozilla Firefox\plugins\npIconixProxy36.dll
[2010-03-13 14:29:27 | 000,001,525 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010-03-13 14:29:27 | 000,001,529 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\priberam.xml
[2010-03-13 14:29:27 | 000,002,071 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\sapo.xml
[2009-12-09 10:46:54 | 000,000,832 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\WebSearch.xml
[2010-03-13 14:29:27 | 000,000,942 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml
[2010-03-13 14:29:27 | 000,000,648 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\yahoo-br.xml
[2009-11-20 00:28:36 | 000,002,380 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\zwunzi127.xml
O1 HOSTS File: ([2010-06-08 19:55:14 | 000,403,742 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()
O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [EOUApp] C:\Programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [iconixOEAddOn] C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe ()
O4 - HKLM..\Run: [intelZeroConfig] C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programas\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PC-Checkup] C:\PC-Checkup\PCCheckUp.exe (MicroSmarts LLC.)
O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://pt.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab) (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab) (Java Plug-in 1.6.0_20)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.58 212.113.164.51 212.113.164.50
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll (BinarySense, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-12-23 15:08:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: javatupn - (C:\WINDOWS\system32\atsec6.dll) - C:\WINDOWS\system32\atsec6.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-06-09 20:39:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe
[2010-06-09 17:50:38 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\mbam-setup-1.46.exe
[2010-06-09 02:10:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010-06-09 02:06:34 | 000,000,000 | ---D | C] -- C:\Programas\Hijackthis
[2010-06-09 01:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2
[2010-06-09 01:37:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-06-09 01:36:50 | 000,000,000 | ---D | C] -- C:\Programas\Bing Bar Installer
[2010-06-08 19:11:15 | 000,000,000 | ---D | C] -- C:\Programas\Thoosje
[2010-06-08 19:08:04 | 000,000,000 | ---D | C] -- C:\PC-Checkup
[2010-06-08 19:07:44 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010-06-08 19:07:43 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010-06-08 19:07:43 | 000,000,000 | ---D | C] -- C:\Programas\AML Products
[2010-06-08 18:50:08 | 000,000,000 | ---D | C] -- C:\Programas\Unlocker
[2010-06-08 11:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010-06-08 11:54:06 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java
[2010-06-08 11:53:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-08 11:53:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-08 11:53:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-08 11:53:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-08 11:53:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-08 11:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João Bezerra\Recent
[2010-06-08 00:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João Bezerra\Application Data\AF3F9D4DCC3A3BF7A5AA2FD913D1AA1B
[2010-06-01 19:20:01 | 000,000,000 | ---D | C] -- C:\Programas\K-Lite Codec Pack
[2010-05-30 16:22:28 | 000,000,000 | ---D | C] -- C:\Programas\bet-at-home.com Poker
[2010-05-28 01:58:43 | 000,000,000 | ---D | C] -- C:\BTNext
[2010-05-28 01:52:16 | 000,000,000 | ---D | C] -- C:\Programas\BTNext Evolution
[6 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[2 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010-06-09 20:39:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe
[2010-06-09 19:52:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-06-09 19:26:33 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010-06-09 18:41:37 | 060,860,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010-06-09 17:52:44 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk
[2010-06-09 17:51:34 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\mbam-setup-1.46.exe
[2010-06-09 17:43:57 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\João Bezerra\NTUSER.DAT
[2010-06-09 14:25:10 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010-06-09 12:12:37 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job
[2010-06-09 02:06:35 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\HiJackThis.lnk
[2010-06-09 01:43:14 | 000,097,112 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\GDIPFONTCACHEV1.DAT
[2010-06-09 01:42:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-06-09 01:41:50 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-06-09 01:41:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-06-09 01:41:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-06-09 01:40:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\João Bezerra\ntuser.ini
[2010-06-09 01:31:44 | 000,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-06-09 01:29:48 | 012,931,872 | -H-- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\IconCache.db
[2010-06-08 19:55:14 | 000,403,742 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-06-08 19:24:58 | 000,017,608 | ---- | M] () -- C:\cc_20081230_204348.reg
[2010-06-08 19:24:17 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-06-08 19:23:55 | 000,486,748 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2010-06-08 19:23:55 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-06-08 19:23:55 | 000,083,210 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2010-06-08 19:23:54 | 001,086,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-06-08 19:23:54 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-06-08 19:07:52 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2010-06-08 18:55:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\reimage.ini
[2010-06-08 11:52:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010-06-08 11:52:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010-06-08 11:52:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010-06-08 11:52:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010-06-08 11:52:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010-06-08 00:01:20 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\opujnmbnymjuhppi.exe
[2010-06-07 23:53:36 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\atsec6.dll
[2010-06-07 20:59:57 | 000,122,922 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aposta.JPG
[2010-06-03 08:53:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010-06-03 08:53:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010-06-01 19:13:07 | 038,166,528 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\00076.MTS
[2010-06-01 11:21:07 | 000,098,221 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\PS1026_3,jpg.jpg
[2010-05-31 01:22:34 | 010,854,027 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\bt_up_by_RedFire.rar
[2010-05-31 01:13:45 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-28 01:52:18 | 000,001,568 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\BTNext Evolution.lnk
[2010-05-25 03:16:35 | 003,675,619 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Neutron Star Collision.mp3
[2010-05-20 03:07:43 | 687,147,180 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 10.5.2010.avi
[2010-05-20 02:12:30 | 774,643,800 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 3.05.2010.avi
[2010-05-19 14:42:36 | 658,829,098 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 26.04.2010.avi
[2010-05-19 12:31:35 | 664,475,026 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Programa 45 minutos 19.04.2010.avi
[2010-05-19 04:40:08 | 706,305,548 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45Minutos 17.5.2010.avi
[2010-05-19 04:31:14 | 000,049,424 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aae.jpg
[2010-05-14 00:09:08 | 000,099,647 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\campw.png
[2010-05-12 18:58:55 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Google Earth.lnk
[6 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[2 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp -> ]
========== Files Created - No Company Name ==========
[2010-06-09 02:06:35 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\HiJackThis.lnk
[2010-06-08 18:55:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2010-06-08 12:11:30 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010-06-08 00:01:20 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\opujnmbnymjuhppi.exe
[2010-06-07 23:53:36 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\atsec6.dll
[2010-06-07 20:59:57 | 000,122,922 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aposta.JPG
[2010-06-01 19:20:04 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010-06-01 19:08:01 | 038,166,528 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\00076.MTS
[2010-06-01 11:21:06 | 000,098,221 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\PS1026_3,jpg.jpg
[2010-05-31 01:21:55 | 010,854,027 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\bt_up_by_RedFire.rar
[2010-05-28 01:52:18 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\BTNext Evolution.lnk
[2010-05-24 02:02:14 | 003,675,619 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Neutron Star Collision.mp3
[2010-05-20 02:20:07 | 687,147,180 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 10.5.2010.avi
[2010-05-20 00:30:43 | 774,643,800 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 3.05.2010.avi
[2010-05-19 12:39:15 | 658,829,098 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 26.04.2010.avi
[2010-05-19 11:40:57 | 664,475,026 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Programa 45 minutos 19.04.2010.avi
[2010-05-19 04:31:14 | 000,049,424 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aae.jpg
[2010-05-19 03:48:49 | 706,305,548 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45Minutos 17.5.2010.avi
[2010-05-14 00:09:03 | 000,099,647 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\campw.png
[2010-05-12 18:58:55 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Google Earth.lnk
[2009-12-15 01:17:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009-11-25 02:53:47 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll
[2009-09-25 01:31:37 | 000,004,426 | ---- | C] () -- C:\WINDOWS\sb30.ini
[2009-06-29 22:33:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\DirectionsUI.INI
[2009-06-29 22:33:40 | 000,000,043 | ---- | C] () -- C:\WINDOWS\NetworkAnalystUI.INI
[2009-06-23 02:29:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009-06-22 19:18:45 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll
[2009-06-22 19:18:26 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini
[2009-06-17 22:46:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009-06-16 16:09:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009-06-16 16:09:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2009-06-16 16:06:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009-06-16 16:06:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009-04-01 00:49:24 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2009-04-01 00:49:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2009-03-25 05:20:10 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
[2009-03-12 15:49:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini
[2009-03-04 22:56:16 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-02-10 17:09:21 | 000,000,326 | ---- | C] () -- C:\WINDOWS\pdf2word.INI
[2009-01-28 22:51:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2009-01-28 22:51:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008-12-29 19:12:14 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008-12-23 18:37:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008-12-23 15:30:11 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2008-12-23 15:08:37 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008-05-26 23:23:02 | 000,016,742 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008-05-26 23:23:00 | 000,023,232 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008-05-26 23:22:58 | 000,015,892 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006-05-16 07:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[1997-06-25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll
========== LOP Check ==========
[2009-04-02 04:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Application Data\eMail ID
[2009-07-15 01:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags
[2010-04-30 04:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2009-10-28 04:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-05-30 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media
[2009-08-17 20:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CardPlayer
[2009-04-08 03:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMail ID
[2009-03-12 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009-04-01 00:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2009-01-19 17:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2010-06-09 01:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2
[2009-05-08 20:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009-05-08 20:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2009-03-04 22:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2009-03-25 04:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
[2009-10-15 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010-06-09 01:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-03-04 22:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}
[2009-04-01 19:24:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009-01-28 23:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\2K Sports
[2010-06-08 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\AF3F9D4DCC3A3BF7A5AA2FD913D1AA1B
[2009-01-12 01:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BinarySense
[2009-03-31 04:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BitDefender Deployment Tool
[2010-04-05 03:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BitTorrent
[2009-04-01 02:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008-12-29 19:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\DAEMON Tools
[2008-12-23 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\DNA
[2010-01-24 14:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Dropbox
[2009-03-30 19:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\eMail ID
[2009-06-29 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\ESRI
[2009-12-03 03:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\gtk-2.0
[2009-04-08 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Image Zone Express
[2009-02-02 23:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\ImgBurn
[2009-09-29 03:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Inkscape
[2009-11-26 00:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\IObit
[2009-01-02 17:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Leadertech
[2010-06-09 01:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\MessengerDiscovery 2
[2010-05-29 18:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Microgaming
[2009-02-04 02:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Nvu
[2009-01-22 02:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\PowerChallenge
[2009-05-31 23:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Pro Cycling Manager 2007
[2010-05-02 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\RCP 5
[2009-04-01 19:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Safer Networking
[2010-01-02 15:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\SecondLife
[2009-10-30 21:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Sports Interactive
[2010-05-02 17:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Summitsoft
[2009-01-21 20:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\TeamViewer
[2010-06-08 18:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\TeraCopy
[2009-09-29 12:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Thunderbird
[2010-06-08 18:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Uniblue
[2009-04-07 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\VoipBuster
[2010-02-10 01:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\VoipStunt
[2009-07-01 03:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Web Page Maker
[2009-01-08 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Windows Desktop Search
[2009-01-08 16:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Windows Search
[2010-06-09 19:26:33 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010-06-09 12:12:37 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC
< End of report >
_______________________________________________________________________________________________________________________--
OTL Extras logfile created on: 09-06-2010 20:40:48 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\João Bezerra\Ambiente de trabalho
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 48,94 Gb Total Space | 5,66 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
Drive D: | 48,15 Gb Total Space | 6,35 Gb Free Space | 13,19% Space Free | Partition Type: NTFS
Drive E: | 14,69 Gb Total Space | 7,11 Gb Free Space | 48,39% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: 9116B118D86A470
Current User Name: João Bezerra
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programas\Mozilla Firefox\firefox.exe" = C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- File not found
"C:\Programas\Bit Torrent\BitTorrent.exe" = C:\Programas\Bit Torrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de gestão da Microsoft -- (Microsoft Corporation)
"C:\Programas\Sports Interactive\Football Manager 2010\fm.exe" = C:\Programas\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Programas\TeamViewer\Version4\TeamViewer.exe" = C:\Programas\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Aplicação de controle remoto TeamViewer -- (TeamViewer GmbH)
"C:\Programas\SecondLife\SLVoice.exe" = C:\Programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Documents and Settings\João Bezerra\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\João Bezerra\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Programas\Poker Clock\PokerClock.exe" = C:\Programas\Poker Clock\PokerClock.exe:*:Enabled:PokerClock -- ()
"C:\Programas\Java\jre6\bin\java.exe" = C:\Programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programas\8BallClub\GameDirector.exe" = C:\Programas\8BallClub\GameDirector.exe:*:Enabled:8BallClub Game -- ()
"C:\Programas\BTNext Evolution\BTNext.exe" = C:\Programas\BTNext Evolution\BTNext.exe:*:Enabled:BT Next -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{043FF26B-56EE-4BFC-93EA-5661C6051B65}" = AdtvSoft 1.1a
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application
"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}" = Windows Live Messenger
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}" = Assistente de Início de Sessão do Windows Live
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0
"{40F8FD5F-4701-48D6-A8FC-1F188007DF38}" = ArcGIS Desktop
"{418001D0-F48E-4910-966C-0DCCC996A87A}" = Windows Live Call
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{471F79CC-41F5-458F-B768-7F687F97B6EC}" = SPSS 15.0 para Windows
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{50CEA963-2745-46A8-BE71-767F2B36FEF2}" = Windows Live Essentials
"{5DDE08CC-57E4-4CC9-879C-DD933A50FD65}" = Poker Clock 2.1
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{868F24EB-5CA7-4285-B39B-3617CF37462A}" = D2300_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0816-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Portugal)) 12
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.2 - Português
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CC147B6B-B7EB-46AC-8649-A7DA3A76B0EC}" = BitDefender Deployment Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D297A783-A680-4FDB-8882-913EBA36ABC5}" = D2300
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (ptb)
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}" = HDDlife Pro 3.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFFDEC7F-B24F-4C40-8639-7702671B8D67}_is1" = NS Virtual DJ 6.0 Full
"8BallClub" = 8BallClub Billiards
"AcerOrbiCamDrv" = Driver da Acer Camera
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ArcGIS License Manager" = ArcGIS License Manager
"AVG9Uninstall" = AVG Free 9.0
"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)
"bet365poker" = Poker at bet365
"bet-at-home.com Poker" = bet-at-home.com Poker
"BetClic Poker" = BetClic Poker
"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 10.2
"BTNext Evolution" = BTNext Evolution
"Cake Poker" = Cake Poker
"CamStudio" = CamStudio
"CCleaner" = CCleaner (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Everest Poker" = Everest Poker (Remove Only)
"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)
"Football Manager 2010" = Football Manager 2010
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Google Updater" = Google Updater
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.46
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"Interwetten Poker_is1" = Interwetten Poker
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mansion Poker" = MansionPoker
"McAfee Security Scan" = McAfee Security Scan
"Messenger Plus! Live" = Messenger Plus! Live
"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.79
"MessengerDiscovery_is1" = MessengerDiscovery 2.5.95
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Native Instruments Traktor" = Native Instruments Traktor
"Nvu_is1" = Nvu 1.0
"opujnmbnymjuhppi" = Performance Platform Voguecash
"PartyPoker" = PartyPoker
"PC-Checkup" = PC-Checkup
"PKR" = PKR
"Poker 770" = Poker 770
"PokerStars" = PokerStars
"PowerDraw V30" = PowerDraw V30
"ProInst" = Software do Intel® PROSet/Wireless
"Python 2.1" = Python 2.1
"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions
"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva (remove only)
"SecondLife" = SecondLife (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"TeraCopy_is1" = TeraCopy 1.22
"Thoosje Windows XP Quick Optimizer" = Thoosje Windows XP Quick Optimizer
"Trend Micro eMail ID" = Trend Micro™ eMail ID
"unibetpoker (Poker)" = Unibet
"Uninstall_is1" = Uninstall 1.0.0.1
"Universal Document Converter_is1" = Universal Document Converter
"Unlocker" = Unlocker 1.8.9
"Veetle TV" = Veetle TV 0.9.17
"VeryPDF PDF2Word v2.0_is1" = VeryPDF PDF2Word v2.0
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VoipStunt_is1" = VoipStunt
"Web Page Maker_is1" = Web Page Maker V3.12
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = Arquivo do WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08-06-2010 14:20:20 | Computer Name = 9116B118D86A470 | Source = Application Error | ID = 1000
Description = Aplicação em falha startup.exe, versão 4.0.0.0, módulo em falha unknown,
versão 0.0.0.0, endereço em falha 0x022e5690.
Error - 08-06-2010 20:32:02 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041
Description = Não é possível ao Windows consultar a entrada de registo DllName de
{7B849a69-220F-451E-B3FE-2CB811AF94AE}, pelo que não será carregada. O mais provável
é que esta situação tenha sido provocada por um registo com erros.
Error - 08-06-2010 20:32:02 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041
Description = Não é possível ao Windows consultar a entrada de registo DllName de
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, pelo que não será carregada. O mais provável
é que esta situação tenha sido provocada por um registo com erros.
Error - 08-06-2010 20:32:07 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041
Description = Não é possível ao Windows consultar a entrada de registo DllName de
{7B849a69-220F-451E-B3FE-2CB811AF94AE}, pelo que não será carregada. O mais provável
é que esta situação tenha sido provocada por um registo com erros.
Error - 08-06-2010 20:32:07 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041
Description = Não é possível ao Windows consultar a entrada de registo DllName de
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, pelo que não será carregada. O mais provável
é que esta situação tenha sido provocada por um registo com erros.
Error - 08-06-2010 20:32:34 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3038
Description = O colector não consegue ler o registo DocIdMapFile. Contexto: Aplicação
, Catálogo SystemIndex Detalhes: O sistema não conseguiu localizar o ficheiro especificado.
(0x80070002)
Error - 08-06-2010 20:32:40 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3028
Description = Não foi possível inicializar o objecto do colector. Contexto: Aplicação
Windows, Catálogo SystemIndex Detalhes: Não é possível ler o valor do registo porque
a configuração é inválida. Recrie a configuração do índice de conteúdos removendo
o índice de conteúdos. (0x80040d03)
Error - 08-06-2010 20:32:40 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3058
Description = Não foi possível inicializar a aplicação. Contexto: Aplicação Windows
Detalhes:
Não
é possível ler o valor do registo porque a configuração é inválida. Recrie a configuração
do índice de conteúdos removendo o índice de conteúdos. (0x80040d03)
Error - 08-06-2010 20:40:17 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3083
Description = Não é possível carregar a rotina de tratamento de protocolos IEPH.HistoryHandler.
Descrição do erro: O sistema não conseguiu localizar o ficheiro especificado.
.
Error - 08-06-2010 20:40:17 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3083
Description = Não é possível carregar a rotina de tratamento de protocolos IEPH.RSSHandler.
Descrição do erro: MAPI: falha no início de sessão. .
[ OSession Events ]
Error - 17-06-2009 18:13:14 | Computer Name = 9116B118D86A470 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.
Error - 16-07-2009 10:31:25 | Computer Name = 9116B118D86A470 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08-06-2010 7:03:09 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7026
Description = Falhou o carregamento dos seguintes controladores de início de arranque
ou de início do sistema: sptd
Error - 08-06-2010 7:34:44 | Computer Name = 9116B118D86A470 | Source = Dhcp | ID = 1001
Description = A rede não atribuiu um endereço ao computador (através do servidor
DHCP)
para a placa de rede com o endereço de rede 0019D2090D7B. Ocorreu o seguinte erro:
%%1223. O computador continuará a tentar obter um endereço por si só a partir do
servidor de endereços de rede (DHCP).
Error - 08-06-2010 13:30:23 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010
Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado
no DCOM dentro do tempo de espera requerido.
Error - 08-06-2010 13:30:53 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010
Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado
no DCOM dentro do tempo de espera requerido.
Error - 08-06-2010 14:23:21 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010
Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado
no DCOM dentro do tempo de espera requerido.
Error - 08-06-2010 20:30:21 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010
Description = O servidor {C2BFE331-6739-4270-86C9-493D9A04CD38} não foi registado
no DCOM dentro do tempo de espera requerido.
Error - 08-06-2010 20:33:01 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7024
Description = O serviço Windows Search terminou com o erro específico do serviço
2147749155 (0x80040D23).
Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10005
Description = O DCOM obteve o erro "%1053" ao tentar iniciar o serviço WSearch com
os argumentos "" de forma a executar o servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7009
Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação
do serviço Windows Search.
Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7000
Description = O serviço Windows Search falhou o arranque devido ao seguinte erro:
%%1053
< End of report >
• Execute o OTL.exe.
• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )
>
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O33 - MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\Shell\Auto\command - "" = AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[6 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ]
[2 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ]
[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\.tmp -> ]
:Commands
[resethosts]
[purity]
[emptytemp]
[Reboot]
• Clique no botão Run Fix --> Aguarde a conclusão!
• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42245deb-a8ff-11de-bbbd-000000000000}\ not found.
File AdobeR.exe e not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.31E96541_5977_446A_9397_22DA57E04BAB.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.3670E45E_F597_44DC_8445_B30B72AC1FA3.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6F92E03F_40CE_4760_8D0B_B2B9EECCBF83.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6FDD6204_04EF_488E_9610_5FD5A46BDE30.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.D44510BD_E8D6_49AE_B888_112D87C9C161.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.00572D8A_1A73_4E5D_A46B_6EFDE691C218.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.12F9FD19_1994_419B_9C84_B3BF45693899.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.1B52089C_6701_42A0_89CA_7B933A931DF3.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2AD90733_4466_4DD1_AAC2_2D483DAB8FE4.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2C086B75_55FC_4C05_AB40_BB3EB84F6328.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.43C5331B_E676_43FF_8FC2_B4819B909B85.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4613DC68_CB36_4D11_BCBF_4E57372A7F0A.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.492EDA4F_0AD5_48E5_9EA0_89E62AA41E2F.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4E827EA0_9C9A_4D1B_81C3_76489B68A99A.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5E812FC8_5D2C_4762_90FD_969FA3D8E5B3.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5FB79635_0941_43C8_9A50_81BF9B954BA6.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.690902FB_CE2B_4E0F_879D_F1EC8A0BBEA7.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E5A7B86_D068_47A0_8520_EF28243DDB8F.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E6707B2_B726_47AC_AF34_064D79BFE936.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.7DE6324D_42A7_41B1_968A_DEB2B22A4545.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.93C233A4_2586_44C9_AD8C_A050FA91D51E.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9E0FE730_F4A9_4210_B551_5B2DA66F162E.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9F9E7040_314F_41D4_8279_D07D229A052B.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A0EAF5F9_367F_484D_B885_F776EFEEA05E.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A6B8BC6C_FB66_49C2_8E3A_5D9624334BBD.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.ADE1D959_6508_41EE_881A_B753E14752A6.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.B4733F37_D4D8_4085_94FE_8A78FEB5D157.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.C0D49D98_6F16_4B5F_AAC1_C12ECA02364C.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.FBE69EB0_39A5_48C7_84B0_4577EAD3F47C.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla2.31E96541_5977_446A_9397_22DA57E04BAB.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla20.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla22.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla24.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla28.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.1DCDDFD3_9BEF_4F44_BF65_0605E8FA1B4D.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.500F1E4F_607F_4B5C_AA73_1EE07CB67F95.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.A3C8CE51_0693_485E_9D7E_5599B664C3CD.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.E41808F3_5CAF_4C3A_84C8_04328A1F6092.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla31.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla35.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla36.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla39.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.316FF00F_788B_4C9D_B87F_F6B99DE5AD83.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.917B2E4C_4780_4F4B_981F_00C79F001E25.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla46.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla48.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla49.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla51.dll deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP folder deleted successfully.
C:\WINDOWS\534252345.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\asycfilt.dll.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\João Bezerra\Definições locais\Application Data\GLF21C.tmp deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 186857 bytes
->FireFox cache emptied: 9297569 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
User: João Bezerra
->Temp folder emptied: 3510520 bytes
->Temporary Internet Files folder emptied: 6850916 bytes
->Java cache emptied: 124352 bytes
->FireFox cache emptied: 90564942 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 4870 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 106,00 mb
OTL by OldTimer - Version 3.2.6.0 log created on 06102010_182552
Files\Folders moved on Reboot...
C:\Documents and Settings\João Bezerra\Definições locais\Temporary Internet Files\Content.IE5\3HQDJCVF\MsgrConfig[1].asmx moved successfully.
Registry entries deleted on Reboot...
Acho que o meu pc esta infectado com um rootkit.win32.tdss.d
Ajude me por favor
Faça o download do ComboFix de um destes locais:
Importante!
Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.
Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.
Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.
Certifique-se de que você salvou ComboFix.exe para o seu desktop.
• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.
• Dê um duplo clique no ComboFix.exe & siga as instruções.
• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.
• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.
-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif&key=0010234c6eff8b98a829fe5910d3fd47cc8c551f0c1836fc4748c11079a71d03" alt="RcAuto1.gif" />
Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:
/applications/core/interface/imageproxy/imageproxy.php?img=http://img.photobucket.com/albums/v706/ried7/whatnext.png&key=0322e0e02f7f8338f55d719ebc365432f43703c06265204b488fcc51da87f466" alt="whatnext.png" />
Clique em Sim, para continuar a varredura de malware.
Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.
ComboFix 10-06-11.01 - João Bezerra 12-06-2010 21:01:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2038.1230 [GMT 1:00]
Executando de: c:\documents and settings\Administrador\Os meus documentos\TransferÛncias\ComboFix.exe
AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programas\Downloaded Installers
c:\programas\Downloaded Installers\{BE580819-778C-419C-9B39-3BE5407AA97E}\setup.msi
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))
.
2010-06-12 13:05 . 2010-06-12 13:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-12 12:59 . 2010-06-12 12:59 -------- d-----w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com
2010-06-12 04:07 . 2010-06-12 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-12 04:07 . 2010-06-12 04:07 -------- d-----w- c:\programas\SUPERAntiSpyware
2010-06-12 01:57 . 2010-06-12 01:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-06-10 23:21 . 2010-06-10 23:21 -------- d-----w- c:\documents and settings\Administrador\Tracing
2010-06-10 23:15 . 2010-06-10 23:15 -------- d-----w- c:\documents and settings\Administrador\Application Data\RCP 5
2010-06-10 23:11 . 2010-06-10 23:11 -------- d-----w- c:\documents and settings\Administrador\Application Data\SafeReturner
2010-06-10 23:08 . 2010-06-10 23:08 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache
2010-06-10 22:56 . 2010-06-10 23:25 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-06-10 22:42 . 2010-06-12 13:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-10 22:41 . 2010-06-10 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-10 22:41 . 2010-06-10 22:41 -------- d-----w- c:\programas\Hitman Pro 3.5
2010-06-10 22:22 . 2010-06-10 23:37 -------- d-----w- c:\programas\Safe Returner
2010-06-10 22:05 . 2010-06-10 22:05 -------- d-----w- c:\programas\AnalogX
2010-06-10 17:25 . 2010-06-10 17:25 -------- d-----w- C:\_OTL
2010-06-09 00:51 . 2010-06-09 00:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-09 00:45 . 2010-06-09 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2
2010-06-09 00:37 . 2010-06-09 00:39 -------- dc-h--w- c:\windows\ie8
2010-06-09 00:36 . 2010-06-09 00:36 -------- d-----w- c:\programas\Bing Bar Installer
2010-06-08 18:11 . 2010-06-08 18:11 -------- d-----w- c:\programas\Thoosje
2010-06-08 18:08 . 2010-06-08 18:24 -------- d-----w- C:\PC-Checkup
2010-06-08 18:07 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-06-08 18:07 . 2010-06-08 18:07 -------- d-----w- c:\programas\AML Products
2010-06-08 18:07 . 2002-01-05 05:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-06-08 17:50 . 2010-06-08 17:50 -------- d-----w- c:\programas\Unlocker
2010-06-08 10:54 . 2010-06-08 10:54 -------- d-----w- c:\programas\Ficheiros comuns\Java
2010-06-08 10:53 . 2010-06-08 10:52 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 18:20 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-06-01 18:20 . 2010-06-01 18:20 -------- d-----w- c:\programas\K-Lite Codec Pack
2010-05-30 15:22 . 2010-05-30 15:22 -------- d-----w- c:\programas\bet-at-home.com Poker
2010-05-28 00:58 . 2010-05-30 03:08 -------- d-----w- C:\BTNext
2010-05-28 00:52 . 2010-05-30 11:06 -------- d-----w- c:\programas\BTNext Evolution
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 20:07 . 2009-01-12 00:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-12 19:45 . 2009-04-01 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-12 17:48 . 2010-06-12 17:48 439816 ----a-w- c:\documents and settings\Administrador\Application Data\Real\Update\setup3.10\setup.exe
2010-06-12 13:00 . 2010-06-12 13:00 63488 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-12 13:00 . 2010-06-12 13:00 52224 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-12 13:00 . 2010-06-12 13:00 117760 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-12 12:33 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-06-12 02:27 . 2004-09-21 12:00 83210 ----a-w- c:\windows\system32\perfc016.dat
2010-06-12 02:27 . 2004-09-21 12:00 486748 ----a-w- c:\windows\system32\perfh016.dat
2010-06-12 02:10 . 2009-02-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-12 01:50 . 2010-06-12 01:50 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-06-11 20:59 . 2009-03-04 21:35 -------- d-----w- c:\programas\VirtualDJ
2010-06-11 00:03 . 2008-12-30 20:43 6266 ----a-w- C:\cc_20081230_204348.reg
2010-06-10 17:45 . 2009-06-22 18:37 -------- d-----w- c:\programas\BetClic Poker
2010-06-09 16:52 . 2010-05-08 12:55 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2010-06-09 00:45 . 2009-11-17 01:26 -------- d-----w- c:\programas\MessengerDiscovery 2
2010-06-08 18:37 . 2009-02-03 00:47 -------- d-----w- c:\programas\Spybot - Search & Destroy
2010-06-08 18:07 . 2009-05-21 02:34 737280 ----a-w- c:\windows\iun6002.exe
2010-06-07 02:12 . 2009-04-01 01:03 -------- d-----w- c:\programas\Microsoft Silverlight
2010-06-03 07:53 . 2010-06-03 07:53 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-03 07:53 . 2010-06-03 07:53 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys2010-06-03 07:53 . 2009-03-30 19:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 07:53 . 2009-03-30 19:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-30 15:22 . 2009-06-24 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media
2010-05-25 16:59 . 2009-01-26 02:32 -------- d-----w- c:\programas\PokerStars
2010-05-22 02:01 . 2008-12-23 14:29 -------- d-----w- c:\programas\Launch Manager
2010-05-13 11:57 . 2008-12-23 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 17:58 . 2009-04-01 03:03 -------- d-----w- c:\programas\Google
2010-05-10 20:52 . 2009-03-30 18:36 -------- d-----w- c:\programas\Ficheiros comuns\eMail ID
2010-05-02 16:48 . 2010-05-02 16:48 -------- d-----w- c:\programas\ReaConverter 5.5 Pro
2010-04-30 03:23 . 2008-12-23 14:30 -------- d--h--w- c:\programas\InstallShield Installation Information
2010-04-30 03:01 . 2010-04-30 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software
2010-04-29 14:39 . 2010-05-08 12:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 14:39 . 2010-05-08 12:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
------- Sigcheck -------
[-] 2008-05-08 . 5EB35193D93DB2B617D05DC5C2E26392 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SUPERAntiSpyware"="c:\programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"IntelZeroConfig"="c:\programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"EOUApp"="c:\programas\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]
"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]
"AzMixerSel"="c:\programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]
"Ad-Watch"="c:\programas\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]
"IconixOEAddOn"="c:\programas\eMail ID\OEAddOn\OEdmn_6.exe" [2010-03-03 342872]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]
"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HitmanPro35"="c:\programas\Hitman Pro 3.5\HitmanPro35.exe" [2010-06-10 5937984]
"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-12-28 185872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\programas\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
javatupn REG_SZ c:\windows\system32\atsec6.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Programas\\Bit Torrent\\BitTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programas\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"c:\\Programas\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programas\\SecondLife\\SLVoice.exe"=
"c:\\Documents and Settings\\João Bezerra\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Programas\\Poker Clock\\PokerClock.exe"=
"c:\\Programas\\Java\\jre6\\bin\\java.exe"=
"c:\\Programas\\8BallClub\\GameDirector.exe"=
"c:\\Programas\\BTNext Evolution\\BTNext.exe"=
"c:\\Programas\\Hitman Pro 3.5\\HitmanPro35.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01-04-2009 19:26 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-12-2008 19:12 717296]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30-03-2009 20:17 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30-03-2009 20:17 242896]
R1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [01-04-2009 1:04 467968]
R2 avg9wd;AVG Free WatchDog;c:\programas\AVG\AVG9\avgwdsvc.exe [13-03-2010 10:47 308064]
R2 IconixService;Iconix Update Service;c:\programas\Ficheiros comuns\eMail ID\IconixService.exe [30-03-2009 19:36 283992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\Lavasoft\Ad-Aware\AAWService.exe [09-03-2009 20:06 1029456]
S2 gupdate1c9b276a161315a;Serviço Google Update (gupdate1c9b276a161315a);c:\programas\Google\Update\GoogleUpdate.exe [01-04-2009 4:04 133104]
S3 rcp_service;ReaConverter scheduler service;c:\programas\ReaConverter 5.5 Pro\rcp_scheduler.exe [30-11-2007 11:27 558592]
S3 wpasvc;wpa_supplicant service; [x]
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
2010-06-12 c:\windows\Tasks\Google Software Updater.job
2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programas\Ficheiros comuns\BinarySense\hlAPP.dll
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://pt.powerchallenge.com/applet/PowerLoader.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\João Bezerra\Application Data\Mozilla\Firefox\Profiles\sg82wdzy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - www.google.com
FF - component: c:\programas\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\programas\Mozilla Firefox\extensions\{1253D21B-263B-1843-275C-1726DA8B2A12}\components\FFProxy36.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programas\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programas\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\programas\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programas\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\programas\Mozilla Firefox\plugins\npIconixProxy3.dll
FF - plugin: c:\programas\Mozilla Firefox\plugins\npIconixProxy36.dll
FF - plugin: c:\programas\Veetle\Player\npvlc.dll
FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programas\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-12 21:08
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spoj.sys >>UNKNOWN [0x8A89D938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba666cb8
\Driver\atapi -> atapi.sys @ 0xba5ddb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4e6bb0
PacketIndicateHandler -> NDIS.sys @ 0xba4d5a0d
SendHandler -> NDIS.sys @ 0xba4e9b40
user & kernel MBR OK
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7FF04398-A3CE-3968-F740-7754FE9B59F9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eafkkbklcl"=hex:66,61,70,6c,67,6f,63,66,6d,69,6e,64,00,31
"daikhbhl"=hex:64,62,6a,61,6d,67,61,68,6f,69,6a,6f,62,70,65,67,63,68,64,66,6a,
68,6e,62,6c,6d,69,63,6b,6b,69,63,66,6f,64,68,6b,69,6f,6b,00,00
"ianofnnmhdfjiikgjn"=hex:69,61,62,61,69,66,66,65,6b,6a,6a,67,6b,66,64,64,6a,67,
00,00
"hahamkhgadbicadg"=hex:69,61,62,61,69,66,66,65,6b,6a,6a,67,6b,66,64,64,6a,67,
00,00
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\f62ae326-5297-6549-f032-36c8e64e324]
@Denied: (Full) (AuthenticatedUsers)
@Denied: (Full) (Administrators)
"1vjyiujmaxkkx"=hex:64,61,65,61,38,66,61,61,2d,66,37,61,64,2d,34,34,32,64,2d,
38,36,66,61,2d,64,66,61,33,64,63,32,62,34,64,66,33
"1a6jtcbz36zig"=hex:64,62,02,00,28,7c,4e,00,38,c5,2e,03,f0,ff,ff,ff,48,bd,64,
00,90,51,5a,00,70,7b,4e,00,e8,ff,ff,ff,76,6b,00,00,86,00,00,00,20,d0,9a,01,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
c:\programas\SUPERAntiSpyware\SASWINLO.DLL
c:\programas\eMail ID\OEAddOn\OEldr_7.dll
c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\programas\SUPERAntiSpyware\SASSEH.DLL
c:\programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
.
------------------------ Outros Processos em Execução ------------------------
.
c:\programas\Intel\Wireless\Bin\EvtEng.exe
c:\programas\Intel\Wireless\Bin\S24EvMon.exe
c:\programas\AVG\AVG9\avgchsvx.exe
c:\programas\AVG\AVG9\avgrsx.exe
c:\programas\AVG\AVG9\avgcsrvx.exe
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe
c:\programas\Ficheiros comuns\BinarySense\hldasvc.exe
c:\programas\Ficheiros comuns\BinarySense\hldasvc.exe
c:\programas\AVG\AVG9\avgnsx.exe
c:\programas\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\programas\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Tempo para conclusão: 2010-06-12 21:17:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2010-06-12 20:17
Pré-execução: 5.011.369.984 bytes livres
Pós execução: 4.844.716.032 bytes livres
WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
_________________________________________________________________________-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:22:18, on 12-06-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Intel\Wireless\Bin\EvtEng.exe
C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
C:\Programas\AVG\AVG9\avgchsvx.exe
C:\Programas\AVG\AVG9\avgrsx.exe
C:\Programas\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programas\AVG\AVG9\avgwdsvc.exe
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
C:\Programas\AVG\AVG9\avgnsx.exe
C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe
C:\Programas\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programas\Synaptics\SynTP\SynTPEnh.exe
C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programas\Mozilla Firefox\firefox.exe
C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [skyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HitmanPro35] "C:\Programas\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 11374 bytes
Acesse este site:
http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531
Clique em /applications/core/interface/imageproxy/imageproxy.php?img=http://i100.photobucket.com/albums/m7/dasaki/Clipboard01-1.jpg&key=483c4a42f147247f0bb8150c84614e06b49841c5a4b237186e0cd8bb9608f168" alt="Clipboard01-1.jpg" />
Siga as instruções de configuração do verificador conforme imagem abaixo.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img113.imageshack.us/img113/9393/kosjn0.gif&key=cd24a699f2728ee4bca5f3fe65f56fc42b1bbf4a7a0247876fe42387af9f68a0" alt="kosjn0.gif" />
poste o log do scan aqui mesmo no tópico
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, June 14, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 13, 2010 17:22:49
Records in database: 4273116--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan statistics:
Objects scanned: 125281
Threats found: 4
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 06:48:01
File name / Threat / Threats count
D:\Antenna.WebDesign.Studio.2.7.Inc.Keygen-Nydic\keygen.exe Infected: Backdoor.Win32.Poison.bmwt 1
D:\Downloads\Able2Extract Pro 5.0 PDF to Word Excel HTML & Text Converter.zip Infected: Trojan.Win32.Chifrax.d 1
D:\IaXrmqoc_YouTubeGet4.9.8.rar Infected: Trojan-Clicker.MSIL.Xone.cb 1
D:\Instaladores Programas\btnext_1.1.3.exe Infected: Packed.Win32.Black.a 1
Selected area has been scanned.
Olá, o seu log está limpo.
Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.
/applications/core/interface/imageproxy/imageproxy.php?img=http://img253.imageshack.us/img253/5458/92674490.jpg&key=2fc49898c2a3227a04869e4e115134db28e77598d7c8b7a0e1fbc2d660bc4b87" alt="92674490.jpg" />
Algum problema relacionado a malware?
Não, tudo melhorou, muito obrigado....
É mesmo necessário eliminar o combofix?
Obrigado
Não, tudo melhorou, muito obrigado....
É mesmo necessário eliminar o combofix?
Obrigado
A eliminação do combofix da sua máquina fica ao seu critério. Quanto ao seu caso o problema está resolvido?
>
A eliminação do combofix da sua máquina fica ao seu critério. Quanto ao seu caso o problema está resolvido?
Sim, resolvido!
Mais uma vez muito obrigado por toda a ajuda prestada...
PROBLEMA RESOLVIDO!
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Baixe o Malwarebytes dê um destes locais abaixo:
Link 1
Link 2
-- Salve o programa no seu Desktop (área de trabalho)
• Dê um duplo clique no programa para executá-lo.
• Atualize o programa Malwarebytes.
• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)
• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.
• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).
• O log do programa será aberto automaticamente para você.
• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.
Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.
• Baixe:OTL.exe
• Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://www.geekstogo.com/misc/guide_icons/OTLI-scan.png&key=c1c0ea9de59a575dc1bed2c1a05aea719a59b87835a783b5874a791386bbd330" alt="OTLI-scan.png" />
• Segundo a imagem, mude a opção em "Output" para "Minimal Output".
• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".
• Marque as caixas:
-- [] LOP check e [] Purity check
• Clique em: /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/otli2/runscanbutton.png&key=e923c4e99200b3f328913bcb139cdc3df2bca2ef774057dc8a5231d49c60a872" alt="runscanbutton.png" /> e aguarde.
• Poste:
1) OTL.txt <-- <3>
2) Extra.txt <--