Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Bom pessoal, meu pc começou a reiniciar do nada sozinho, ou até mesmo desligar, não sei se é virus, se é a fonte ou cabiação, mas por via das duvidas, queria que alqm me ajudase a saber se é virus ou não, poir ai se não for virus eu ja troco a fonte.
Logs do HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:13, on 5/15/aaaa
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Arquivos de programas\IObit\Game Booster 3\gbtray.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
c:\xampp\apache\bin\httpd.exe
C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\srvany.exe
C:\windows\KMService.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Arquivos de programas\AVG Secure Search\vprot.exe
C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe
C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\xampp\apache\bin\httpd.exe
C:\windows\System32\alg.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\ctfmon.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\windows\Explorer.EXE
C:\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a733a43f8147d1a25fd1482a8d5192-9a17500a96d428a5cdb8b2643968b9a928fc107f〈=pt-br&ds=gm011&pr=sa&d=2012-04-27 20:25:01&v=11.0.0.9&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
R3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} - (no file)
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Arquivos de programas\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O3 - Toolbar: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} - C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de programas\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Arquivos de programas\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Arquivos de programas\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [bitTorrent] "C:\Arquivos de programas\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\ARQUIV~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://www.itau.com.br
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} (OCXDownloadChecker Control) - http://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=724
O17 - HKLM\System\CCS\Services\Tcpip\..\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4,200.165.132.147
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\ARQUIV~1\GbPlugin\gbiehUni.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Arquivos de programas\Hi-Rez Studios\HiPatchService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
O24 - Desktop Component 0: (no name) - http://t1.gstatic.com/images?q=tbn:ANd9GcSjdVs-VtPjgFT5njpyKsotQIQvh4BKai-LOpgnIgHyGTO4jICwaw
--
End of file - 16199 bytes
Boa Noite! Luca Albuquerque
|- Pelo que vi no log do HijackThis,seu problema é malwares.
-/-/-/-
|- Baixe: < AdwCleaner > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/AdwCleaner_Tlcharger.jpg&key=aad927c3fd147b787e942599cb86b917fabcf54373bf6f8318ddea9c126912e3" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".
|- Ps: Dê início ao scan,clicando em "Delete" ou "Suppression".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Suppression.jpg&key=ea7f314988c364d38f61f15aee7583e1c9e325cba8a0d859f1c7cd594582e777" alt="AdwCleaner_Suppression.jpg" />
|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt
-/-/-/-
|- Baixe: | ZHPDiag | ºº < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )
|- Estando na página,clique em: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Tlcharger_ZHPDiag.jpg&key=88816ce0d223eab3298d8070b21eab527acf8ca8c0e91f236979078f33c528e9" alt="Tlcharger_ZHPDiag.jpg" /> >
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag2.jpg&key=178ad18b812c89ff002c2f7a6a9d26b7ea0a5b5c562a6b193a3cfe4a954dd513" alt="ZHPDiag2.jpg" />
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Installation.jpg&key=96a003c16d3f0c4253ed9d913f8dbccdccf05e2d319057541335ce11db36eedb" alt="ZHPDiag_Installation.jpg" />
|- Confirme todos os passos,ao instalar ZHPDiag.
|- Conclua a instalação,clicando em "Termine".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_MBRCheck.jpg&key=422695ace691aac35aeb3c90e3a6a983cfe4bf8e09e8b7c24f682693d9ed8b14" alt="ZHPDiag_MBRCheck.jpg" />
|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:
|- <1> MBRCheck
|- <2> ZHPDiag2
|- <3> ZHPFix
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_cones.jpg&key=28df64f28f8eccaf2ff09c97b834aecbbd25cab9f58be4d67df683b802f5731a" alt="ZHPDiag_cones.jpg" />
|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Update.jpg&key=023d5cefa9a24da0bb233d6c3e9cfa2c6e9791d4b2e637615413003efcd1974c" alt="ZHPDiag_Update.jpg" />
|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )
|- Habilite todas as opções de diagnóstico,clicando em "Options".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_All.jpg&key=3039b3237721774c7ab0d572b8e334e5c59ce98a6435f488397e0b5452ea4640" alt="ZHPDiag_All.jpg" />
|- Clique em All.
|- /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_30days.jpg&key=4e2e7f7c08dde47e5d0f7001510ca78ffc8d42a4df5b5c0087e1aee884192fea" alt="ZHPDiag_30days.jpg" />
|- Clique em "Calendar" e escolha 30 dias!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/ZHPDiag_Lupa.jpg&key=8c7d977ff17da07a9b2472916401a7cf33c310788cb5a2891a5ebdc78642cd4e" alt="ZHPDiag_Lupa.jpg" />
|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )
|- Ao concluir,clique em "Save Report".
|- Ps: Salve-o em um local conveniente!
|- Anexe na sua resposta,ZHPDiag.txt.
|- Ps: Não poste,diretamente,esse arquivo texto.
|- Recomendo compactá-lo e anexar em sua resposta!
|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/ZHPDiag_Pjjoint-1.jpg&key=e6b4e6e3b19c50d6f2496ead0bcc87ac5ce8da02d5c381929fc5543e68ca06b0" alt="ZHPDiag_Pjjoint-1.jpg" /> >
|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file
|- Poste o endereço que estará em "Download link" ou "Forum link".
|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> > ( Tire-o do zip ao enviar! )
|- Maiores informações: < |Link| >
Abraços!
Ok, Segue o resultado do AdwCleaner e do ZHPDiag.
AdwCleaner:
*** [services] ***
*** [Files / Folders] ***
Folder Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\cacaoweb
Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\OpenCandy
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Viewpoint
Folder Deleted : C:\Arquivos de programas\Ask.com
Folder Deleted : C:\Arquivos de programas\BabylonToolbar
Folder Deleted : C:\Arquivos de programas\cacaoweb
Folder Deleted : C:\Arquivos de programas\Conduit
Folder Deleted : C:\Arquivos de programas\Viewpoint
Folder Deleted : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\windows\Tasks\Scheduled Update for Ask Toolbar.job
*** [Registry] ***
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849856
Key Deleted : HKCU\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\cacaoweb
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
*** [Registre - GUID] ***
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
*** [internet Browsers] ***
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [9620 octets] - [15/05/2012 18:58:34]
########## EOF - C:\AdwCleaner[s1].txt - [9748 octets] ##########
ZHPDiag:
Boa Noite! Luca Albuquerque
|- Feche programas/pastas que estejam abertas.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPFix_Logo.jpg&key=e1490e388cb3365073cd3d8484ad299330f9c980ec992ca5e2d4b57fd46b5d7b" alt="ZHPFix_Logo.jpg" />
|- Dê um duplo clique em ZHPFix.
|- Clique no menu,H < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.premiumorange.com/zeb-help-process/img/Fix/PanelHelper.jpg&key=58c89a64d6ca5988e1d75f4ff519a4a35934d623824ec0f72b0d191a87e86f24" alt="PanelHelper.jpg" /> >
>
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.comR3 - URLSearchHook: (no name) - {12fc3d37-2a42-4fe3-8489-81296878cba5} . (.Spigot, Inc. - Widgi Toolbar for Internet Explorer.) (No version) -- (.not file.)
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) (6.3.2.0) -- C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
R3 - URLSearchHook: BittorrentBar_PT Toolbar - {29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
O2 - BHO: BittorrentBar_PT - {29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key
O3 - Toolbar: NCH EN Toolbar - [HKLM]{37483b40-c254-4a72-bda4-22ee90182c1e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\NCH_EN\prxtbNCH_.dll
O3 - Toolbar: BittorrentBar_PT Toolbar - [HKLM]{29acf17c-1713-4286-8f40-bfd05f1e70c8} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Arquivos de programas\BittorrentBar_PT\prxtbBitt.dll
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500Core] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500UA] (...) -- C:\Documents and Settings\Administrador\Configura‡äes locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (.not file.)O41 - Driver: (ttaddork) . (. - .) - C:\windows\system32\drivers\ttaddork.sys (.not file.)
O51 - MPSK:{85577a08-5963-11e1-8282-00038a000015}\AutoRun\command. (...) -- F:\Setup.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\cacaoweb [Key] . (...) -- C:\Arquivos de programas\cacaoweb\cacaoweb.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\DAEMON Tools Lite [Key] . (...) -- C:\Arquivos de programas\DAEMON Tools Lite\DTLite.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ddns_agent [Key] . (...) -- C:\Arquivos de programas\Winco\Cliente DDNS\ipcagent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Dxtory Update Checker 2.0 [Key] . (...) -- C:\Arquivos de programas\Dxtory Software\Dxtory2.0\UpdateChecker.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Easy-PrintToolBox [Key] . (...) -- C:\Arquivos de programas\Canon\Easy-PrintToolBox\BJPSMAIN.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Free Download Manager [Key] . (...) -- C:\Arquivos de programas\Free Download Manager\fdm.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\GameTracker [Key] . (...) -- C:\Arquivos de programas\GameTracker\GTLite.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\HostManager [Key] . (...) -- C:\Arquivos de programas\Arquivos comuns\AOL\1327433684\ee\AOLSoftware.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\JTF Start [Key] . (...) -- C:\Arquivos de programas\JTF\JTF.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\LanguageShortcut [Key] . (...) -- C:\Arquivos de programas\CyberLink\PowerDVD\Language\Language.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\LiveZilla [Key] . (...) -- C:\Arquivos de programas\LiveZilla\LiveZilla.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\LogMeIn Hamachi Ui [Key] . (...) -- C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (...) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\qubnfe [Key] . (...) -- C:\Arquivos de programas\qubnfe\qubnfe.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (...) -- C:\Arquivos de programas\RaidCall\raidcall.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\RemoteControl [Key] . (...) -- C:\Arquivos de programas\CyberLink\PowerDVD\PDVDServ.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\ROC_roc_dec12 [Key] . (...) -- C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Arquivos de programas\Skype\Phone\Skype.exe
O53 - SMSR:HKLM\...\startupreg\SlimDrivers [Key] . (...) -- C:\Arquivos de programas\SlimDrivers\SlimDrivers.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\SpybotSD TeaTimer [Key] . (...) -- C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Steam [Key] . (...) -- C:\Arquivos de programas\Steam\Steam.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\swg [Key] . (...) -- C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\sXe Injected [Key] . (...) -- C:\Arquivos de programas\sXe Injected\sXe Injected.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\UVS10 Preload [Key] . (...) -- C:\Arquivos de programas\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {BE79B0AD-EE4C-4F7E-BA6E-15837550B72E} - (Ask Search) - http://websearch.ask.com
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer]
[HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}]
[HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}]
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv]
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb]
[HKCU\Software\PopCap]
[HKLM\Software\PopCap]
[HKLM\Software\Trymedia Systems]
C:\Arquivos de programas\PopCap Games
C:\Documents and Settings\Administrador\Dados de aplicativos\iWin
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AskToolbar
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit
C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\OpenCandy
hostfix
proxyfix
emptytemp
emptyflash
firewallraz
sysrestore
|- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix.
|- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote.
|- Clique em GO -> Oui.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt
Abraços!
Rapport de ZHPFix 1.2.05 par Nicolas Coolman, Update du 30/04/2012
Fichier d'export Registre :
Run by Administrador at 5/15/terça-feira 20:28:32
Windows XP Professional Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/
========== Registry Key ==========
DELETED Key*: CLSID BHO: {29acf17c-1713-4286-8f40-bfd05f1e70c8}
DELETED Key*: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}
DELETED Driver Key: ttaddork
DELETED CLSID MPSK: {85577a08-5963-11e1-8282-00038a000015}
DELETED Key*: StartupReg: Adobe Reader Speed Launcher
DELETED Key*: StartupReg: cacaoweb
DELETED Key*: StartupReg: DAEMON Tools Lite
DELETED Key*: StartupReg: ddns_agent
DELETED Key*: StartupReg: Dxtory Update Checker 2.0
DELETED Key*: StartupReg: Easy-PrintToolBox
DELETED Key*: StartupReg: Free Download Manager
DELETED Key*: StartupReg: GameTracker
DELETED Key*: StartupReg: HostManager
DELETED Key*: StartupReg: JTF Start
DELETED Key*: StartupReg: LanguageShortcut
DELETED Key*: StartupReg: LiveZilla
DELETED Key*: StartupReg: LogMeIn Hamachi Ui
DELETED Key*: StartupReg: NeroFilterCheck
DELETED Key*: StartupReg: qubnfe
DELETED Key*: StartupReg: RaidCall
DELETED Key*: StartupReg: RemoteControl
DELETED Key*: StartupReg: ROC_roc_dec12
DELETED Key*: StartupReg: Skype
DELETED Key*: StartupReg: SlimDrivers
DELETED Key*: StartupReg: SpybotSD TeaTimer
DELETED Key*: StartupReg: Steam
DELETED Key*: StartupReg: swg
DELETED Key*: StartupReg: sXe Injected
DELETED Key*: StartupReg: uTorrent
DELETED Key*: StartupReg: UVS10 Preload
DELETED Key*: SearchScopes :{BE79B0AD-EE4C-4F7E-BA6E-15837550B72E}
DELETED Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
DELETED Key*: HKLM\Software\Classes\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}
DELETED Key*: HKLM\Software\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
DELETED Key*: HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
DELETED Key*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv
NOT FOUND Key: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb
DELETED Key*: HKCU\Software\PopCap
DELETED Key*: HKLM\Software\PopCap
DELETED Key*: HKLM\Software\Trymedia Systems
========== Registry Value ==========
DELETED URLSearchHook: {12fc3d37-2a42-4fe3-8489-81296878cba5}
DELETED URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e}
DELETED URLSearchHook: {29acf17c-1713-4286-8f40-bfd05f1e70c8}
DELETED Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e}
DELETED Toolbar: {29acf17c-1713-4286-8f40-bfd05f1e70c8}
NOT FOUND [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]:Shell
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
DELETED FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (SP) : C:\GV250\BcastTcp.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Winco\Cliente DDNS\wizard.exe
DELETED FirewallRaz (SP) : C:\GV250\WebCamServer.exe
DELETED FirewallRaz (SP) : C:\GV250\DMWebCam.exe
DELETED FirewallRaz (SP) : C:\GV250\AudioServer.exe
DELETED FirewallRaz (SP) : C:\GV250\TCPsvr.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Electronic Arts\EADM\Core.exe
DELETED FirewallRaz (SP) : C:\WINDOWS\system32\rundll32.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TG510v6 firmware OIVelox 6.2.15.7\upgradeST\upgradeST.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Configurador SpeedTouch 510 v6-6.2.15.7\SetupWizard\stInstall.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Envio_Bios\upgradeST.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Site\sc_trans\sc_trans.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Arquivos\Site\sc_trans\sc_trans.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Cisco Packet Tracer 5.3.1\bin\PacketTracer5.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Pokemon\server Pokemon Flash\Pokemon Flash\Pokemon Flash\TheForgottenServer.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\FSHostClient1.2b2\FSHostClient.exe
DELETED FirewallRaz (SP) : C:\ongame\Pointblank\PointBlank.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Puxa Rápido\PuxaRapido.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\teamspeak3-server_win32\ts3server_win32.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Server TeamSpeak3\ts3server_win32.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\uTorrentPortable\App\utorrent\utorrent.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\uTorrentPortable\uTorrentPortable.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\GameSpy Arcade\Aphex.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\SimBin\RaceRoom The Game 2\RRG.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Sierra\SWAT 4\Content\System\Swat4.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Sierra\SWAT 4\Content\System\Swat4DedicatedServer.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TeamSpeak3 Server\ts3server_win32.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Teamspeak2_RC2\server_windows.exe
DELETED FirewallRaz (SP) : C:\FreeStyler\FreeStyler512.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\MTA San Andreas\server\MTA Server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Servidor SAMP\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\TLC\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\gm by master_pawn\Brasil Gold Revolution RP\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\samp03csvr_win32\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Server Samp\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\samp03csvr_R2-2_win32\samp-server.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\Cópia de Server Samp\samp-server.exe
DELETED FirewallRaz (SP) : C:\FreeStyler\EasyView.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\cacaoweb\cacaoweb.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Configurações locais\Temp\Rar$EX21.896\PortScan.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\CesarFTP\Server.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\CesarFTP\CesarFTP.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLDial.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\acs\AOLacsd.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\1327433684\ee\aolsoftware.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\AOL 9.5\waol.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\TopSpeed\3.0\aoltpsd3.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\Loader\aolload.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Arquivos comuns\aol\System Information\sinf.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Gogrok\Gogrok.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\LanTool\LanTool.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\CounterStrikev47\cstrike.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Valve\hl.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Valve\hlds.exe
DELETED FirewallRaz (SP) : C:\Documents and Settings\Administrador\Desktop\cfPT_downloader.exe
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Activision\Modern Warfare 2\iw4mp.dat
DELETED FirewallRaz (SP) : C:\Arquivos de programas\Steam\Steam.exe
DELETED FirewallRaz (SP) : c:\BrickForce\BfLauncher.exe
DELETED FirewallRaz (SP) : c:\BrickForce\BrickForce.exe
DELETED FirewallRaz (DP) : %windir%\system32\sessmgr.exe
DELETED FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
DELETED FirewallRaz (DP) : C:\kos\game_sting_pak\sting.exe
No Value in Firewall Exception Register Key (FirewallRaz)
========== Registry Data Items ==========
REMOVED R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page
========== Repertory ==========
DELETED Folder: c:\arquivos de programas\popcap games
DELETED Folder: c:\documents and settings\administrador\dados de aplicativos\iwin
DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\asktoolbar
DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\babylon
DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\conduit
DELETED Folder: c:\documents and settings\administrador\configurações locais\dados de aplicativos\opencandy
DELETED Window Temporary:
DELETED Flash Cookies:
========== File ==========
DELETED File: c:\arquivos de programas\nch_en\prxtbnch_.dll
DELETED File: c:\arquivos de programas\bittorrentbar_pt\prxtbbitt.dll
NOT FOUND File: c:\arquivos de programas\bittorrentbar_pt\prxtbbitt.dll
NOT FOUND File: c:\arquivos de programas\nch_en\prxtbnch_.dll
NOT FOUND File: c:\arquivos de programas\adobe\reader 9.0\reader\reader_sl.exe
NOT FOUND File: c:\arquivos de programas\cacaoweb\cacaoweb.exe
NOT FOUND File: c:\arquivos de programas\daemon tools lite\dtlite.exe
NOT FOUND File: c:\arquivos de programas\winco\cliente ddns\ipcagent.exe
NOT FOUND File: c:\arquivos de programas\dxtory software\dxtory2.0\updatechecker.exe
NOT FOUND File: c:\arquivos de programas\canon\easy-printtoolbox\bjpsmain.exe
NOT FOUND File: c:\arquivos de programas\free download manager\fdm.exe
NOT FOUND File: c:\arquivos de programas\gametracker\gtlite.exe
NOT FOUND File: c:\arquivos de programas\arquivos comuns\aol\1327433684\ee\aolsoftware.exe
NOT FOUND File: c:\arquivos de programas\jtf\jtf.exe
NOT FOUND File: c:\arquivos de programas\cyberlink\powerdvd\language\language.exe
NOT FOUND File: c:\arquivos de programas\livezilla\livezilla.exe
NOT FOUND File: c:\arquivos de programas\logmein hamachi\hamachi-2-ui.exe
NOT FOUND File: c:\arquivos de programas\arquivos comuns\ahead\lib\nerocheck.exe
NOT FOUND File: c:\arquivos de programas\qubnfe\qubnfe.exe
NOT FOUND File: c:\arquivos de programas\raidcall\raidcall.exe
NOT FOUND File: c:\arquivos de programas\cyberlink\powerdvd\pdvdserv.exe
NOT FOUND File: c:\arquivos de programas\avg secure search\roc_roc_dec12.exe
DELETE on Reboot c:\arquivos de programas\skype\phone\skype.exe
NOT FOUND File: c:\arquivos de programas\slimdrivers\slimdrivers.exe
NOT FOUND File: c:\arquivos de programas\spybot - search & destroy\teatimer.exe
NOT FOUND File: c:\arquivos de programas\steam\steam.exe
NOT FOUND File: c:\arquivos de programas\google\googletoolbarnotifier\googletoolbarnotifier.exe
NOT FOUND File: c:\arquivos de programas\sxe injected\sxe injected.exe
NOT FOUND File: c:\arquivos de programas\utorrent\utorrent.exe
NOT FOUND File: c:\arquivos de programas\ulead systems\ulead videostudio se dvd\uvpl.exe
DELETED Window Temporary:
DELETED Flash Cookies:
========== Task ==========
DELETED Task: Ad-Aware Update (Weekly)
DELETED Task: GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500Core
DELETED Task: GoogleUpdateTaskUserS-1-5-21-1390067357-1993962763-682003330-500UA
========== Restoration ==========
Restore System Point created succefully
========== Summary ==========
42 : Registry Key
76 : Registry Value
1 : Registry Data Items
8 : Repertory
32 : File
3 : Task
1 : Restoration
End of clean in 00mn 31s
========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 5/15/terça-feira 20:28:32 [12421]
Boa Noite! Luca Albuquerque
|- Baixe: < AD-Remover > ( ... de C-XX )
|- Ou... < Aqui! > <- Link!
|- Salve-o em C:\ ( Disco local )
|- Duplo clique em AD-R.exe
|- Para Windows Vista ou 7,dê clique direito no arquivo e execute-o como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/AD-Remover_Clean.jpg&key=abfe621eb8868ac7d78ccebf62882d75d6029448b252b85a53ae405544b2b55f" alt="AD-Remover_Clean.jpg" />
|- Aperte a opção "Clean".
|- Ao concluir,aceite/confirme o reboot,para que Adwares sejam removidos.
|- Ou seja,o computador irá reiniciar!
|- Poste o relatório: C:\Ad-Report-CLEAN[1].txt
-/-/-/-
|- Baixe: < RogueKiller > ( ... par tigzy )
|- Salve-o no desktop! /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Logo.jpg&key=99f754ad8ac3afe28f2674c5df4045eed7cd3d0d73384947ed6af1127ec30157" alt="RogueKiller_Logo.jpg" />
|- Feche aplicativos que estejam abertos!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/RogueKiller_v733.jpg&key=cede4e8929971865784cd53d941a5d77a795da2193a08ca7685730dd61b7e12d" alt="RogueKiller_v733.jpg" />
|- Ps: Para Windows Vista ou 7,execute RogueKiller.exe como administrador.
|- Aguarde a finalização de seu Prescan.
|- Para antigas versões,clique em "Sim" para o update.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/RogueKiller_Scan2.jpg&key=02afd4d0311ea8fed8ddb59a023987cb25f7d895ebf760d1c7192afebdbba6f1" alt="RogueKiller_Scan2.jpg" />
|- Dê início ao diagnóstico,clicando no botão "Verificar".
|- Exemplo: Mode: Verificar -- Date: mm/dd/2012 00:52:24
|- Poste o relatório: RKreport[1].txt
Abraços!
Ad-Report-CLEAN[2]:
======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======
Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org
C:\Arquivos de programas\Ad-Remover\main.exe (CLEAN [2]) -> Launched at 20:45:49 on 15/05/2012, Normal boot
Microsoft Windows XP Professional Service Pack 3 (X86)
Administrador@PRIVE-BEF3B6042 ( )
============== ACTION(S) ==============
Folder deleted: C:\Documents and Settings\All Users\Dados de aplicativos\Trymedia
(!) -- Temporary files deleted.
Key deleted: HKU\.DEFAULT\Software\Search Settings
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PopCap Games
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}
============== ADDITIONNAL SCAN ==============
** Google Chrome Version [18.0.1025.39] **
Google Chrome\Shell\Open\Command - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe www.v9.com/iob/iob_1335575993_332147
Extension\aaaapoldfpilohhfkhihnhdckpackghi (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\APN\GoogleCRXs\aaaapoldfpilohhfkhihnhdckpackghi_7.14.1.0.crx) (?)
Extension\dkdkpmmkgdbglmfmmmmehbkmnkopingb (C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx) (x)
Extension\jmfkcklnlgedgbglfkkgedjfmejoahla (C:\Arquivos de programas\AVG\AVG2012\Chrome\safesearch.crx) (?)
Extension\kejpcolehiecjkanilhmblkbndaomhpc (C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\ccex.crx) (x)
Extension\lifbcibllhkdhoafpjfnlhfpfgnpldfl (C:\Arquivos de programas\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx) (?)
-- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Enabled: true) (?)
Preferences - homepage: hxxp://www.google.com.br/
Preferences - homepage_is_newtabpage: false
Plugin - Remoting Viewer (Enabled: true) (internal-remoting-viewer) (x)
Plugin - "Remoting Viewer" (Enabled: true)
Plugin - Native Client (Enabled: true) (C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\ppGoogleNaClPluginChrome.dll) (x)
Plugin - "Native Client" (Enabled: true)
Plugin - Shockwave Flash (Enabled: false) (C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll) (x)
Plugin - "AVG SiteSafety plugin" (Enabled: true)
Plugin - "Java" (Enabled: true)
Plugin - Pando Web Plugin (Enabled: true) (C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll)
Plugin - "Pando Web Plugin" (Enabled: true)
Plugin - "Nexon Game Controller" (Enabled: true)
Plugin - "Zylom Plugin" (Enabled: true)
Plugin - "Silverlight" (Enabled: true)
Preferences - urls_to_restore_on_startup: hxxp://www.google.com.br/
========================================
** Internet Explorer Version [8.0.6001.18702] **
IEXPLORE.EXE\Shell\Open\Command - C:\Arquivos de programas\Internet Explorer\iexplore.exe http://www.v9.com/?utm_source=b&utm_medium=fft
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)
HKCU_SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Secure Search" (hxxp://isearch.avg.com/search?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a...)
HKCU_Toolbar\WebBrowser|{37483B40-C254-4A72-BDA4-22EE90182C1E} (x)
HKCU_Toolbar\WebBrowser|{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} (x)
HKCU_Toolbar\WebBrowser|{29ACF17C-1713-4286-8F40-BFD05F1E70C8} (x)
HKLM_Toolbar|{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)
HKLM_Toolbar|{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll)
HKCU_ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\14.0.835.187\chrome_launcher.exe (x)
HKLM_ElevationPolicy\{048EFFE4-F1AD-408F-B21F-6DCAE7C4C9BB} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit\CT2801948\NCH_ENAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{0EA6D09D-3FAA-4580-B21C-2407CC359366} - C:\Arquivos de programas\BittorrentBar_PT\BittorrentBar_PTToolbarHelper.exe (?)
HKLM_ElevationPolicy\{1C306DF7-2171-45c8-9324-D36448104BD5} - C:\Arquivos de programas\Free Download Manager\fdm.exe (x)
HKLM_ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\javaws.exe (Oracle Corporation)
HKLM_ElevationPolicy\{7BB786C4-9715-43CD-893C-1C51B797AEE9} - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit\CT2849856\BittorrentBar_PTAutoUpdateHelper.exe (x)
HKLM_ElevationPolicy\{A221932B-DCC2-4987-AD37-12691B568C28} - C:\Arquivos de programas\NCH_EN\NCH_ENToolbarHelper.exe (?)
HKLM_ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\ssvagent.exe (Oracle Corporation)
HKLM_ElevationPolicy\{E360A390-F564-48e6-B39A-E08C0D198288} - C:\windows\Downloaded Program Files\LMIGuardian.exe (LogMeIn, Inc.)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - "IObit Toolbar" (C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll)
BHO\{37483b40-c254-4a72-bda4-22ee90182c1e} (?)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Auxiliar de Conexão do Windows Live" (C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{95B7759C-8C7F-4BF1-B163-73684A933233} - "AVG Security Toolbar" (C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll)
BHO\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - "Skype Browser Helper" (C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540000} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540003} - "GbIehObj Class" (C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbiehCef.dll)
BHO\{C41A1C0E-EA6C-11D4-B1B8-444553540008} - "GbIehObj Class" (C:\ARQUIV~1\GbPlugin\gbiehUni.dll)
========================================
C:\Arquivos de programas\Ad-Remover\Quarantine: 249 File(s)
C:\Arquivos de programas\Ad-Remover\Backup: 13 File(s)
C:\Ad-Report-CLEAN[2].txt - 15/05/2012 20:45:59 (4834 Byte(s))
End at: 20:46:48, 15/05/2012
============== E.O.F ==============
RKreport[1]:
RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario: Administrador [Privilegios de Admnistrador]
Modo: Verificar -- Data: 05/15/2012 20:56:15
¤¤¤ Entradas ruins: 2 ¤¤¤
[sUSP PATH] KMService.exe -- C:\windows\KMService.exe -> KILLED [TermProc]
[sUSP PATH] utt6C.tmp -- C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\utt6C.tmp -> KILLED [TermProc]
¤¤¤ Entradas do Registro: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver: [Carregado] ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI +++++
--- User ---
[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4
[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[1].txt >>
RKreport[1].txt
Boa Noite! Luca Albuquerque
|- Baixe: < MyHosts > ( ... par Jeanmimigab )
|- Salve-o no desktop!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/MyHosts.jpg&key=55ffdb1b1e10372ffe12971bf75febd40dd02a1d214b922df8081924a61b3181" alt="MyHosts.jpg" />
|- Execute o arquivo MyHosts.exe,que está na área de trabalho.
|- Para Windows Vista ou 7,execute-o como administrador.
#######ººº#######
Rapport MyHosts.txt
MyHosts V.1.0.0.2 de jeanmimigab
Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides
Résultat de l'opération:restauration du fichier hosts réussi...
Fin du rapport
#######ººº#######
|- Poste o relatório: C:\MyHosts.txt
-/-/-/-
|- Abra,novamente,a ferramenta RogueKiller.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Registry.jpg&key=a2e8d01bc1e11149ef5097ec06b18b6ed7f52b3159905d38f76d327984ed5cb4" alt="RogueKiller_Registry.jpg" />
|- Clique em "Verificar".
|- Clique em "Registro".
¤¤¤ Entradas do Registro: 1 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
|- Ps: Ao apresentar entradas assinalada(s) ( FOUND ),clique em "Deletar".
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/RogueKiller_Replaced.jpg&key=290e19684b18d39b5a95cf2b1381223a0125126ac2751711ace477060acc96b2" alt="RogueKiller_Replaced.jpg" />
|- Exemplo: "Mode: Remove -- Date: mm/dd/2012 00:52:24"
|- Acesse a guia DNS -> Acione DNS_Raz <- Poste este relatório!
|- Poste o relatório ( RKreport[2].txt ),que estará em seu modo "Remove".
Abraços!
Relatorio do MyHosts:
Rapport MyHosts.txt
MyHosts V.1.0.0.2 de jeanmimigab
Merci à la team MH, W-T ,C_XX, Laddy et à Batch_man pour leurs aides
Résultat de l'opération:restauration du fichier hosts réussi...
Fin du rapport
RKreport[2].txt:
RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario: Administrador [Privilegios de Admnistrador]
Modo: Verificar -- Data: 05/15/2012 21:48:32
¤¤¤ Entradas ruins: 0 ¤¤¤
¤¤¤ Entradas do Registro: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver: [Carregado] ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI +++++
--- User ---
[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4
[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Boa Noite! Luca Albuquerque
|- Clicou em Deletar ao acessar as guias em RogueKiller.
|- Pois o relatório postado,não indica correção.
Abraços!
Sim, fiz como pediu, tem que fazer isso em todas as guias dele?
Aqui uns logs que ele gerou a mais:
RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario: Administrador [Privilegios de Admnistrador]
Modo: Remover -- Data: 05/15/2012 21:49:46
¤¤¤ Entradas ruins: 0 ¤¤¤
¤¤¤ Entradas do Registro: 4 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver: [Carregado] ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI +++++
--- User ---
[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4
[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario: Administrador [Privilegios de Admnistrador]
Modo: DNSFix -- Data: 05/15/2012 21:50:23
¤¤¤ Entradas ruins: 0 ¤¤¤
¤¤¤ Driver: [Carregado] ¤¤¤
¤¤¤ Entradas do Registro: 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9} : NameServer (8.8.4.4,200.165.132.147) -> REPLACED ()
Concluido : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Colokei 2 logs ai.
Refiz todo o processo e o outro log ai:
RogueKiller V7.4.4 [05/08/2012] Por Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Sistema Operacional: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Iniciado em : Modo Normal
Usuario: Administrador [Privilegios de Admnistrador]
Modo: Verificar -- Data: 05/15/2012 22:11:34
¤¤¤ Entradas ruins: 0 ¤¤¤
¤¤¤ Entradas do Registro: 2 ¤¤¤
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤
¤¤¤ Driver: [Carregado] ¤¤¤
¤¤¤ Infecção : ¤¤¤
¤¤¤ Arquivo de Hosts: ¤¤¤
127.0.0.1 localhost
::1 localhost
¤¤¤ Verificaçao do MBR: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI +++++
--- User ---
[MBR] 2df8ef6d2db9c9c0ac2fd9b3c64d0fa4
[bSP] 6fcf22d5205f2b3745dcb54a8ab3d12d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Concluido : << RKreport[5].txt >>
RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
Boa Noite! Luca Albuquerque
Sim, fiz como pediu, tem que fazer isso em todas as guias dele?
|- Já é suficiente nas que executou!
-/-/-/-
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/OTL/otlDesktopIcon.png&key=1894e5d356219721410c3360cbf9af74877ae24ccc81ed88026fc2d95dd96a07" alt="otlDesktopIcon.png" /> > ( ... by OldTimer Tools )
|- Clique em Salvar! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg&key=3b5f68b982954852820a7b1c44c7d4ba5f9d81d9cc9adb16f3359408e8cb0d2c" alt="0e5c629f14858f5bf77e61d46c160e317c6d8c5d3ee101e311e440e99d7fd7b06g.jpg" /> >
|- Salve-o no desktop! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg&key=fdd081d7d566e9ee7a4326a3039dd79a57a2005ed7e54a981d560e259f22d658" alt="98c0f1ab3823c58ea05c695fd153839feac6fb6b44aaa3f7f5a2cd4a87354c946g.jpg" /> >
|- Duplo clique em OTL.exe --> Executar: /applications/core/interface/imageproxy/imageproxy.php?img=http://www.mediafire.com/imgbnc.php/c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg&key=422d6e6777df6b11458399b7f42d7cf2ca878f8e09b61a66ff681dacba971926" alt="c19ede0bf8817fba1b9a9c0e9dae6ede3b8983c41017d8926efac3638b95aee16g.jpg" />
|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )
|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".
|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )
|- Pode dispensar o relatório "Extras".
Abraços!
Ta ai:
OTL logfile created on: 5/15/terça-feira 22:23:57 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Administrador\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000416 | Country: Brasil | Language: BRZ | Date Format: M/d/aaaa
3,24 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 73,16% Memory free
5,08 Gb Paging File | 4,19 Gb Available in Paging File | 82,46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Arquivos de programas
Drive C: | 465,75 Gb Total Space | 269,60 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
Computer Name: PRIVE-BEF3B6042 | User Name: Administrador | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/15 22:22:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
PRC - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/04/27 20:24:53 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
PRC - [2012/03/19 08:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/21 14:05:22 | 000,632,664 | ---- | M] (IObit) -- C:\Arquivos de programas\IObit\Game Booster 3\gbtray.exe
PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
PRC - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe
PRC - [2011/11/28 00:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe
PRC - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/11 20:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 14:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/27 20:24:58 | 000,130,944 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
MOD - [2012/04/27 20:24:53 | 001,116,544 | ---- | M] () -- C:\Arquivos de programas\AVG Secure Search\vprot.exe
MOD - [2011/12/15 15:16:32 | 000,516,440 | ---- | M] () -- C:\Arquivos de programas\IObit\Game Booster 3\sqlite3.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
MOD - [2011/09/05 14:05:00 | 000,300,544 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
MOD - [2011/07/18 18:04:08 | 000,296,448 | ---- | M] () -- C:\Arquivos de programas\Notepad++\NppShell_04.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/02 11:40:52 | 000,140,288 | ---- | M] () -- C:\Arquivos de programas\WinRAR\RarExt.dll
MOD - [2008/04/13 14:20:34 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () -- C:\WINDOWS\system32\srvany.exe
========== Win32 Services (SafeList) ==========
SRV - [2012/04/27 20:24:56 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2012/03/19 08:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de programas\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/20 23:26:32 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Stopped] -- C:\Arquivos de programas\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012/02/04 02:01:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Arquivos de programas\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2011/10/24 20:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/10 06:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2011/09/09 14:46:10 | 008,158,720 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2011/08/11 20:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/07 16:28:00 | 004,132,200 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/05/15 20:54:39 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKslaa1c8a59.sys -- (MpKslaa1c8a59)
DRV - [2012/01/16 02:03:26 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2012/01/11 14:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GbpKm.sys -- (GbpKm)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/22 13:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/21 20:49:35 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2011/07/12 18:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/06/07 09:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/05/24 20:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/06/07 16:02:28 | 001,579,144 | ---- | M] (Syntek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2009/06/05 04:16:32 | 000,142,336 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/03/04 06:58:34 | 005,045,760 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/08/05 09:10:12 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/09/26 22:21:10 | 000,021,920 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2006/01/04 04:41:48 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/08/18 18:04:10 | 000,052,895 | ---- | M] (GeoVision Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GV250.sys -- (GV250)
DRV - [2005/08/18 18:04:00 | 000,085,678 | R--- | M] (GeoVision Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGV250.sys -- (AGV250)
DRV - [2001/08/17 20:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [2001/08/17 18:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1999/01/10 13:00:00 | 000,003,584 | ---- | M] () [Kernel | Auto | Running] -- C:\windows\System32\drivers\dlportio.sys -- (DLPortIO)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolTB50CL-chromesbox-en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://search.minituner.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID}
IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=pt-br&FORM=IE0000
IE - HKCU\..\SearchScopes\{200D0764-9616-4C51-A812-B39F10D75DFB}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-aolTB50CL-chromesbox-en-us
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={A7510A75-2AD6-4AE4-999D-7E21E77BDA1F}&mid=c6a733a43f8147d1a25fd1482a8d5192-9a17500a96d428a5cdb8b2643968b9a928fc107f〈=pt-br&ds=gm011&pr=sa&d=2012-04-27 20:25:01&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\ARQUIV~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\ARQUIV~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Arquivos de programas\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Arquivos de programas\AVG\AVG2012\Firefox4\ [2012/02/01 12:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search\11.0.0.9\ [2012/04/27 20:25:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/18 14:29:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/18 14:29:41 | 000,000,000 | ---D | M]
[2012/02/25 13:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\extensions
[2012/02/25 13:50:15 | 000,000,000 | ---D | M] (BittorrentBar_PT Community Toolbar) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\Application\18.0.1025.39\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrador\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Arquivos de programas\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Arquivos de programas\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\ARQUIV~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\ARQUIV~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Arquivos de programas\Microsoft\Office Live\npOLW.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Arquivos de programas\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U2 (Enabled) = C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Arquivos de programas\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Arquivos de programas\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Documents and Settings\All Users\Dados de aplicativos\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Ask Toolbar = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aaaapoldfpilohhfkhihnhdckpackghi\7.14.1.0_0\
CHR - Extension: Desprotetor de Links = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei\1.2.8.1_0\
CHR - Extension: AVG Safe Search = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
O1 HOSTS File: ([2012/05/15 21:46:06 | 000,000,905 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Toolbar) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Arquivos de programas\IObit Toolbar\IE\4.5\iobitToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Arquivos de programas\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Arquivos de programas\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [bitTorrent] C:\Arquivos de programas\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: caixa.gov.br ([internetbanking] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} http://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab (OCXDownloadChecker Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab](http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab) (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab](http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab) (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab](http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab) (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab](http://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab) (Java Plug-in 1.7.0_02)O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4,208.67.222.222
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (EXPLORER.EXE) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Arquivos de programas\GbPlugin\gbieh.dll) - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Arquivos de programas\GbPlugin\gbiehCef.dll) - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\ARQUIV~1\GbPlugin\gbiehUni.dll) - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL) - C:\Arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 () - http://t1.gstatic.com/images?q=tbn:ANd9GcSjdVs-VtPjgFT5njpyKsotQIQvh4BKai-LOpgnIgHyGTO4jICwaw
O24 - Desktop Components:1 (Minha página inicial atual) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Arquivos de programas\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de programas\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de programas\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/15 22:22:37 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2012/05/15 21:46:06 | 000,000,000 | ---D | C] -- C:\MyHosts
[2012/05/15 20:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\RK_Quarantine
[2012/05/15 20:45:25 | 001,327,512 | ---- | C] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe
[2012/05/15 20:44:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Ad-Remover
[2012/05/15 19:11:34 | 000,000,000 | ---D | C] -- C:\ZHP
[2012/05/15 19:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
[2012/05/15 19:09:53 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\ZHPDiag
[2012/05/15 19:09:05 | 004,675,745 | ---- | C] (Nicolas Coolman ) -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
[2012/05/14 19:15:56 | 000,021,768 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP141.SYS
[2012/05/13 20:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\cerasus.media
[2012/05/13 16:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funlinker
[2012/05/10 10:52:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Untitled
[2012/05/08 22:15:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft XNA
[2012/05/05 22:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MumboJumbo
[2012/05/04 11:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Servidores
[2012/05/04 11:03:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Videos
[2012/05/03 19:29:23 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\System32\pncrt.dll
[2012/05/02 19:03:22 | 000,000,000 | ---D | C] -- C:\BrickForce
[2012/04/28 21:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GarenaPlus
[2012/04/28 21:05:55 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Garena Plus
[2012/04/28 21:05:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\GarenaMessenger
[2012/04/28 21:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Left 4 Dead 2
[2012/04/27 22:20:35 | 000,567,200 | ---- | C] (FOF_SILENT
Beijing Elex Technology Co., Ltd) -- C:\windows\System32\v9-toolbar.dll
[2012/04/27 22:20:35 | 000,093,088 | ---- | C] (Beijing Elex Technology Co., Ltd) -- C:\windows\System32\v9loader.dll
[2012/04/27 22:19:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Game Booster 3
[2012/04/27 22:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Youtube Downloader HD
[2012/04/27 20:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GRETECH
[2012/04/27 20:25:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search
[2012/04/27 20:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\GOM Player
[2012/04/27 20:24:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\AVG Secure Search
[2012/04/27 20:22:38 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\GRETECH
[2012/04/25 19:20:27 | 000,000,000 | ---D | C] -- C:\windows\A6W_DATA
[2012/04/25 11:46:23 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free
[2012/04/24 19:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software
[2012/04/24 19:18:32 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Dxtory Software
[2012/04/24 18:56:08 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/04/22 16:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TitanicMystery
[2012/04/22 01:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Notepad++
[2012/04/22 01:51:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Notepad++
[2012/04/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\My Games
[2012/04/21 11:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCapY
[2012/04/20 15:28:07 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Steam
[2012/04/19 16:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\EMDM
[2012/04/18 19:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\Plano
[2012/04/18 18:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GO Games
[6 C:\windows\.tmp files -> C:\windows\.tmp -> ]
[22 C:\windows\System32\.tmp files -> C:\windows\System32\.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/15 22:29:00 | 000,000,470 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{F079F6E0-5CE6-4881-A991-5A72F3D9666B}.job
[2012/05/15 22:22:39 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe
[2012/05/15 22:01:00 | 000,001,086 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/15 21:46:06 | 000,000,905 | RHS- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/05/15 21:42:32 | 000,124,416 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\MyHosts.exe
[2012/05/15 21:30:30 | 000,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/05/15 20:53:05 | 000,000,440 | -H-- | M] () -- C:\windows\tasks\MP Scheduled Scan.job
[2012/05/15 20:50:42 | 000,002,284 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012/05/15 20:48:04 | 000,001,082 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 20:48:04 | 000,000,284 | ---- | M] () -- C:\windows\tasks\Game_Booster_Startup.job
[2012/05/15 20:47:54 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/15 20:45:48 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\AD-R.lnk
[2012/05/15 20:45:33 | 001,327,512 | ---- | M] (C_XX) -- C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe
[2012/05/15 20:43:55 | 001,420,288 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\RogueKiller.exe
[2012/05/15 19:34:11 | 000,000,000 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2012/05/15 19:10:01 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
[2012/05/15 19:10:00 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2012/05/15 19:09:59 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2012/05/15 19:09:37 | 004,675,745 | ---- | M] (Nicolas Coolman ) -- C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
[2012/05/15 18:57:53 | 000,581,983 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe
[2012/05/15 18:23:31 | 000,118,517 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\planeta[1].jpg
[2012/05/15 17:55:00 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\HiJackThis.exe
[2012/05/15 13:59:13 | 098,203,570 | ---- | M] () -- C:\windows\System32\drivers\AVG\incavi.avm
[2012/05/15 13:58:46 | 000,325,162 | ---- | M] () -- C:\windows\System32\drivers\AVG\iavichjg.avm
[2012/05/15 11:27:31 | 000,021,768 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\windows\System32\drivers\PROCEXP141.SYS
[2012/05/13 16:50:38 | 000,001,002 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Mystery Stories - Mountains of Madness.lnk
[2012/05/13 16:44:28 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Celtic Lore - Sidhe Hills.lnk
[2012/05/13 14:39:13 | 007,188,074 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Ludovico-Einaudi-I-Giorni.mp3
[2012/05/13 02:00:00 | 000,000,380 | ---- | M] () -- C:\windows\tasks\AdobeAAMUpdater-1.0-PRIVE-BEF3B6042-Administrador.job
[2012/05/12 15:13:13 | 005,227,019 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\namebench-1.3.1-Windows.exe
[2012/05/12 14:46:35 | 003,806,696 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/05/12 02:50:11 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2012/05/11 20:10:00 | 000,000,300 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2012/05/05 22:09:39 | 000,000,976 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Midnight Mysteries - Devil on the Mississippi.lnk
[2012/04/28 21:23:15 | 000,051,186 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\room_v3.dat
[2012/04/27 22:27:14 | 000,002,434 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Google Chrome.lnk
[2012/04/27 22:27:14 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Internet Explorer.lnk
[2012/04/27 22:19:55 | 000,000,879 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 3.lnk
[2012/04/25 19:20:28 | 000,000,035 | ---- | M] () -- C:\windows\A6W.INI
[2012/04/25 11:45:35 | 000,001,119 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\AltarsoftVideoCapture.ini
[2012/04/23 16:57:41 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Behind the Reflection.lnk
[2012/04/22 16:00:20 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\1912 Titanic Mystery.lnk
[2012/04/21 11:57:48 | 000,000,000 | ---- | M] () -- C:\windows\popcreg.dat
[2012/04/21 11:57:48 | 000,000,000 | ---- | M] () -- C:\windows\popcinfot.dat
[6 C:\windows\.tmp files -> C:\windows\.tmp -> ]
[22 C:\windows\System32\.tmp files -> C:\windows\System32\.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/15 21:42:37 | 000,124,416 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MyHosts.exe
[2012/05/15 20:44:26 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\AD-R.lnk
[2012/05/15 20:43:43 | 001,420,288 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\RogueKiller.exe
[2012/05/15 19:34:11 | 000,000,000 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2012/05/15 19:10:00 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
[2012/05/15 19:10:00 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
[2012/05/15 19:09:59 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
[2012/05/15 18:57:46 | 000,581,983 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe
[2012/05/15 18:23:33 | 000,118,517 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\planeta[1].jpg
[2012/05/13 16:50:38 | 000,001,002 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Mystery Stories - Mountains of Madness.lnk
[2012/05/13 16:44:28 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Celtic Lore - Sidhe Hills.lnk
[2012/05/13 14:38:36 | 007,188,074 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Ludovico-Einaudi-I-Giorni.mp3
[2012/05/12 15:12:59 | 005,227,019 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\namebench-1.3.1-Windows.exe
[2012/05/11 21:54:20 | 000,713,085 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\background.jpg
[2012/05/05 22:09:39 | 000,000,976 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Midnight Mysteries - Devil on the Mississippi.lnk
[2012/04/29 22:25:37 | 000,000,284 | ---- | C] () -- C:\windows\tasks\Game_Booster_Startup.job
[2012/04/28 21:23:15 | 000,051,186 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\room_v3.dat
[2012/04/27 22:19:55 | 000,000,879 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster 3.lnk
[2012/04/25 19:20:28 | 000,000,035 | ---- | C] () -- C:\windows\A6W.INI
[2012/04/25 11:45:35 | 000,001,119 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\AltarsoftVideoCapture.ini
[2012/04/24 23:53:41 | 000,569,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-S-1-5-21-1390067357-1993962763-682003330-500-0.dat
[2012/04/24 23:53:38 | 000,421,670 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\WPFFontCache_v0400-System.dat
[2012/04/23 16:57:41 | 000,000,813 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Behind the Reflection.lnk
[2012/04/22 16:00:20 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\1912 Titanic Mystery.lnk
[2012/04/21 11:57:48 | 000,000,000 | ---- | C] () -- C:\windows\popcreg.dat
[2012/04/21 11:57:48 | 000,000,000 | ---- | C] () -- C:\windows\popcinfot.dat
[2012/03/20 23:13:55 | 000,084,616 | ---- | C] () -- C:\windows\StkUnist.exe
[2012/03/20 23:13:45 | 000,025,608 | ---- | C] () -- C:\windows\System32\drivers\StkCSam.sys
[2012/03/20 23:13:43 | 000,197,648 | ---- | C] () -- C:\windows\System32\drivers\StkCSF.sys
[2012/02/22 19:48:54 | 000,008,192 | ---- | C] () -- C:\windows\System32\srvany.exe
[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe
[2012/02/22 19:27:13 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2012/02/18 14:32:40 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat.temp
[2012/02/18 14:23:12 | 000,187,931 | ---- | C] () -- C:\windows\hpwins27.dat
[2012/02/18 14:23:12 | 000,000,385 | ---- | C] () -- C:\windows\hpwmdl27.dat
[2012/02/17 14:01:03 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\steam_md4.dat
[2012/02/16 17:07:06 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2012/01/24 16:27:09 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2012/01/24 14:01:22 | 000,004,100 | ---- | C] () -- C:\windows\System32\hdvirffo.dll
[2012/01/22 15:28:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{5CC623D5-9C7C-4840-86AF-4E246796B2A8}
[2011/12/12 08:45:29 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\fusioncache.dat
[2011/11/22 10:49:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\winscp.rnd
[2011/11/18 22:53:59 | 000,340,480 | ---- | C] () -- C:\windows\System32\K8062e.exe
[2011/11/18 22:53:59 | 000,322,048 | ---- | C] () -- C:\windows\System32\Easylase.dll
[2011/11/18 22:53:59 | 000,301,056 | ---- | C] () -- C:\windows\System32\usbdmxfs.dll
[2011/11/18 22:53:59 | 000,110,592 | ---- | C] () -- C:\windows\System32\usb_dll.dll
[2011/11/18 22:53:59 | 000,084,992 | ---- | C] () -- C:\windows\System32\DMX510Vb.dll
[2011/11/18 22:53:59 | 000,049,152 | ---- | C] () -- C:\windows\System32\EspionDll.dll
[2011/11/18 22:53:59 | 000,042,496 | ---- | C] () -- C:\windows\System32\K8062D.dll
[2011/11/18 22:53:59 | 000,037,888 | ---- | C] () -- C:\windows\System32\LPT_dmx.dll
[2011/11/18 22:53:59 | 000,032,768 | ---- | C] () -- C:\windows\System32\MPUSBAPI.DLL
[2011/11/18 22:53:59 | 000,017,920 | ---- | C] () -- C:\windows\System32\usbdmxsi.dll
[2011/11/18 22:53:59 | 000,016,384 | ---- | C] () -- C:\windows\System32\FASTTime32.dll
[2011/11/18 22:53:58 | 000,003,584 | ---- | C] () -- C:\windows\System32\drivers\dlportio.sys
[2011/11/18 22:53:57 | 000,077,824 | ---- | C] () -- C:\windows\System32\dashardvb.dll
[2011/11/18 22:53:57 | 000,044,544 | ---- | C] () -- C:\windows\System32\dmx60.dll
[2011/11/18 22:53:57 | 000,044,544 | ---- | C] () -- C:\windows\System32\dmx120.dll
[2011/11/12 09:35:54 | 000,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2011/11/01 17:33:02 | 000,003,248 | ---- | C] () -- C:\windows\System32\svcproxy.ini
[2011/11/01 17:33:02 | 000,001,976 | ---- | C] () -- C:\windows\System32\SVCProxyOff.ini
[2011/10/21 10:05:25 | 000,055,808 | ---- | C] () -- C:\windows\System32\zlib1.dll
[2011/10/19 09:48:52 | 000,090,112 | ---- | C] () -- C:\windows\LL.exe
[2011/09/27 11:04:38 | 000,032,768 | ---- | C] () -- C:\windows\System32\drivers\sp_rsdrv2.sys
[2011/09/05 14:48:23 | 000,000,032 | ---- | C] () -- C:\windows\eurogunzstartgame.INI
[2011/08/30 22:24:35 | 000,002,373 | ---- | C] () -- C:\windows\mozver.dat
[2011/08/27 14:41:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{E65A4328-CABC-496B-89C7-D594F7274169}
[2011/08/27 14:40:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{68FCD3BE-03F4-4861-B7A0-8E279B3B466C}
[2011/08/13 15:57:34 | 000,010,752 | ---- | C] () -- C:\windows\System32\BASSMOD.dll
[2011/08/09 19:39:22 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\X-Plane Installer.prf
[2011/08/07 01:07:19 | 000,122,881 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\debuggee.mdmp
[2011/07/31 00:05:46 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\opbcsaty.nwk
[2011/07/30 14:53:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{6C578CD8-D0D5-40C8-9DB3-876AEA8CFC05}
[2011/07/30 14:53:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{BCD54316-226A-4F91-BA5D-9E5F905D3B5D}
[2011/07/19 21:12:53 | 000,001,536 | ---- | C] () -- C:\windows\System32\bcevent.dll
[2011/07/19 13:24:19 | 000,000,000 | ---- | C] () -- C:\windows\OpPrintServer.INI
[2011/07/16 13:16:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\{863B7850-7710-4E33-8EED-2E49BE45EED2}
[2011/07/14 13:50:28 | 000,056,532 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
[2011/07/04 02:34:59 | 000,138,264 | ---- | C] () -- C:\windows\System32\drivers\PnkBstrK.sys
[2011/07/04 02:34:59 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys
[2011/07/04 02:34:38 | 000,234,768 | ---- | C] () -- C:\windows\System32\PnkBstrB.exe
[2011/07/04 02:34:34 | 000,075,136 | ---- | C] () -- C:\windows\System32\PnkBstrA.exe
[2011/06/11 21:26:25 | 000,006,912 | ---- | C] () -- C:\windows\System32\drivers\impressorax.sys.off
[2011/06/11 21:18:06 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\placax.sys
[2011/05/25 18:29:49 | 000,000,130 | ---- | C] () -- C:\windows\EQUALIZER.INI
[2011/05/17 00:22:29 | 002,015,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
[2011/05/16 11:31:44 | 000,008,592 | ---- | C] () -- C:\windows\System32\ractrlkeyhook.dll
[2011/05/15 16:12:24 | 000,004,935 | ---- | C] () -- C:\windows\wininit.ini
[2011/04/29 22:35:43 | 000,069,632 | ---- | C] () -- C:\windows\System32\MSJCE.dll
[2011/04/11 21:15:35 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2011/04/02 12:03:08 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/02 08:56:05 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011/04/01 19:46:09 | 000,147,456 | R--- | C] () -- C:\windows\System32\igfxCoIn_v5016.dll
[2011/04/01 19:27:55 | 000,001,100 | ---- | C] () -- C:\windows\System32\d3d8caps.dat
[2011/04/01 16:23:04 | 000,001,324 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/04/01 15:16:41 | 000,165,376 | ---- | C] () -- C:\windows\System32\unrar.dll
[2011/03/31 14:31:02 | 000,001,080 | ---- | C] () -- C:\windows\geohealth-03.ini
[2010/08/27 18:46:24 | 000,000,119 | ---- | C] () -- C:\windows\geohealth-08.ini
[2010/06/23 11:58:35 | 000,034,816 | ---- | C] () -- C:\windows\System32\~bwcrc32.dll
[2010/06/11 05:38:56 | 000,000,893 | ---- | C] () -- C:\windows\GeoRIOM.ini
[2010/06/08 09:01:58 | 000,000,128 | ---- | C] () -- C:\windows\GeoImageProcess.ini
[2010/06/08 08:40:32 | 000,000,136 | ---- | C] () -- C:\windows\multiview.ini
[2010/06/08 08:37:54 | 000,000,015 | ---- | C] () -- C:\windows\geonet.ini
[2010/06/08 08:28:30 | 000,000,335 | ---- | C] () -- C:\windows\geoRepair.ini
[2010/06/08 08:28:24 | 000,000,028 | ---- | C] () -- C:\windows\geomcast.ini
[2010/06/08 08:28:24 | 000,000,025 | ---- | C] () -- C:\windows\geoat.ini
[2010/06/08 08:28:23 | 000,009,737 | ---- | C] () -- C:\windows\GeoPTZ.ini
[2010/06/08 08:28:23 | 000,000,113 | ---- | C] () -- C:\windows\Geo6cam.ini
[2010/06/08 08:28:20 | 000,000,000 | ---- | C] () -- C:\windows\Upload.ini
[2010/06/08 08:28:19 | 000,005,588 | ---- | C] () -- C:\windows\PelcoSpectra3_U.ini
[2010/06/08 08:28:19 | 000,000,112 | ---- | C] () -- C:\windows\PTU_U.ini
[2010/06/08 08:28:19 | 000,000,022 | ---- | C] () -- C:\windows\geobcast.ini
[2010/06/08 08:28:19 | 000,000,020 | ---- | C] () -- C:\windows\GEO_CS.ini
[2010/06/08 08:28:18 | 000,005,639 | ---- | C] () -- C:\windows\KenKo_DMP23H1_U.ini
[2010/06/08 08:28:17 | 000,005,661 | ---- | C] () -- C:\windows\SAE_U.ini
[2010/06/08 08:28:10 | 000,000,458 | ---- | C] () -- C:\windows\GeoDebug61.ini
[2010/06/08 08:28:10 | 000,000,370 | ---- | C] () -- C:\windows\GeoRuntime.ini
[2010/06/08 08:28:09 | 000,000,026 | ---- | C] () -- C:\windows\GeoMpeg4.ini
[2010/06/08 08:26:06 | 000,003,555 | ---- | C] () -- C:\windows\GeoMulti.ini
[2010/06/08 08:26:06 | 000,000,060 | ---- | C] () -- C:\windows\GeoDxDraw.ini
[2010/06/08 08:26:05 | 000,139,264 | ---- | C] () -- C:\windows\System32\GXGM20.dll
[2010/06/08 08:25:35 | 000,000,125 | ---- | C] () -- C:\windows\GeoHealth.ini
[2010/06/08 08:25:35 | 000,000,094 | ---- | C] () -- C:\windows\GeoPAL.ini
[2010/05/17 11:30:42 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI
[2010/05/17 11:28:03 | 003,806,696 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2010/05/17 10:48:06 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/05/17 09:41:37 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2010/05/17 09:38:10 | 000,021,844 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
========== LOP Check ==========
[2012/01/21 19:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.craftbukkit
[2012/05/04 22:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.minecraft
[2012/01/17 19:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\.minecraft_xray
[2012/04/23 16:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Alawar
[2012/01/26 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Alawar Entertainment
[2011/05/22 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Anabel
[2012/04/12 00:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Arduino
[2011/09/05 19:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ashampoo
[2012/05/12 21:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Audacity
[2011/11/07 20:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics
[2011/04/01 12:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk
[2011/11/07 18:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG Secure Search
[2011/11/07 18:08:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\AVG2012
[2012/01/02 19:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Awem
[2011/10/31 17:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\b2gmailnotifier.1E5171DA61AE26F47CB00A9AB285CC8775905A13.1
[2011/12/04 09:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Big Finish
[2012/05/15 21:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent
[2012/02/08 17:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BSplayer Pro
[2011/06/10 18:46:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CadSoft
[2012/05/13 20:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\cerasus.media
[2011/10/24 09:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/19 17:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Clickteam
[2011/07/14 13:50:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/17 20:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2012/02/22 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite
[2011/10/16 22:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DarkParablesBriarRose_BFG
[2011/12/23 16:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Dev-Cpp
[2011/09/17 22:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoft
[2011/11/06 16:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ElevatedDiagnostics
[2012/02/26 18:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\FileZilla
[2011/08/31 14:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\flightgear.org
[2011/09/02 12:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\fltk.org
[2012/02/16 16:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Friday's games
[2012/04/11 23:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Fritzing
[2012/01/04 14:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Frogwares
[2012/05/13 16:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funlinker
[2011/11/16 20:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Funswitch
[2012/01/03 15:20:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GameHousev1002
[2012/04/28 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GarenaPlus
[2011/07/27 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GestaltGames
[2012/04/28 01:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo
[2012/04/18 18:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GO Games
[2011/12/19 15:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Gogii
[2012/02/03 21:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\gtk-2.0
[2011/11/02 12:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\GuardiansOfMagic
[2011/08/30 20:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Hide IP NG
[2011/09/16 18:41:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\HiFi
[2012/04/11 12:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ijjigame
[2011/10/20 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\iMaxGen
[2011/08/04 11:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\IObit
[2011/10/10 14:06:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Islands2
[2011/10/06 18:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ISTool
[2011/06/07 21:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LogoMaker
[2012/01/15 21:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MagicIndie
[2011/07/23 17:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Magnet's Story
[2011/07/14 16:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Matrix Y2K
[2012/02/20 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Merscom
[2012/05/05 22:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\MumboJumbo
[2011/08/26 16:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\NCH Swift Sound
[2012/01/09 19:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Need for Speed World
[2012/04/22 01:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Notepad++
[2011/07/13 22:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Nvu
[2012/01/15 22:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Oracle
[2012/01/04 16:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Paige Harper and the Tome of Mystery
[2011/10/06 21:48:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PE Explorer
[2011/10/04 16:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PeaceCraft3
[2011/06/07 21:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PhotoScape
[2011/08/26 16:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PingTesterDataBas
[2011/09/17 23:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\PointBlank
[2011/08/07 01:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Prive
[2011/06/21 19:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Publish Providers
[2012/04/13 21:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\raidcall
[2012/01/23 21:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Screaming Bee
[2011/08/09 20:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecondLife
[2011/11/23 14:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SecretIslandEng
[2011/10/31 13:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Silverback Productions
[2011/06/23 11:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sony
[2011/12/27 14:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\SpinTop Games
[2011/09/04 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\sqlitestudio
[2011/08/16 20:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/08 23:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TeamViewer
[2011/07/13 15:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thunderbird
[2011/09/04 18:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Tibia
[2012/04/22 16:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TitanicMystery
[2011/11/27 16:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TOMI2.THE GATES OF FATE
[2011/09/20 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TOMI3
[2011/11/10 10:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\TS3Client
[2011/10/09 16:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ts3overlay
[2012/03/21 11:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ulead Systems
[2011/07/14 12:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
[2011/12/27 18:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\ValuSoft
[2011/09/26 18:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Video DVD Maker FREE
[2011/07/28 21:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\VitySoft
[2011/10/18 17:12:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\YoudaGames
[2012/04/27 22:20:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Youtube Downloader HD
[2011/03/16 15:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Zylom
[2011/11/13 15:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alawar
[2010/05/17 12:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Alwil Software
[2011/08/11 17:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ashampoo
[2011/07/28 20:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk
[2011/12/05 14:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Avalon-Legends-Solitaire
[2012/04/27 20:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG Secure Search
[2011/11/07 18:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AVG2012
[2011/12/04 09:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Big Finish
[2011/11/16 10:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\boost_interprocess
[2011/07/19 13:23:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\CanonBJ
[2011/11/07 17:53:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Common Files
[2011/11/05 18:20:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
[2011/08/02 20:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Farm Fishes
[2011/07/23 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FarmFrenzy3_America
[2012/04/13 17:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Fenomen Games
[2011/08/13 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\firebird
[2012/01/03 15:10:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Fugazo
[2011/03/16 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GameHouse
[2012/04/28 21:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GarenaMessenger
[2012/02/12 11:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
[2011/07/27 16:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GestaltGames
[2011/07/23 19:03:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Gogii
[2012/03/28 18:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Hi-Rez Studios
[2011/11/04 19:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\interapp
[2011/04/27 19:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\IObit
[2011/11/04 15:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\iWin
[2012/02/22 19:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\LogMeIn
[2012/02/20 17:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Merscom
[2012/05/15 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MFAData
[2012/01/08 11:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MTA San Andreas All
[2011/08/26 16:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NCH Swift Sound
[2011/07/29 08:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Nexon
[2012/01/24 20:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\NexonUS
[2011/11/05 15:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Oi
[2011/06/06 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Pinnacle
[2012/05/01 19:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files
[2012/04/21 11:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\PopCapY
[2011/08/17 20:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\regid.1986-12.com.adobe
[2012/01/23 21:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Screaming Bee
[2011/06/21 18:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Sony
[2011/08/14 17:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SUPERSetup
[2011/11/08 09:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith
[2011/09/05 20:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
[2012/04/11 10:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Ulead Systems
[2011/03/16 15:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Zylom
[2011/12/31 15:18:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/15 20:48:04 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\Game_Booster_Startup.job
[2012/05/15 20:53:05 | 000,000,440 | -H-- | M] () -- C:\windows\Tasks\MP Scheduled Scan.job
[2012/05/15 22:29:00 | 000,000,470 | -H-- | M] () -- C:\windows\Tasks\User_Feed_Synchronization-{F079F6E0-5CE6-4881-A991-5A72F3D9666B}.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
2011/09/27 23:12:50 | 000,000,000 | ---D | M -- C:\Documents and Settings\Administrador\Meus documentos\넥슨 플러그
2011/09/27 23:12:50 | 000,000,000 | ---D | C -- C:\Documents and Settings\Administrador\Meus documentos\넥슨 플러그
========== Alternate Data Streams ==========
@Alternate Data Stream - 412 bytes -> C:\windows\System32\drivers:GbpKmAp.lst
@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Uni.gbp
@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Cef.gbp
@Alternate Data Stream - 2 bytes -> C:\windows\system32:46EC5CC3_Bb.gbp
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8
< End of report >
Boa Noite! Luca Albuquerque
|- Execute o OTL.exe.
|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )
>
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800
O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
[6 C:\windows\.tmp files -> C:\windows\.tmp -> ]
[22 C:\windows\System32\.tmp files -> C:\windows\System32\.tmp -> ]
[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8
:Files
C:\windows\KMService.exe
ipconfig /registerdns /c
ipconfig /flushdns /c
%systemroot%\prefetch\.
C:\WINDOWS\tasks\*.job
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
:Commands
[CLEARALLRESTOREPOINTS]
[purity]
[resethosts]
[emptytemp]
[Reboot]
|- Clique no botão Consertar -> Aguarde a conclusão!
|- O computador vai reiniciar! -> Clique em "Executar".
|- Poste o relatório: C:\_OTL\MovedFiles\*.log
Abraços!
e agora? oque eu faço?
Não tem essa opção CONCERTAR. CleanUP? É ISSO?
Run Fix?
>
e agora? oque eu faço?
Não tem essa opção CONCERTAR. CleanUP? É ISSO?
Olá!
|- Não é CleanUP e se está em Inglês,a opção seria "Run Fix".
Abraços!
Fiz todo o procedimento, mas, quando ele reiniciou o OTL.exe não estava mais lá no desktop. vou repetir o procedimento.
Baixei ele de novo, e quando executei ele deu os seguintes logs:
All processes killed
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva397.sys -- (XDva397)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva390.sys -- (XDva390)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva389.sys -- (XDva389)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\rt73.sys -- (RT73)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleXNt.sys -- (EagleXNt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\EagleNT.sys -- (EagleNT)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Arquivos de programas\sXe Injected\ddsxei.sys -- (ddsxeiservice)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | System | Stopped] -- -- (Changer)> in the current context!
Error: Unable to interpret <FF - user.js - File not found> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {29ACF17C-1713-4286-8F40-BFD05F1E70C8} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.> in the current context!
Error: Unable to interpret <O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108800> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/...indows-i586.cab](http://java.sun.com/...indows-i586.cab) (Java Plug-in 1.7.0_02)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [http://java.sun.com/...indows-i586.cab](http://java.sun.com/...indows-i586.cab) (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/...indows-i586.cab](http://java.sun.com/...indows-i586.cab) (Java Plug-in 1.7.0_02)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/...indows-i586.cab](http://java.sun.com/...indows-i586.cab) (Java Plug-in 1.7.0_02)> in the current context!Error: Unable to interpret <[6 C:\windows\.tmp files -> C:\windows\.tmp -> ]> in the current context!
Error: Unable to interpret <[22 C:\windows\System32\.tmp files -> C:\windows\System32\.tmp -> ]> in the current context!
Error: Unable to interpret <[2012/02/22 19:48:22 | 000,077,824 | ---- | C] () -- C:\windows\KMService.exe> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:DFC5A2B2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:A8ADE5D8> in the current context!
========== FILES ==========
File\Folder C:\windows\KMService.exe not found.
< ipconfig /registerdns /c >
Configuração de IP do Windows
O registro dos registros de recursos DNS para todos os adaptadores deste computador foi iniciado. Quaisquer erros serão relatados no Visualizador de eventos em 15 minutos..
C:\Documents and Settings\Administrador\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Configuração de IP do Windows
Liberação do cache do DNS Resolver bem-sucedida.
C:\Documents and Settings\Administrador\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrador\Desktop\cmd.txt deleted successfully.
File/Folder C:\windows\prefetch\. not found.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrador
->Temp folder emptied: 232515497 bytes
->Temporary Internet Files folder emptied: 27442346 bytes
->Java cache emptied: 1050730 bytes
->Google Chrome cache emptied: 357594667 bytes
->Flash cache emptied: 66853 bytes
User: All Users
->Flash cache emptied: 43 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 2247378 bytes
->Temporary Internet Files folder emptied: 33237 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1009544 bytes
RecycleBin emptied: 49498 bytes
Total Files Cleaned = 593,00 mb
OTL by OldTimer - Version 3.2.43.0 log created on 05162012_180717
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Boa Noite! Luca Albuquerque
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_V88.jpg&key=5ec7a08d5144b777ce14352bc4e894f1309eb5f50d73bc1432eace41fc816659" alt="DelFix_V88.jpg" />
|- Estando na página,clique na seta verde,para o download. ( Seta verde! )
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/DelFix_Suppression.jpg&key=504213ed0fd7c7ffdd71bbc9a8ecfed75d167e84deb27fd5dfec08c0104c80c3" alt="DelFix_Suppression.jpg" />
|- Clique em "Suppression".
|- Poste o relatório! ( C:\DelFixSuppr.txt )
|- À seguir,para remover DelFix do seu computador,clique em "Désinstallation".
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://billy-oneal.com/Canned%2520Speeches/speechimages/combofix/desktopicon.png&key=c972c7524cf2a0d4771101cc561140ae5696a3aad55bcf64c111bf1861d92e85" alt="desktopicon.png" /> > ( ... by sUBs )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Ps: Esteja conectado(a) à Internet.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- *"**ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão** de analistas de segurança."*
|- Abrir-se-á a janela Auto Scan.
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt
Abraços!
DelFix[s1]:
# DelFix v8.8 - Rapport créé le 16/05/2012 à 19:51:39# Mis à jour le 12/02/12 par Xplode
~~~~~~ Dossiers(s) ~~~~~~
Supprimé : C:\_OTL
Supprimé : C:\MyHosts
Supprimé : C:\ZHP
Supprimé : C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
Supprimé : C:\Documents and Settings\Administrador\Desktop\RK_Quarantine
Supprimé : C:\Arquivos de programas\Ad-Remover
Supprimé : C:\Arquivos de programas\ZHPDiag
~~~~~~ Fichier(s) ~~~~~~
Supprimé : C:\Ad-Report-CLEAN[2].txt
Supprimé : C:\AdwCleaner[s1].txt
Supprimé : C:\MyHosts.txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\Documents and Settings\Administrador\Desktop\AD-R.lnk
Supprimé : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe
Supprimé : C:\Documents and Settings\Administrador\Desktop\ComboFix.exe
Supprimé : C:\Documents and Settings\Administrador\Desktop\C_XX_AD-R.exe
Supprimé : C:\Documents and Settings\Administrador\Desktop\MyHosts.exe
Supprimé : C:\Documents and Settings\Administrador\Desktop\OTL.exe
Supprimé : C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
Supprimé : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
Supprimé : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
Supprimé : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
~~~~~~ Registre ~~~~~~
Clé Supprimée : HKCU\Software\Ad-Remover
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~~~~~~ Autres ~~~~~~
-> Prefetch Vidé
*************************
DelFix[s1].txt - [2117 octets] - [16/05/2012 19:51:39]
########## EOF - C:\DelFix[s1].txt - [2241 octets] ##########
Combofix:
ComboFix 12-05-16.02 - Administrador 05/16/aaaa 20:14:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3317.2503 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials Enabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Package\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Skins\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Source\Desktop_.ini
c:\arquivos de programas\sXe Injected
c:\arquivos de programas\sXe Injected\sXe Injected.txt
c:\documents and settings\Administrador\Meus documentos\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\documents and settings\Administrador\WINDOWS
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\Key_Atualizada
c:\windows\LL.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1ae28f7d4344e476.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\600d0f05be4c5ce8.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8249950346fb8626.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d42b8379491a399e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\drivers\placax.sys
c:\windows\system32\drivers\tdlserv.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IMPRESSORAX
-------\Legacy_PLACAX
-------\Legacy_hwinterface
-------\Legacy_ddsxeiservice
-------\Service_hwinterface
-------\Service_ddsxeiservice
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))
.
.
2012-05-16 23:36 . 2012-05-16 23:36 29904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys
2012-05-16 23:34 . 2012-05-16 23:34 56200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\offreg.dll
2012-05-16 22:57 . 2012-05-16 22:57 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-05-16 22:49 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-16 22:49 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-16 22:49 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-05-16 22:49 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-05-16 22:48 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-05-16 22:48 . 2012-05-16 22:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2012-05-15 22:11 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\mpengine.dll
2012-05-14 22:15 . 2012-05-15 14:27 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-05-13 23:34 . 2012-05-13 23:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\cerasus.media
2012-05-13 19:46 . 2012-05-13 19:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Funlinker
2012-05-09 01:15 . 2012-05-09 01:15 -------- d-----w- c:\arquivos de programas\Microsoft XNA
2012-05-06 01:19 . 2012-05-06 01:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MumboJumbo
2012-05-02 22:03 . 2012-05-03 22:14 -------- d-----w- C:\BrickForce
2012-04-29 00:06 . 2012-04-29 00:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GarenaPlus
2012-04-29 00:05 . 2012-05-12 03:43 -------- d-----w- c:\arquivos de programas\Garena Plus
2012-04-29 00:05 . 2012-04-29 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GarenaMessenger
2012-04-28 01:20 . 2011-12-15 15:33 93088 ----a-w- c:\windows\system32\v9loader.dll
2012-04-28 01:20 . 2011-12-15 15:33 567200 ----a-w- c:\windows\system32\v9-toolbar.dll
2012-04-28 01:18 . 2012-04-28 01:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Youtube Downloader HD
2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GRETECH
2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search
2012-04-27 23:24 . 2012-04-27 23:25 -------- d-----w- c:\arquivos de programas\AVG Secure Search
2012-04-27 23:22 . 2012-04-27 23:22 -------- d-----w- c:\arquivos de programas\GRETECH
2012-04-27 21:40 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-04-27 21:40 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-04-27 21:40 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-27 21:40 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-25 22:20 . 2012-04-25 22:20 -------- d-----w- c:\windows\A6W_DATA
2012-04-25 14:46 . 2012-04-25 20:50 -------- d-----w- c:\arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free
2012-04-25 14:30 . 2012-01-16 01:42 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 22:18 . 2012-05-12 03:43 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software
2012-04-24 22:18 . 2012-04-24 22:18 -------- d-----w- c:\arquivos de programas\Dxtory Software
2012-04-24 21:56 . 2012-04-26 18:47 -------- d-----w- C:\Fraps
2012-04-22 19:00 . 2012-04-22 19:01 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TitanicMystery
2012-04-21 16:52 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-04-21 14:59 . 2012-04-21 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PopCapY
2012-04-20 18:28 . 2012-04-24 15:31 -------- d-----w- c:\arquivos de programas\Steam
2012-04-19 19:41 . 2012-04-22 18:29 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\EMDM
2012-04-18 21:35 . 2012-04-18 21:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GO Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 20:55 . 2011-10-19 20:21 388608 ----a-w- C:\HiJackThis.exe
2012-04-13 03:36 . 2011-08-14 16:43 6734704 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-11 13:53 . 2004-08-04 00:40 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:53 . 2010-05-15 02:32 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:53 . 2010-05-15 02:34 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 14:06 . 2011-09-17 18:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2010-05-15 02:34 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2010-05-15 02:30 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2010-05-15 02:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2010-05-15 02:35 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2010-05-15 02:30 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-05-15 02:29 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-27 23:24 2067328 ----a-w- c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-27 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\arquivos de programas\BitTorrent\BitTorrent.exe" [2012-02-25 6061424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\arquivos de programas\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\arquivos de programas\AVG Secure Search\vprot.exe" [2012-04-27 1116544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2011-12-20 732072]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-04 13:11 1398048 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2011-12-20 17:32 732072 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Flow.url]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Flow.url
backup=c:\windows\pss\Flow.urlStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^[b2] Gmail Notifier.lnk]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\[b2] Gmail Notifier.lnk
backup=c:\windows\pss\[b2] Gmail Notifier.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Update Scheduler for Proteus Professional 7.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Update Scheduler for Proteus Professional 7.lnk
backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnkCommon Startup
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-08-17 23:00 499608 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 10:08 1523360 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 07:57 406992 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 01:25 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 16:54 91520 ----a-w- c:\arquivos de programas\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-02-25 16:49 6061424 ----a-w- c:\arquivos de programas\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:21 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-14 10:48 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-28 15:27 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 18:24 54840 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-28 15:27 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 03:36 421736 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2009-02-04 21:59 318464 ----a-w- c:\windows\inf\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-28 15:27 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 14:19 252296 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-29 14:56 3905920 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=
"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\WINDOWS\\system32\\mshearts.exe"=
"c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS5.5\\Dreamweaver.exe"=
"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\SuperMNC\\Binaries\\Win32\\SuperMNCGameClient.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Arquivos de programas\\SHOUTcast\\sc_serv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"32459:TCP"= 32459:TCP:32459
"32459:UDP"= 32459:UDP:32459
"9101:TCP"= 9101:TCP:TS3
"9101:UDP"= 9101:UDP:TS3
"30033:TCP"= 30033:TCP:TS3
"30033:UDP"= 30033:UDP:TS3
"10011:TCP"= 10011:TCP:TS3
"10011:UDP"= 10011:UDP:TS3
"9987:TCP"= 9987:TCP:TS3
"9987:UDP"= 9987:UDP:TS3
"7777:TCP"= 7777:TCP:SAMP
"7777:UDP"= 7777:UDP:SAMP
"25565:TCP"= 25565:TCP:25565
"25565:UDP"= 25565:UDP:25565
"25566:TCP"= 25566:TCP:25566
"25566:UDP"= 25566:UDP:25566
"2100:TCP"= 2100:TCP:FTP
"2101:TCP"= 2101:TCP:FTP_DADOS
"57576:TCP"= 57576:TCP:Pando Media Booster
"57576:UDP"= 57576:UDP:Pando Media Booster
"27015:TCP"= 27015:TCP:cs1
"27015:UDP"= 27015:UDP:cs2
"58839:TCP"= 58839:TCP:Pando Media Booster
"58839:UDP"= 58839:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/aaaa 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/aaaa 5:30 32592]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [6/7/aaaa 6:14 42584]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/aaaa 5:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/aaaa 0:14 295248]
R1 MpKsl618a2434;MpKsl618a2434;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys [5/16/aaaa 20:36 29904]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [7/22/aaaa 13:27 12880]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [7/12/aaaa 18:55 67664]
R2 !SASCORE;SAS Core Service;c:\arquivos de programas\SUPERAntiSpyware\SASCore.exe [8/11/aaaa 20:38 116608]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/aaaa 6:43 18432]
R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2012\avgwdsvc.exe [8/2/aaaa 5:09 192776]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [11/18/aaaa 22:53 3584]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [7/9/aaaa 13:48 194904]
R2 TeamViewer7;TeamViewer 7;c:\arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe [3/19/aaaa 8:38 2666880]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4/27/aaaa 20:24 932736]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/aaaa 13:21 21920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/aaaa 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\arquivos de programas\Hi-Rez Studios\HiPatchService.exe [3/28/aaaa 18:07 8704]S2 KMService;KMService;c:\windows\system32\srvany.exe [2/22/aaaa 19:48 8192]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [2/29/aaaa 8:50 158856]
S3 AGV250;AGV250;c:\windows\system32\drivers\AGV250.sys [6/8/aaaa 8:24 85678]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/aaaa 10:47 1684736]
S3 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe [10/12/aaaa 5:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/aaaa 0:14 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/aaaa 0:14 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/aaaa 5:21 16720]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/16/aaaa 2:03 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena Plus\Room\safedrv.sys --> c:\arquivos de programas\Garena Plus\Room\safedrv.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]
S3 GV250;GV250;c:\windows\system32\drivers\GV250.sys [6/8/aaaa 8:24 52895]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [6/12/aaaa 10:15 31125880]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/aaaa 20:37 4640000]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [3/20/aaaa 23:13 1579144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/aaaa 13:16 753504]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- =Outros Serviços/Drivers Na Memória ---
.
NewlyCreated - MPKSL618A2434
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-05-16 c:\windows\Tasks\MP Scheduled Scan.job
.
.
------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: caixa.gov.br
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\www
TCP: Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150
TCP: Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab
.
.
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{29ACF17C-1713-4286-8F40-BFD05F1E70C8} - (no file)
AddRemove-Combat Arms - c:\level up! games\Combat Arms\NGM.exe
AddRemove-PokerStars - c:\arquivos de programas\PokerStars\PokerStarsUninstall.exe
AddRemove-Kos (usa) - c:\kos\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaabmiflmohdnpnkmo"=hex:6a,61,65,69,6e,68,63,6b,6c,70,6c,70,67,61,6a,69,6f,6d,
62,6e,00,0e
"hagbjnkeaehpobhd"=hex:6a,61,64,69,63,68,62,6c,70,6a,63,6c,6a,63,62,68,6c,67,
6e,6a,00,63
"iaeolnlidhimegkfbb"=hex:63,61,6f,68,69,67,00,7c
"dbfiokpblniinadbeapihdjflcnncagkkjoioicn"=hex:68,61,6c,70,68,66,69,63,6a,65,
66,62,64,69,61,6e,00,00
"jbfiokpblniinadbeapigefkbckplinfipnjkoaipbmccmmabkhc"=hex:68,61,6c,70,68,66,
69,63,6a,65,66,62,64,69,61,6e,00,00
"dbfiokpblniinadbeapimeigbnhjlaiifappkdlj"=hex:62,63,67,6c,6d,68,67,6d,65,69,
64,68,6a,70,66,62,70,67,6b,61,63,66,6f,6e,70,6d,64,62,67,6a,67,61,64,64,65,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
c:\windows\system32\WININET.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL
.
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\windows\system32\wpdshext.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquiv~1\AVG\AVG2012\avgrsx.exe
c:\arquivos de programas\AVG\AVG2012\avgcsrvx.exe
c:\arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\arquivos de programas\AVG\AVG2012\avgnsx.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\arquivos de programas\TeamViewer\Version7\TeamViewer.exe
c:\arquivos de programas\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\RunDll32.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-05-16 20:42:45 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-05-16 23:42
.
Pré-execução: 26 pasta(s) 304.079.773.696 bytes disponíveis
Pós execução: 31 pasta(s) 304.214.261.760 bytes disponíveis
.
Bom Dia! Luca Albuquerque
|- Baixe: | Aqui | ou | Aqui | ( MBRCheck )
|- Salve-o no desktop!
|- Ps: Para windows Vista ou 7,clique direito em MBRCheck.exe e escolha executá-lo como administrador.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25202/MBRCheck_Done-1.jpg&key=795e7a6bb17e0d48e8db6eb611be07d8ef720859736665115811528a4fa584c9" alt="MBRCheck_Done-1.jpg" />
|- Surgirá,à seguir,o prompt de comando solicitando ação específica ao que foi detectado.
|- Neste exemplo,estando sem problemas a MBR,a recomendação solicitada,é apertar a tecla "Enter". ( Windows Xp MBR code detected )
|- Surgindo indicações: "Found non-standard" ou "infected MBR." ou "Mbr Code Faked",é porque temos a MBR comprometida.
|- Exemplo de relatório indicando infecção pelo "TDL4",que pode estabelecer e ocultar pequenos setores,nas unidades físicas.
|- Ps: Devemos esclarecer,que não são todas as variantes do "TDL4",que criará esse setor oculto.
|- Para esses casos,em que temos infecção na MBR,aperte a tecla "N" para sair.
|- Poste seu relatório,que estará no desktop. ( MBRCheck,version 1.2.3 © 2010,AD )
-/-/-/-
|- Selecione e copie,o conteúdo que está em "vermelho",para o Bloco de Notas.
|- Salve-o,no desktop,com o nome: CFScript <-- Texto!
RESTORE::
c:\windows\system32\drivers\tcpip.sys
File::
c:\arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe
Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
SecCenter::
AV: Microsoft Security Essentials Enabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
RegNull::
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]
Folder::
c:\arquivos de programas\Microsoft Security Client\Antimalware
c:\arquivos de programas\Microsoft Security Client
|- Ps: Desabilite,temporariamente,seu antivírus.
|- Ps: Não utilizem este script em outra máquina!
|- Arraste,o CFScript.txt para o ícone/interior do ComboFix.
|- Veja a demonstração!
/applications/core/interface/imageproxy/imageproxy.php?img=http://farm4.static.flickr.com/3028/2872959479_997d4500c4_o.gif&key=5df91a69abacb5902724f70d14994f3bf5ba8d87bf300cea4c6fd8c885940cf0" alt="2872959479_997d4500c4_o.gif" />
|- Atenda à solicitação,que deverá surgir,para rodar o ComboFix.
|- Ps: Faça o arraste,até surgir essa solicitação! ( janela )
|- Concluindo,poste: C:\ComboFix.txt
Abraços!
Logs do Combofix:
ComboFix 12-05-16.02 - Administrador 05/16/aaaa 20:14:56.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.3317.2503 [GMT -3:00]
Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 Disabled/Updated {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials Enabled/Updated {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
ATENÇAO - ESTA MAQUINA NAO TEM O CONSOLE DE RECUPERAÇÃO INSTALADO !!
.
ADS - system32: deleted 6 bytes in 3 streams.
ADS - drivers: deleted 412 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Package\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Skins\Desktop_.ini
c:\arquivos de programas\Borland\Delphi7\VCL Skin\Source\Desktop_.ini
c:\arquivos de programas\sXe Injected
c:\arquivos de programas\sXe Injected\sXe Injected.txt
c:\documents and settings\Administrador\Meus documentos\Downloads\CT2776682_BrotherSoft_Extreme.exe
c:\documents and settings\Administrador\WINDOWS
c:\documents and settings\All Users\Dados de aplicativos\TEMP
c:\windows\Key_Atualizada
c:\windows\LL.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\1ae28f7d4344e476.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\600d0f05be4c5ce8.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\8249950346fb8626.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d42b8379491a399e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\ccrpTmr6.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\drivers\placax.sys
c:\windows\system32\drivers\tdlserv.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IMPRESSORAX
-------\Legacy_PLACAX
-------\Legacy_hwinterface
-------\Legacy_ddsxeiservice
-------\Service_hwinterface
-------\Service_ddsxeiservice
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-16 to 2012-05-16 ))))))))))))))))))))))))))))
.
.
2012-05-16 23:36 . 2012-05-16 23:36 29904 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys
2012-05-16 23:34 . 2012-05-16 23:34 56200 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\offreg.dll
2012-05-16 22:57 . 2012-05-16 22:57 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-05-16 22:49 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-05-16 22:49 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-05-16 22:49 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-05-16 22:49 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-05-16 22:48 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-05-16 22:48 . 2012-05-16 22:49 -------- d-----w- c:\arquivos de programas\K-Lite Codec Pack
2012-05-15 22:11 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\mpengine.dll
2012-05-14 22:15 . 2012-05-15 14:27 21768 ----a-w- c:\windows\system32\drivers\PROCEXP141.SYS
2012-05-13 23:34 . 2012-05-13 23:34 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\cerasus.media
2012-05-13 19:46 . 2012-05-13 19:46 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Funlinker
2012-05-09 01:15 . 2012-05-09 01:15 -------- d-----w- c:\arquivos de programas\Microsoft XNA
2012-05-06 01:19 . 2012-05-06 01:19 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MumboJumbo
2012-05-02 22:03 . 2012-05-03 22:14 -------- d-----w- C:\BrickForce
2012-04-29 00:06 . 2012-04-29 00:06 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GarenaPlus
2012-04-29 00:05 . 2012-05-12 03:43 -------- d-----w- c:\arquivos de programas\Garena Plus
2012-04-29 00:05 . 2012-04-29 00:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\GarenaMessenger
2012-04-28 01:20 . 2011-12-15 15:33 93088 ----a-w- c:\windows\system32\v9loader.dll
2012-04-28 01:20 . 2011-12-15 15:33 567200 ----a-w- c:\windows\system32\v9-toolbar.dll
2012-04-28 01:18 . 2012-04-28 01:20 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Youtube Downloader HD
2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GRETECH
2012-04-27 23:25 . 2012-04-27 23:25 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\AVG Secure Search
2012-04-27 23:24 . 2012-04-27 23:25 -------- d-----w- c:\arquivos de programas\AVG Secure Search
2012-04-27 23:22 . 2012-04-27 23:22 -------- d-----w- c:\arquivos de programas\GRETECH
2012-04-27 21:40 . 2008-04-13 22:20 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-04-27 21:40 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-04-27 21:40 . 2008-04-13 21:58 14720 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-04-27 21:40 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2012-04-25 22:20 . 2012-04-25 22:20 -------- d-----w- c:\windows\A6W_DATA
2012-04-25 14:46 . 2012-04-25 20:50 -------- d-----w- c:\arquivos de programas\Wisdom-soft AutoScreenRecorder 3.1 Free
2012-04-25 14:30 . 2012-01-16 01:42 141312 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-24 22:18 . 2012-05-12 03:43 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Dxtory Software
2012-04-24 22:18 . 2012-04-24 22:18 -------- d-----w- c:\arquivos de programas\Dxtory Software
2012-04-24 21:56 . 2012-04-26 18:47 -------- d-----w- C:\Fraps
2012-04-22 19:00 . 2012-04-22 19:01 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\TitanicMystery
2012-04-21 16:52 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-04-21 14:59 . 2012-04-21 14:59 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PopCapY
2012-04-20 18:28 . 2012-04-24 15:31 -------- d-----w- c:\arquivos de programas\Steam
2012-04-19 19:41 . 2012-04-22 18:29 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\EMDM
2012-04-18 21:35 . 2012-04-18 21:35 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\GO Games
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-15 20:55 . 2011-10-19 20:21 388608 ----a-w- C:\HiJackThis.exe
2012-04-13 03:36 . 2011-08-14 16:43 6734704 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-11 13:53 . 2004-08-04 00:40 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:53 . 2010-05-15 02:32 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:53 . 2010-05-15 02:34 1862400 ----a-w- c:\windows\system32\win32k.sys
2012-03-01 14:06 . 2011-09-17 18:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 10:59 . 2010-05-15 02:34 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2010-05-15 02:30 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2010-05-15 02:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2010-05-15 02:35 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2010-05-15 02:30 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-05-15 02:29 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
Nota entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-27 23:24 2067328 ----a-w- c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\arquivos de programas\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-27 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\arquivos de programas\BitTorrent\BitTorrent.exe" [2012-02-25 6061424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\arquivos de programas\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\arquivos de programas\AVG Secure Search\vprot.exe" [2012-04-27 1116544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\arquiv~1\ARQUIV~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\
HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\arquiv~1\GbPlugin\gbiehUni.dll" [2011-12-20 732072]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2011-07-04 13:11 1398048 ----a-w- c:\arquivos de programas\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2012-01-11 17:01 726360 ----a-w- c:\arquivos de programas\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2011-12-20 17:32 732072 ----a-w- c:\arquiv~1\GbPlugin\gbiehUni.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\arquiv~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^Flow.url]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\Flow.url
backup=c:\windows\pss\Flow.urlStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrador^Menu Iniciar^Programas^Inicializar^[b2] Gmail Notifier.lnk]
path=c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\[b2] Gmail Notifier.lnk
backup=c:\windows\pss\[b2] Gmail Notifier.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Update Scheduler for Proteus Professional 7.lnk]
path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Update Scheduler for Proteus Professional 7.lnk
backup=c:\windows\pss\Update Scheduler for Proteus Professional 7.lnkCommon Startup
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wisdom-soft AutoScreenRecorder 3.1 Free]
0 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 15:55 937920 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-08-17 23:00 499608 ------w- c:\arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 10:08 1523360 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 07:57 406992 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 01:25 59240 ----a-w- c:\arquivos de programas\Arquivos comuns\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 16:54 91520 ----a-w- c:\arquivos de programas\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-02-25 16:49 6061424 ----a-w- c:\arquivos de programas\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-13 17:21 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-13 17:20 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-14 10:48 136176 ----atw- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-28 15:27 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 18:24 54840 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-28 15:27 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 03:36 421736 ----a-w- c:\arquivos de programas\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
2009-02-04 21:59 318464 ----a-w- c:\windows\inf\unregmp2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 01:12 3872080 ----a-w- c:\arquivos de programas\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-28 15:27 142360 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 14:19 252296 ----a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-29 14:56 3905920 ----a-w- c:\arquivos de programas\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\xampp\\MercuryMail\\mercury.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Level Up! Games\\Combat Arms\\NMService.exe"=
"c:\level up! games\Combat Arms\Engine.exe"= c:\level up! games\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"c:\\WINDOWS\\system32\\mshearts.exe"=
"c:\\Arquivos de programas\\Adobe\\Adobe Dreamweaver CS5.5\\Dreamweaver.exe"=
"c:\level up! games\Combat Arms\CombatArms.exe"= c:\level up! games\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Arquivos de programas\\BitTorrent\\BitTorrent.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Arquivos de programas\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Arquivos de programas\\Arquivos comuns\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=
"c:\\Arquivos de programas\\iTunes\\iTunes.exe"=
"c:\\Arquivos de programas\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Documents and Settings\\All Users\\Dados de aplicativos\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Arquivos de programas\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Arquivos de programas\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"c:\\Arquivos de programas\\Steam\\steamapps\\common\\SuperMNC\\Binaries\\Win32\\SuperMNCGameClient.exe"=
"c:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Arquivos de programas\\SHOUTcast\\sc_serv.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"32459:TCP"= 32459:TCP:32459
"32459:UDP"= 32459:UDP:32459
"9101:TCP"= 9101:TCP:TS3
"9101:UDP"= 9101:UDP:TS3
"30033:TCP"= 30033:TCP:TS3
"30033:UDP"= 30033:UDP:TS3
"10011:TCP"= 10011:TCP:TS3
"10011:UDP"= 10011:UDP:TS3
"9987:TCP"= 9987:TCP:TS3
"9987:UDP"= 9987:UDP:TS3
"7777:TCP"= 7777:TCP:SAMP
"7777:UDP"= 7777:UDP:SAMP
"25565:TCP"= 25565:TCP:25565
"25565:UDP"= 25565:UDP:25565
"25566:TCP"= 25566:TCP:25566
"25566:UDP"= 25566:UDP:25566
"2100:TCP"= 2100:TCP:FTP
"2101:TCP"= 2101:TCP:FTP_DADOS
"57576:TCP"= 57576:TCP:Pando Media Booster
"57576:UDP"= 57576:UDP:Pando Media Booster
"27015:TCP"= 27015:TCP:cs1
"27015:UDP"= 27015:UDP:cs2
"58839:TCP"= 58839:TCP:Pando Media Booster
"58839:UDP"= 58839:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/aaaa 0:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/aaaa 5:30 32592]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [6/7/aaaa 6:14 42584]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/7/aaaa 5:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/aaaa 0:14 295248]
R1 MpKsl618a2434;MpKsl618a2434;c:\documents and settings\All Users\Dados de aplicativos\Microsoft\Microsoft Antimalware\Definition Updates\{CFB87D8A-9DE3-49B3-AB5E-188C5F322A14}\MpKsl618a2434.sys [5/16/aaaa 20:36 29904]
R1 SASDIFSV;SASDIFSV;c:\arquivos de programas\SUPERAntiSpyware\sasdifsv.sys [7/22/aaaa 13:27 12880]
R1 SASKUTIL;SASKUTIL;c:\arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS [7/12/aaaa 18:55 67664]
R2 !SASCORE;SAS Core Service;c:\arquivos de programas\SUPERAntiSpyware\SASCore.exe [8/11/aaaa 20:38 116608]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [9/10/aaaa 6:43 18432]
R2 avgwd;Watchdog do AVG;c:\arquivos de programas\AVG\AVG2012\avgwdsvc.exe [8/2/aaaa 5:09 192776]
R2 DLPortIO;DriverLINX Port I/O Driver;c:\windows\system32\drivers\dlportio.sys [11/18/aaaa 22:53 3584]
R2 GbpSv;Gbp Service;c:\arquiv~1\GbPlugin\GbpSv.exe [7/9/aaaa 13:48 194904]
R2 TeamViewer7;TeamViewer 7;c:\arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe [3/19/aaaa 8:38 2666880]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4/27/aaaa 20:24 932736]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7/1/aaaa 13:21 21920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/aaaa 13:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\arquivos de programas\Hi-Rez Studios\HiPatchService.exe [3/28/aaaa 18:07 8704]S2 KMService;KMService;c:\windows\system32\srvany.exe [2/22/aaaa 19:48 8192]
S2 SkypeUpdate;Skype Updater;c:\arquivos de programas\Skype\Updater\Updater.exe [2/29/aaaa 8:50 158856]
S3 AGV250;AGV250;c:\windows\system32\drivers\AGV250.sys [6/8/aaaa 8:24 85678]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/17/aaaa 10:47 1684736]
S3 AVGIDSAgent;AVGIDSAgent;c:\arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe [10/12/aaaa 5:25 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/aaaa 0:14 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/aaaa 0:14 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/4/aaaa 5:21 16720]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [1/16/aaaa 2:03 23456]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\arquivos de programas\Garena Plus\Room\safedrv.sys --> c:\arquivos de programas\Garena Plus\Room\safedrv.sys [?]
S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [9/2/aaaa 18:43 136176]
S3 GV250;GV250;c:\windows\system32\drivers\GV250.sys [6/8/aaaa 8:24 52895]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\arquivos de programas\Microsoft Office\Office14\GROOVE.EXE [6/12/aaaa 10:15 31125880]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;c:\arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/aaaa 20:37 4640000]
S3 StkCMini;Syntek AVStream USB2.0 ATV;c:\windows\system32\drivers\StkCMini.sys [3/20/aaaa 23:13 1579144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/aaaa 13:16 753504]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
.
--- =Outros Serviços/Drivers Na Memória ---
.
NewlyCreated - MPKSL618A2434
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2012-05-16 c:\windows\Tasks\MP Scheduled Scan.job
.
.
------- Scan Suplementar -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\arquiv~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\arquiv~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: caixa.gov.br
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\www
TCP: Interfaces\{26886939-E161-4593-8608-E2779B367726}: NameServer = 192.168.0.1,192.168.0.150
TCP: Interfaces\{CB0E1AEE-D069-4F03-AD5D-F07FA9AC7BF9}: NameServer = 8.8.4.4
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\arquivos de programas\Arquivos comuns\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} - hxxp://www.floriculturacristal.ddns.com.br/cab/OCXChecker_6110.cab
.
.
BHO-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{29ACF17C-1713-4286-8F40-BFD05F1E70C8} - (no file)
AddRemove-Combat Arms - c:\level up! games\Combat Arms\NGM.exe
AddRemove-PokerStars - c:\arquivos de programas\PokerStars\PokerStarsUninstall.exe
AddRemove-Kos (usa) - c:\kos\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 20:36
Windows 5.1.2600 Service Pack 3 NTFS
.
Procurando processos ocultos ...
.
Procurando entradas auto inicializáveis ocultas ...
.
Procurando ficheiros/arquivos ocultos ...
.
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c1,37,be,3c,2d,fa,29,49,8b,9b,f4,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,82,a2,fb,b3,be,67,73,4f,a8,19,03,\
.
[HKEY_USERS\S-1-5-21-1390067357-1993962763-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{83F036B1-FA0B-8260-410C-0BCB7F1AE0D5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaabmiflmohdnpnkmo"=hex:6a,61,65,69,6e,68,63,6b,6c,70,6c,70,67,61,6a,69,6f,6d,
62,6e,00,0e
"hagbjnkeaehpobhd"=hex:6a,61,64,69,63,68,62,6c,70,6a,63,6c,6a,63,62,68,6c,67,
6e,6a,00,63
"iaeolnlidhimegkfbb"=hex:63,61,6f,68,69,67,00,7c
"dbfiokpblniinadbeapihdjflcnncagkkjoioicn"=hex:68,61,6c,70,68,66,69,63,6a,65,
66,62,64,69,61,6e,00,00
"jbfiokpblniinadbeapigefkbckplinfipnjkoaipbmccmmabkhc"=hex:68,61,6c,70,68,66,
69,63,6a,65,66,62,64,69,61,6e,00,00
"dbfiokpblniinadbeapimeigbnhjlaiifappkdlj"=hex:62,63,67,6c,6d,68,67,6d,65,69,
64,68,6a,70,66,62,70,67,6b,61,63,66,6f,6e,70,6d,64,62,67,6a,67,61,64,64,65,\
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------
.
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\arquivos de programas\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
c:\windows\system32\WININET.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB
c:\arquivos de programas\SUPERAntiSpyware\SASSEH.DLL
.
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\arquiv~1\ARQUIV~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\arquiv~1\MICROS~2\Office14\1046\GrooveIntlResource.dll
c:\arquivos de programas\GBPLUGIN\gbieh.dll
c:\arquivos de programas\GBPLUGIN\gbiehCef.dll
c:\arquiv~1\GbPlugin\gbiehUni.dll
c:\windows\system32\wpdshext.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\arquiv~1\AVG\AVG2012\avgrsx.exe
c:\arquivos de programas\AVG\AVG2012\avgcsrvx.exe
c:\arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\arquivos de programas\Bonjour\mDNSResponder.exe
c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
c:\arquivos de programas\AVG\AVG2012\avgnsx.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\arquivos de programas\TeamViewer\Version7\TeamViewer.exe
c:\arquivos de programas\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\RunDll32.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Tempo para conclusão: 2012-05-16 20:42:45 - Máquina reiniciou
ComboFix-quarantined-files.txt 2012-05-16 23:42
.
Pré-execução: 26 pasta(s) 304.079.773.696 bytes disponíveis
Pós execução: 31 pasta(s) 304.214.261.760 bytes disponíveis
.
Logs do MRBCheck:
MBRCheck, version 1.2.3© 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d
Kernel Drivers (total 140):
0x804D7000 \windows\system32\ntkrnlpa.exe
0x806E6000 \windows\system32\hal.dll
0xBA5A8000 \windows\system32\KDCOM.DLL
0xBA4B8000 \windows\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \windows\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \windows\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0D8000 disk.sys
0xBA0E8000 \windows\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltmgr.sys
0xB9ED9000 sr.sys
0xBA0F8000 PxHelp20.sys
0xB9EC2000 KSecDD.sys
0xB9EAF000 WudfPf.sys
0xB9E22000 Ntfs.sys
0xBA108000 gbpkm.sys
0xB9DF5000 NDIS.sys
0xB9DDB000 Mup.sys
0xBA338000 avgrkx86.sys
0xBA4BC000 AVGIDSEH.Sys
0xBA268000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB92D3000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB92BF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9297000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9274000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9250000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA278000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9D9F000 \SystemRoot\system32\DRIVERS\serenum.sys
0xBA3F8000 \SystemRoot\system32\DRIVERS\irsir.sys
0xB9D9B000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB923C000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA288000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA400000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA298000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9219000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA408000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9D8F000 \SystemRoot\system32\drivers\ScreamingBAudio.sys
0xB91F5000 \SystemRoot\system32\drivers\portcls.sys
0xBA2C8000 \SystemRoot\system32\drivers\drmk.sys
0xBA7C6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA410000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D87000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB91DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB91CD000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA308000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA420000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB919D000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA318000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB913F000 \SystemRoot\system32\DRIVERS\update.sys
0xB9D6F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB94FA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8779000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB94DA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB94BA000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xA8702000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA468000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA612000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6E1000 \SystemRoot\System32\Drivers\Null.SYS
0xBA614000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA480000 \SystemRoot\System32\drivers\vga.sys
0xBA616000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA618000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9D6B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA86CF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8676000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA862F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xA8609000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA85E1000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9D63000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xA85BF000 \SystemRoot\System32\drivers\afd.sys
0xB949A000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA859D000 \??\C:\Arquivos de programas\SUPERAntiSpyware\SASKUTIL.SYS
0xBA498000 \??\C:\Arquivos de programas\SUPERAntiSpyware\SASDIFSV.SYS
0xA8572000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA84DA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB948A000 \SystemRoot\System32\Drivers\Fips.SYS
0xB947A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8761000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA148000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8759000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8403000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xBA1F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA834B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA63E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA83B7000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA777000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF059000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E9000 \SystemRoot\System32\igxpdx32.DLL
0xBF692000 \SystemRoot\System32\ATMFD.DLL
0xA7FED000 \SystemRoot\system32\DRIVERS\irda.sys
0xA7DF8000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8083000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7B73000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5D4000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA7B57000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xBA380000 \SystemRoot\System32\Drivers\DLPortIO.SYS
0xA78F7000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA784F000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA450000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA737F000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xA6BE6000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7B3B000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xA771F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA470000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xA846A000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xA7DB5000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xA6853000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dllProcesses (total 56):
0 System Idle Process
4 System
788 C:\WINDOWS\system32\smss.exe
820 C:\ARQUIV~1\AVG\AVG2012\avgrsx.exe
852 C:\Arquivos de programas\AVG\AVG2012\avgcsrvx.exe
1052 C:\WINDOWS\system32\csrss.exe
1080 C:\WINDOWS\system32\winlogon.exe
1128 C:\WINDOWS\system32\services.exe
1140 C:\WINDOWS\system32\lsass.exe
1332 C:\ARQUIV~1\GbPlugin\gbpsv.exe
1440 C:\WINDOWS\system32\svchost.exe
1536 C:\WINDOWS\system32\svchost.exe
1660 C:\Arquivos de programas\Microsoft Security Client\Antimalware\MsMpEng.exe
1696 C:\WINDOWS\system32\svchost.exe
1736 C:\WINDOWS\system32\svchost.exe
1892 C:\WINDOWS\system32\svchost.exe
2012 C:\WINDOWS\system32\svchost.exe
324 C:\WINDOWS\system32\svchost.exe
592 C:\WINDOWS\system32\spoolsv.exe
652 C:\WINDOWS\explorer.exe
288 C:\WINDOWS\system32\svchost.exe
740 C:\Arquivos de programas\SUPERAntiSpyware\SASCore.exe
1208 C:\xampp\apache\bin\httpd.exe
1388 C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2108 C:\Arquivos de programas\AVG\AVG2012\avgwdsvc.exe
2156 C:\Arquivos de programas\Bonjour\mDNSResponder.exe
2248 C:\WINDOWS\system32\svchost.exe
3184 C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
3604 C:\WINDOWS\system32\svchost.exe
3760 C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\mdm.exe
4016 C:\Arquivos de programas\AVG\AVG2012\avgnsx.exe
1620 C:\xampp\mysql\bin\mysqld.exe
2244 C:\WINDOWS\system32\svchost.exe
2240 C:\Arquivos de programas\AVG\AVG2012\avgtray.exe
2264 C:\WINDOWS\system32\svchost.exe
2424 C:\WINDOWS\system32\PnkBstrA.exe
2520 C:\Arquivos de programas\AVG Secure Search\vprot.exe
2696 C:\WINDOWS\system32\svchost.exe
2936 C:\Arquivos de programas\TeamViewer\Version7\TeamViewer_Service.exe
3136 C:\WINDOWS\system32\ctfmon.exe
3444 C:\Arquivos de programas\Arquivos comuns\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
3856 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe
4076 C:\Arquivos de programas\AVG\AVG2012\AVGIDSAgent.exe
2900 C:\xampp\apache\bin\httpd.exe
5160 C:\WINDOWS\system32\alg.exe
6140 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe
1588 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe
1492 C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe
4408 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
5496 C:\WINDOWS\system32\wuauclt.exe
3996 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
1680 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
2020 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
4512 C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe
4872 C:\Arquivos de programas\Microsoft Security Client\Antimalware\MpCmdRun.exe
4908 C:\Documents and Settings\Administrador\Desktop\MBRCheck.exe\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: SAMSUNGHD502HI, Rev: 1AG01118
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F
Done!
Bom Dia! Luca Albuquerque
Size Device Name MBR Status--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 2C6D77F4F50AA9DE10FCE2024558166E9012FC6F
|- A boa notícia,segundo o relatório de MBRCheck,é que você não tem a MBR infectada.
|- A má notícia é que você postou o log errado do ComboFix. O correto seria o log gerado após o arraste. ( CFScript.txt )
|- Ps: Veja se o localiza!
Abraços!
Posso refa-zer o processo?
Bom, notei que ele não gerou nenhum log, pois eu pego esse arquivo que você me mandou para o ComboFix.exe como dito acima, arrasto ele até o combofix e dai ele abre aquela janela de extraindo os arquivos, dai ele fala q o antivirus da Microsolft está ligado, sendo que esse antivirus da MCROSOLFT está corrompido, não consigo re-instalalo ou desinstalar ja tentei de tudo e mesmo assim não da, o combofix não acontece nada quando arrasto o arquivo de texto pra ele.
>
Posso refa-zer o processo?
Bom, notei que ele não gerou nenhum log, pois eu pego esse arquivo que você me mandou para o ComboFix.exe como dito acima, arrasto ele até o combofix e dai ele abre aquela janela de extraindo os arquivos, dai ele fala q o antivirus da Microsolft está ligado, sendo que esse antivirus da MCROSOLFT está corrompido, não consigo re-instalalo ou desinstalar ja tentei de tudo e mesmo assim não da, o combofix não acontece nada quando arrasto o arquivo de texto pra ele.
Boa Noite! Luca Albuquerque
|- Baixe: < Revo Uninstaller >
|- Salve-o no desktop.
|- Instale o utilitário e verifique se na tela principal aparece o programa a ser desinstalado.
|- No seu caso,o Microsoft Security Essentials.
|- Selecione-o e clique em Desinstalar.
|- Para maiores detalhes,leia o < Tutorial >
-/-/-
|- À seguir,copie o script que editei para o Bloco de Notas e faça,novamente,o arraste.
Abraços!
>
Bom pessoal, meu pc começou a reiniciar do nada sozinho, ou até mesmo desligar, não sei se é virus, se é a fonte ou cabiação, mas por via das duvidas, queria que alqm me ajudase a saber se é virus ou não, poir ai se não for virus eu ja troco a fonte.
Olá!
|- Pelos sintomas pode ser a fonte!
-/-/-
|- Poste o log do HijackThis,segundo a REGRA N°02.
< Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! >
Abraços!