Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

ChaOszinBR

[Resolvido!] Malware

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:10:49, on 06/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Ares\Ares.exe

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [JuniorEngineCheck] "C:\Arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" /DeleteKey

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\Program Files\Multi Desktop\MultiDesk.exe

O4 - Global Startup: MultiDesktop Manager.lnk = C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.74 85.255.112.39

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.74 85.255.112.39

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdnxs.exe (file missing)

 

--

End of file - 11086 bytes

 

Ai está o log , queria saber se a algo de errado com meu pc.

Grato.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Olá ChaOszinBR! Seja bem-vindo ao Fórum Imasters.

 

:seta: Vá no menu: Inicar > Painel de Controle > Programas > Programas e recursos > e desinstale Local_Strike

__________________________________________________________________

 

:seta: Depois disto vá no menu: Iniciar > Todos os programas > Acessórios > Windows Explorer > veja se esta pasta em vermelho abaixo ainda exista e a exclua, caso ela ainda exista:

 

C:\Program Files\Local_Strike

__________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

- Faça o download do Malwarebytes Anti-Malware.

* Faça a instalação dando um duplo clique em "mbam-setup.exe";

*Selecione a linguagem Português (Brasil)

*Selecione apenas a caixa: "Atualizar MalwareBytes'Anti-Malware"

*Se alguma atualização existir, o download será automático

*Não faça ainda scan!!!

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

* Se não possível executar o computador em Modo Seguro, faça o escaneamento no modo normal

*Execute o programa MalwareBytes'Anti-Malware e clique na aba: "Verificação", selecione a opção "Verificação completa"

*Clique no botão: "Verificar"

* Marque todas as partes do computador que você deseja escanear e clique no botão: Iniciar verificação

*Ao término do scan, clique em "OK" > "Mostrar Resultados"

*Selecione todas as entradas e clique em "Remover Selecionados"

*Após a remoção poderá ser interrogado se deseja remover objetos da memória. Clique "SIM"

*Um log será apresentado com o resultado das ações

*Alguns malwares são rebeldes e necessitam de uma reinicialização para a remoção. Caso isto seja solicitado, clique para reiniciar o PC.

*Ao término do processo, reinicie o PC em Modo Normal.

* Depois de alguns dias, se o seu computador estiver funcionando normalmente sem estes arquivos que foram excluidos pelo Malwarebytes Anti-malware, abra (execute) o Malwarebytes Anti-malware, clique na aba: Quarentena e clique no botão: Remover tudo.

*Execute novamente o programa Malwarebytes Anti-malware e clique na aba Logs, dê um duplo clique com o mouse sobre o log mais recente, selecione o log completo e copie-o.

 

Poste este log gerado pelo Malwarebytes Anti-Malware juntamente com um novo log do Hijackthis na sua próxima resposta e nos diga como está o seu computador depois de seguir este procedimento acima.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ai está os 2 logs , fiz tudo certinho porem meus navegadores ainda não funcionam.

Oque devo fazer agora ?

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:03:45, on 07/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

C:\Windows\system32\schtasks.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Kaique\Pictures\HiJackThis.exe

C:\Windows\system32\WerCon.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [JuniorEngineCheck] "C:\Arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" /DeleteKey

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Multi Desktop 3.00] C:\Program Files\Multi Desktop\MultiDesk.exe

O4 - Global Startup: MultiDesktop Manager.lnk = C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 10225 bytes

 

 

 

------------------------------------------------

 

Malwarebytes' Anti-Malware 1.40

Versão do banco de dados: 2551

Windows 6.0.6000 (Safe Mode)

 

07/08/2009 00:47:32

mbam-log-2009-08-07 (00-47-32).txt

 

Tipo de Verificação: Completa (C:\|D:\|E:\|)

Objetos verificados: 293362

Tempo decorrido: 1 hour(s), 0 minute(s), 55 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 27

Valores do Registro infectados: 0

Ítens do Registro infectados: 3

Pastas infectadas: 7

Arquivos infectados: 3

 

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

 

Chaves do Registro infectadas:

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Windows Tribute Service (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

 

Ítens do Registro infectados:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.74 85.255.112.39 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.74 85.255.112.39 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.113.74 85.255.112.39 -> Quarantined and deleted successfully.

 

Pastas infectadas:

C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Arquivos infectados:

C:\Users\Lolzin\AppData\Local\fotos.exe (Malware.Packer.T) -> Quarantined and deleted successfully.

C:\Windows\System32\drivers\oreans32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Vários problemas foram removidos do seu PC.

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

 

1) Desabilite o seu anti-vírus temporariamente;

 

2) Dê um duplo-clique no combofix.exe e aguarde (o processo total demora cerca de 10 minutos);

 

3) A janela de “NEGAÇÃO DE GARANTIA DO SOFTWARE” abrir-se-á. Clique em “SIM” para continuar.

 

4) Outra janela irá abrir, caso a sua máquina não possua o CONSOLE DE RECUPERAÇÃO DO WINDOWS. É recomendável executar a instalação do console antes de dar continuidade ao processo, pois tal ação proporcionará a garantia de que o sistema poderá ser recuperado em caso de problemas durante a varredura.

 

Clique sobre “SIM” e aguarde, pois o processo de instalação do console dar-se-á automaticamente através do próprio ComboFix. Ele poderá demorar alguns minutos (dependerá da velocidade de sua conexão), portanto seja paciente.

 

Quando a janela “INSTALANDO O CONSOLE DE RECUPERAÇÃO” aparecer clique em “OK”, depois clique sobre “SIM” para aceitar a licença EULA.

 

Ao término da instalação do console de recuperação abrir-se-á uma janela avisando que “O CONSOLE DE RECUPERAÇÃO FOI INSTALADO COM SUCESSO”.

 

Clique sobre “SIM” para continuar a varredura.

 

5) O ComboFix iniciará o AUTOSCAN (aguarde).

 

ATENÇÃO: Não clique na janela do ComboFix, nem termine o processo abruptamente enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco).

 

Ao término do processo a máquina será reiniciada para a emissão do relatório.

 

6) Ao reiniciar a máquina o ComboFix irá executar o FIND3M para a criação do relatório final da varredura. O log dele estará em C:\ComboFix.txt.

 

7) Reabilite o seu anti-vírus;

 

OBS.1: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO ou caso os virus ou malwares bloqueiem a execução do Combofix, baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Neste caso, nomeie-o como Kombofix durante o salvamento e não após salvá-lo!

 

Em último caso, se não for possível executar o Combofix no Modo Normal do Windows, tente utilizar o ComboFix em MODO SEGURO (reiniciando o computador e pressionando a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização e escolha a opção Modo Seguro na tela que se apresenta) e repita o procedimento;

 

OBS.2: Caso haja um clique sobre a janela do ComboFix em execução, ela irá MAXIMIZAR, sobrepondo-se sobre as demais. Para minimizá-la novamente basta utilizar a combinação ALT + TAB.

* Se por algum motivo você precisar parar ou sair do ComboFix, tecle "N".

* Se perder a conexão com a internet, reinicie o computador. Caso o problema persista, abra Conexões de Rede no Painel de Controle, clique com o botão direito do mouse sobre a sua conexão com a internet e em "Reparar";

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Então velho mais eu tenhu que desabilitar o anti virus né ?

Ai tá o problema.

O meu computador veio com o norton e a assinatura expirou e eu não consigo desabilitar ele nem desinstalar , e agora oque faço ?

se puder adc no msn kaka_lhp3@hotmail.com

Ou responda por aqui mesmo.

Grato ;D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Então velho mais eu tenhu que desabilitar o anti virus né ?

No caso é para você desabilitar temporariamente o antivirus que está ativo em seu PC no momento. Se não for possível desabilitar o Norton, desabilite temporariamente o Avast que também está ativo no seu PC.

 

E poste os novos logs para que sejam analizados.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 09-08-06.01 - Kaique 07/08/2009 22:36.1.1 - NTFSx86

Microsoft® Windows Vista™ Starter 6.0.6000.0.1252.55.1046.18.503.60 [GMT -3:00]

Executando de: c:\users\Kaique\Pictures\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090707-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: avast! antivirus 4.8.1335 [VPS 090707-0] *disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-2910466638-3441421308-3930598225-500

c:\$recycle.bin\S-1-5-21-522821090-2830918792-1459007492-500

c:\$recycle.bin\S-1-5-21-642258427-2351016700-3776499667-500

c:\programdata\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger .lnk

c:\windows\Installer\4369f.msi

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_ILVMONEYDRIVER53

-------\Legacy_OREANS32

-------\Service_IlvMoneyDRIVER53

-------\Service_oreans32

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-08 to 2009-08-08 ))))))))))))))))))))))))))))

.

 

2010-05-22 19:17 . 2010-05-22 19:17 -------- d-----w- c:\program files\RadixCheats

2010-05-22 17:31 . 2010-05-22 17:31 -------- d-----w- c:\windows\PCHEALTH

2010-05-22 17:22 . 2008-10-19 02:34 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2010-05-22 17:22 . 2008-10-19 02:43 -------- d-----w- c:\program files\Windows Live

2010-05-22 17:21 . 2008-10-19 02:29 -------- d-----w- c:\programdata\WLInstaller

2010-05-22 13:42 . 2008-05-13 03:27 685424 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\idsxpx86.dll

2010-05-22 13:42 . 2008-05-13 03:27 359472 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\IDSviA64.sys

2010-05-22 13:42 . 2008-05-13 03:27 261680 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\IDSvix86.sys

2010-05-22 13:42 . 2008-05-13 03:27 240496 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\symidsco.sys

2010-05-22 13:42 . 2008-05-13 03:27 173424 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\SymIDSI.dll

2010-05-22 13:42 . 2008-05-13 03:27 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\ids9xx86.dll

2010-05-21 12:02 . 2008-07-30 20:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys

2010-05-20 19:18 . 2010-05-20 19:25 -------- d-----w- c:\users\Kaique\AppData\Roaming\Hamachi

2010-05-20 19:16 . 2010-05-20 19:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2010-05-20 07:07 . 2010-05-20 15:53 -------- d-----w- c:\program files\Webzen

2010-05-20 03:32 . 2009-03-31 02:14 -------- d-----w- c:\users\Kaique\AppData\Local\ApplicationHistory

2009-08-08 02:01 . 2009-08-08 02:08 -------- d-----w- c:\users\Kaique\AppData\Local\temp

2009-08-08 02:01 . 2009-08-08 02:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-08 02:01 . 2009-08-08 02:01 -------- d-----w- c:\users\Lolzin\AppData\Local\temp

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\users\Kaique\AppData\Roaming\Malwarebytes

2009-08-07 02:34 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\programdata\Malwarebytes

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-07 02:34 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-06 19:32 . 2009-08-06 19:32 -------- d-----w- c:\program files\Ask Search Assistant

2009-08-05 20:55 . 2009-02-05 22:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-05 20:55 . 2009-02-05 22:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-05 20:54 . 2009-02-05 22:04 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-05 20:54 . 2009-02-05 22:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-05 20:54 . 2009-02-05 22:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-05 20:53 . 2009-02-05 22:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-05 20:53 . 2009-02-05 22:06 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-08-05 20:53 . 2009-08-05 20:53 -------- d-----w- c:\program files\Alwil Software

2009-08-03 06:09 . 2009-08-03 06:10 -------- d-----w- c:\users\Kaique\AppData\Roaming\Screaming Bee

2009-08-03 06:07 . 2009-08-03 06:09 -------- d-----w- c:\programdata\Screaming Bee

2009-08-03 06:07 . 2009-08-03 06:07 -------- d-----w- c:\program files\Screaming Bee

2009-08-01 05:49 . 2009-08-01 05:50 -------- d-----w- c:\users\Kaique\Brasfoot2009

2009-07-28 17:09 . 2009-07-21 21:52 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-28 17:08 . 2009-07-21 20:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-28 17:08 . 2009-07-21 21:47 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-28 17:08 . 2009-07-21 21:47 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-25 04:25 . 2009-07-25 04:25 -------- d-----w- c:\program files\MultiDesktop Manager

2009-07-25 04:16 . 2009-07-31 23:55 -------- d-----w- c:\program files\Multi Desktop

2009-07-18 01:59 . 2009-07-18 03:36 -------- d-----w- c:\program files\Panda Security

2009-07-18 01:49 . 2009-07-18 03:37 -------- d-----w- c:\programdata\Norton

2009-07-18 01:49 . 2009-07-18 01:49 -------- d-----w- c:\programdata\NortonInstaller

2009-07-15 18:57 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll

2009-07-15 18:57 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll

2009-07-15 18:57 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-15 18:57 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-15 18:57 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-07-15 18:57 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll

2009-07-15 04:26 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll

2009-07-15 04:26 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2009-07-15 04:26 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe

2009-07-15 04:26 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll

2009-07-15 04:26 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2009-07-15 04:26 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2009-07-15 04:26 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe

2009-07-15 03:34 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll

2009-07-15 03:34 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll

2009-07-15 03:34 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll

2009-07-15 03:34 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll

2009-07-15 03:33 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll

2009-07-15 03:19 . 2009-03-08 11:33 107520 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2009-07-15 03:19 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2009-07-15 03:19 . 2009-03-08 11:32 169472 ----a-w- c:\windows\system32\iexpress.exe

2009-07-15 03:19 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe

2009-07-15 03:19 . 2009-03-08 11:33 109568 ----a-w- c:\windows\system32\PDMSetup.exe

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-08 02:11 . 2008-11-07 18:07 -------- d-----w- c:\program files\Steam

2009-08-07 17:51 . 2007-10-05 21:18 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-07 17:25 . 2007-10-05 21:19 -------- d-----w- c:\programdata\Symantec

2009-08-07 05:23 . 2008-08-11 17:01 -------- d-----w- c:\program files\Valve

2009-08-06 22:35 . 2008-11-29 23:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-08-06 19:45 . 2007-10-05 21:19 -------- d-----w- c:\program files\Symantec

2009-08-06 19:32 . 2008-05-24 17:50 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-31 07:28 . 2007-10-06 01:02 84154 ----a-w- c:\windows\system32\prfc0416.dat

2009-07-31 07:28 . 2007-10-06 01:02 490140 ----a-w- c:\windows\system32\prfh0416.dat

2009-07-31 00:50 . 2008-11-07 18:55 -------- d-----w- c:\program files\sXe Injected

2009-07-27 19:36 . 2008-11-03 19:06 680 ----a-w- c:\users\Kaique\AppData\Local\d3d9caps.dat

2009-07-20 22:11 . 2008-05-30 16:36 -------- d-----w- c:\program files\Counter-Strike 1.6

2009-07-18 03:40 . 2009-06-23 01:23 -------- d-----w- c:\program files\Astral Masters

2009-07-16 06:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-07-02 17:01 . 2008-11-07 18:08 -------- d-----w- c:\program files\Common Files\Steam

2009-06-26 00:37 . 2009-06-26 00:37 231872 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2989.exe

2009-06-26 00:37 . 2009-06-26 00:37 -------- d-----w- c:\program files\Easy Gif Animator Extension

2009-06-26 00:36 . 2009-06-26 00:36 -------- d-----w- c:\program files\Easy GIF Animator

2009-06-24 16:34 . 2008-04-12 00:13 -------- d-----w- c:\program files\OnGame

2009-06-10 16:59 . 2009-05-12 23:39 -------- d-----w- c:\program files\Google

2009-06-10 06:18 . 2007-10-05 21:13 -------- d-----w- c:\program files\Microsoft Works

2009-05-15 01:10 . 2009-05-15 01:10 15240 ----a-w- c:\users\Kaique\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

2007-10-06 01:23 . 2007-10-06 01:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]

"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"JuniorEngineCheck"="c:\arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" [X]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-06 1006264]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-07-03 94208]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"ZSSnp211"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]

"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-25 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]

"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MultiDesktop Manager.lnk - c:\program files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe [2002-12-31 221184]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5BB25582-2A88-4BAB-9543-D9D6EF86F1D1}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox

"{FFA3B6AE-8305-40EC-90C4-388A874B2D2A}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox

"{CC397B07-88B5-49AC-BA26-3052629A2516}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{D98641DE-5D34-4D15-9505-1BB5BD0D2F9B}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{96532971-BD2C-42AD-9796-FA1D4BA838D4}"= TCP:27015:Counter Strike

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DisableNotifications"= 1 (0x1)

 

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [05/08/2009 17:54 114768]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080521.001\IDSvix86.sys [22/05/2010 10:42 261680]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [05/08/2009 17:54 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [05/08/2009 17:53 51792]

R3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\System32\drivers\alcan5ln.sys [11/04/2008 19:08 36048]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [09/01/2007 04:32 38200]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/11/2006 07:25 167936]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [22/11/2008 12:53 23064]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\System32\drivers\w300obex.sys [15/04/2008 22:30 85696]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - COMHOST

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-07 c:\windows\Tasks\User_Feed_Synchronization-{15DD3D4E-BB02-4615-8650-3E6E269EE66B}.job

- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]

.

- - - - ORFÃOS REMOVIDOS - - - -

 

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

HKCU-Run-Multi Desktop 3.00 - c:\program files\Multi Desktop\MultiDesk.exe

HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

 

 

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.plusnetwork.com

LSP: c:\windows\system32\wpclsp.dll

TCP: {B6DD019A-675B-49E6-B7F1-8B38147DA8C0} = 200.204.0.10 200.204.0.138

FF - ProfilePath - c:\users\Kaique\AppData\Roaming\Mozilla\Firefox\Profiles\5d2g18cf.default\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-07 23:08

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(1772)

c:\windows\system32\igfxpph.dll

c:\windows\system32\hccutils.DLL

c:\windows\system32\igfxrPTB.lrc

c:\windows\system32\igfxress.dll

c:\windows\system32\igfxsrvc.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\windows\System32\conime.exe

c:\windows\System32\schtasks.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

c:\windows\System32\lpremove.exe

c:\windows\System32\RacAgent.exe

c:\windows\System32\lpksetup.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-08-08 23:35 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-08-08 02:34

 

Pré-execução: 99.322.351.616 bytes disponíveis

Pós execução: 101.927.120.896 bytes disponíveis

 

327 --- E O F --- 2009-08-07 04:37

 

 

 

-------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:59, on 07/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\system32\schtasks.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\Explorer.exe

C:\Program Files\Ares\Ares.exe

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [JuniorEngineCheck] "C:\Arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" /DeleteKey

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - Global Startup: MultiDesktop Manager.lnk = C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9601 bytes

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:44:59, on 07/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\system32\schtasks.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\Explorer.exe

C:\Program Files\Ares\Ares.exe

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [JuniorEngineCheck] "C:\Arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" /DeleteKey

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - Global Startup: MultiDesktop Manager.lnk = C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9601 bytes

 

 

Ai está os 2 logs.

Porem ainda não consigo abrir nenhum navegador.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download de ToolBar S&D

*Salve-o no desktop (área de trabalho).

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

*Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

*Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

*Terminando, o relatório estará em C:\ToolBar SD\TB_1.txt

__________________________________________________________________________

 

:seta: Faça o download do VundoFix:

http://www.atribune.org/ccount/click.php?id=4

 

* Salve-o no Desktop (área de trabalho)

* Execute o VundoFix.exe

* Quando o VundoFix abrir novamente, clique em Scan for Vundo.

* Quando ele terminar, clique em Remove Vundo.

* Você receberá um prompt perguntando se quer remover os arquivos. Confirme!

* Sua área de trabalho vai desaparecer por alguns momentos, não se preocupe, isto é normal.

* Surgirá um aviso dizendo que seu computador deve ser desligado.

* Clique em OK e depois,ligue o computador novamente!

* É possível que o VundoFix encontre um arquivo, mas não consiga removê-lo. Se isso acontecer, a ferramenta rodará ao reiniciar.

* Quando o VundoFix aparecer, clique no botão Scan for Vundo para repetir o processo.

* Quando o VundoFix não encontrar mais nenhum arquivo,que não consiga remover, o seu relatório ( Log ) se encontrará em C:\Vundofix.txt

__________________________________________________________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do SDFix:

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

 

Salve-o em sua Área de Trabalho (desktop).

 

Dê um duplo clique no SDFix.exe e a Ferramenta será instalada geralmente em C:\SDFix

 

Reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e selecione a opção de Modo Seguro ou Modo de Segurança;

 

Entre na pasta SDFix que foi instalada no seu computador e dê um duplo clique no arquivo RunThis.bat

 

Tecle Y para que a Ferramenta inicie o processo de remoção.

 

Quando tudo terminar, você verá um aviso dizendo para apertar qualquer tecla para continuar.

 

Ao pressionar qualquer tecla, o computador será reiniciado automaticamente.

 

Após reiniciar, a Ferramenta ainda será executada novamente e irá terminar o seu trabalho, e ao surgir "The FixTool has finished", pressione qualquer tecla, uma janela com o Relatório do SDFix irá aparecer.

 

Caso você tenha fechado a janela, uma cópia do Relatório estará na pasta SDFix com o nome Report.txt.

 

Poste este relatório do SDFix na sua próxima resposta juntamente com o log do Vundofix que se encontrará em C:\Vundofix.txt e o log que se encontrará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis e nos diga como está o seu computador depois de seguir estes procedimentos. Ficamos no aguardo.

 

Depois de usar o SDFix, delete a ferramenta SDFix e a pasta C:\SDFix.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom o vundo fix não achou nenhum arquivo infectado.

o SDfix não funcionou , eu abria ele fexava sozinho.

 

 

 

 

E aqui está o novo log do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 03:54:48, on 12/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\Ares\Ares.exe

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe"

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [JuniorEngineCheck] "C:\Arquivos de programas\RadixCheats\Radix Engine 1.0\JuniorEngineCheck" /DeleteKey

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - Global Startup: MultiDesktop Manager.lnk = C:\Program Files\MultiDesktop Manager\MegaScale MultiDesktop Manager.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 9840 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

o SDfix não funcionou , eu abria ele fexava sozinho.

Foi mal pelo meu esquecimento, é que o Sdfix não funciona no Windows Vista.

______________________________________________________________________

 

Aparentemente você não executou esta etapa, execute-a por gentileza:

 

:seta: Vá no menu: Inicar > Painel de Controle > Programas > Programas e recursos > e desinstale: Local_Strike

_____________________________________________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download de ToolBar S&D

*Salve-o no desktop (área de trabalho).

*Reinicie o PC em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança).

*Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

*Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

*Terminando, poste o relatório que estará em C:\ToolBar SD\TB_1.txt

____________________________________________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.

 

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

___________________________________________________________________

 

:seta: Há vários programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

__________________________________________________________________

 

:seta: Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online juntamente com o log que estará em C:\ToolBar SD\TB_1.txt e um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe-me pela demora.

 

Bom eu não consegui executar o Nod32 pois quando eu clicava para fazer a scan abria uma nova pagina no internet explore e não aparecia o link para copiar.

 

O log do ToolbarSD

 

 

----------\\ ToolBar S&D 1.2.8 XP/Vista

 

Microsoft® Windows Vista™ Starter ( v6.0.6000 )

X86-based PC ( Multiprocessor Free : Intel® Celeron® CPU 420 @ 1.60GHz )

BIOS : v5.10

USER : Kaique ( Not Administrator ! )

BOOT : Fail-safe boot

Antivirus : Norton Internet Security 2007 (Not Activated)

Firewall : Norton Internet Security 2007 (Activated)

C:\ (Local Disk) - NTFS - Total:142 Go (Free:96 Go)

D:\ (Local Disk) - NTFS - Total:6 Go (Free:0 Go)

E:\ (CD or DVD)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (USB)

 

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [2] ( 21/08/2009|17:16 )

 

[ UAC => 1 ]

 

-----------\\ Procura por Arquivos / Ficheiros ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.plusnetwork.com"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75724"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75723"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\Windows\\System32\\blank.htm"

 

 

--------------------\\ Procurando por outras infecções

 

 

Não foram encontradas outras infecções.

 

[ UAC => 1 ]

 

 

1 - "C:\ToolBar SD\TB_1.txt" - 11/08/2009| 1:37 - Option : [2]

2 - "C:\ToolBar SD\TB_2.txt" - 21/08/2009|17:19 - Option : [2]

 

-----------\\ Verificação completa em 17:19:59,11

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom eu não consegui executar o Nod32 pois quando eu clicava para fazer a scan abria uma nova pagina no internet explore e não aparecia o link para copiar.

Sim, mas você seguiu todas estas dicas abaixo que te passei? Caso não tenha seguido ainda, siga-as por gentileza:

 

Aparentemente você não executou esta etapa, execute-a por gentileza:

 

:seta: Vá no menu: Inicar > Painel de Controle > Programas > Programas e recursos > e desinstale: Local_Strike

___________________________________________________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.

 

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

___________________________________________________________________

 

:seta: Há vários programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________________________________________

 

:seta: Siga também as dicas deste tutorial:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R3 - URLSearchHook: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.dll

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

 

O3 - Toolbar: Local Strike Toolbar - {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - C:\Program Files\Local_Strike\tbLoca.

 

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

___________________________________________________________________

 

Algumas coisas eu não encontrei e outras estão com nomes diferentes.

 

 

Log do Kapersky

 

Scan

----

Scanned: 837214

Detected: 2

Untreated: 0

Start time: 25/08/2009 21:01:14

Duration: 09:30:54

Finish time: 26/08/2009 06:32:08

 

 

Detected

--------

Status Object

------ ------

deleted: Trojan program Backdoor.Win32.Small.hgn File: C:\Program Files\sXe Injected\sXeInjected_7.0.exe

deleted: Trojan program Trojan.Win32.Pasta.als File: C:\Users\Kaique\Downloads\setup-4.8.1.exe

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

25/08/2009 21:57:29 File: C:\Program Files\sXe Injected\sXeInjected_7.0.exe detected Trojan program 'Backdoor.Win32.Small.hgn'

25/08/2009 21:57:29 File: C:\Program Files\sXe Injected\sXeInjected_7.0.exe not disinfected postponed

25/08/2009 23:15:42 File: C:\Users\Kaique\Downloads\setup-4.8.1.exe detected Trojan program 'Trojan.Win32.Pasta.als'

25/08/2009 23:15:42 File: C:\Users\Kaique\Downloads\setup-4.8.1.exe not disinfected postponed

26/08/2009 02:15:17 File: C:\Program Files\sXe Injected\sXeInjected_7.0.exe detected Trojan program 'Backdoor.Win32.Small.hgn'

26/08/2009 02:15:17 File: C:\Program Files\sXe Injected\sXeInjected_7.0.exe not disinfected postponed

26/08/2009 02:54:12 File: C:\Users\Kaique\Downloads\setup-4.8.1.exe detected Trojan program 'Trojan.Win32.Pasta.als'

26/08/2009 02:54:13 File: C:\Users\Kaique\Downloads\setup-4.8.1.exe not disinfected postponed

26/08/2009 05:08:37 File: c:\program files\sxe injected\sxeinjected_7.0.exe detected Trojan program 'Backdoor.Win32.Small.hgn'

26/08/2009 06:31:54 File: c:\program files\sxe injected\sxeinjected_7.0.exe deleted

26/08/2009 06:31:58 File: c:\users\kaique\downloads\setup-4.8.1.exe detected Trojan program 'Trojan.Win32.Pasta.als'

26/08/2009 06:32:07 File: c:\users\kaique\downloads\setup-4.8.1.exe deleted

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

 

Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:31:47, on 26/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\ZSSnp211.exe

C:\Windows\Domino.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Ares\Ares.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Startup: is-894DR.lnk = C:\Users\Kaique\Desktop\Virus Removal Tool\is-894DR\startup.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B6DD019A-675B-49E6-B7F1-8B38147DA8C0}: NameServer = 200.204.0.10 200.204.0.138

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 8274 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:thumbsup: Mais dois problemas foram removidos pelo Kaspersky Virus Removal Tool, pode desinstalá-lo do seu PC.

___________________________________

 

:seta: Você está usando dois antivirus em seu PC (Norton e Avast) e seria importante desinstalar um deles, pois mais de um antivírus pode gerar conflito entre eles e prejudicar o funcionamento de seu PC.

___________________________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

___________________________________

 

:seta: Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Siga também, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Spyware Doctor:

 

Tutorial do Spyware Doctor Starter Edition

 

Na sua próxima resposta poste este log do Spyware Doctor juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

 

Bom não foi possivel executar o Spyware Doctor Starter Edition , pelo motivo que precisa fazer uma atualização e ele não consegue se conectar e não atualiza.

 

E os programas desnecessários eu já os desabilitei ..

Compartilhar este post


Link para o post
Compartilhar em outros sites
O meu computador veio com o norton e a assinatura expirou e eu não consigo desabilitar ele nem desinstalar , e agora oque faço ?

:seta: Para desinstalar o Norton use este desinstalador dele:

http://www.baixaki.com.br/download/norton-removal-tool.htm

_____________________________________________________

 

:seta: Vá no menu: Iniciar > Painel de Controle > Programas > Programas e Recursos > Selecione o programa Ask Search Assistant e clique em Desinstalar > aí é só ir seguindo os passos que o desinstalador dele vai te passando.

_____________________________________________________

 

:seta: Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt

 

Folder::

c:\program files\Ask Search Assistant

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000000

"InternetSettingsDisableNotify"=dword:00000000

"AutoUpdateDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DisableNotifications"= 0 (0x1)

 

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

 

cfscript.gif

 

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

 

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

 

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt

_____________________________________________________

 

Faça também o seguinte:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

• Faça o download do Superantispyware;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.

• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.

• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização

• Surgirá mais uma tela, clique no botão Avançar >Avançar >Avançar > - Avançar >Concluir.

• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.

• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.

• Execute o SuperAntispyware e clique em: Escaneia seu PC...

• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;

• Marque a opção Faz Escaneamento Completo;

• Clique em Avançar. Aguarde!

• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.

• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.

• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com o log do Combofix que estará em C:\ComboFix.txt e um novo log do Hijackthis para que eles possam ser analizados.

• Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Para desinstalar o Norton use este desinstalador dele:

http://www.baixaki.c...emoval-tool.htm

Esse desinstalador está desatualizado e eu não consegui baixar sua atualização..

 

Vou mandar os 3 logs ..

 

ComboFix ..

 

ComboFix 09-08-06.01 - Kaique 31/08/2009 12:53.2.1 - NTFSx86

Microsoft® Windows Vista™ Starter 6.0.6000.0.1252.55.1046.18.503.110 [GMT -3:00]

Executando de: c:\users\Kaique\Pictures\ComboFix.exe

Comandos utilizados :: c:\users\Kaique\Desktop\CFScript.txt

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}

SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-31 ))))))))))))))))))))))))))))

.

 

2010-05-22 17:31 . 2010-05-22 17:31 -------- d-----w- c:\windows\PCHEALTH

2010-05-22 17:22 . 2008-10-19 02:34 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller

2010-05-22 17:22 . 2008-10-19 02:43 -------- d-----w- c:\program files\Windows Live

2010-05-22 17:21 . 2008-10-19 02:29 -------- d-----w- c:\programdata\WLInstaller

2010-05-22 13:42 . 2008-05-13 03:27 685424 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\idsxpx86.dll

2010-05-22 13:42 . 2008-05-13 03:27 359472 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\IDSviA64.sys

2010-05-22 13:42 . 2008-05-13 03:27 261680 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\IDSvix86.sys

2010-05-22 13:42 . 2008-05-13 03:27 240496 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\symidsco.sys

2010-05-22 13:42 . 2008-05-13 03:27 173424 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\SymIDSI.dll

2010-05-22 13:42 . 2008-05-13 03:27 157120 ----a-w- c:\programdata\Symantec\Definitions\SymcData\idsdefs\20080521.001\ids9xx86.dll

2010-05-21 12:02 . 2008-07-30 20:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys

2010-05-20 19:18 . 2010-05-20 19:25 -------- d-----w- c:\users\Kaique\AppData\Roaming\Hamachi

2010-05-20 19:16 . 2010-05-20 19:16 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2010-05-20 07:07 . 2010-05-20 15:53 -------- d-----w- c:\program files\Webzen

2010-05-20 03:32 . 2009-03-31 02:14 -------- d-----w- c:\users\Kaique\AppData\Local\ApplicationHistory

2009-08-31 15:56 . 2009-08-31 15:57 -------- d-----w- c:\users\Kaique\AppData\Local\temp

2009-08-31 15:56 . 2009-08-31 15:56 -------- d-----w- c:\users\Public\AppData\Local\temp

2009-08-31 15:56 . 2009-08-31 15:56 -------- d-----w- c:\users\Lolzin\AppData\Local\temp

2009-08-31 15:56 . 2009-08-31 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-08-29 17:00 . 2009-08-31 15:41 -------- d-----w- c:\users\Kaique\AppData\Roaming\Skype

2009-08-29 16:58 . 2009-08-29 16:58 -------- d-----w- c:\program files\Common Files\Skype

2009-08-29 16:58 . 2009-08-29 16:58 -------- d-----r- c:\program files\Skype

2009-08-29 13:35 . 2009-08-29 15:01 -------- d-----w- c:\program files\OnGame

2009-08-29 12:13 . 2008-12-11 11:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-08-29 12:13 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-08-29 12:13 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-08-29 12:12 . 2009-08-29 12:16 -------- d-----w- c:\program files\Common Files\PC Tools

2009-08-29 12:12 . 2008-12-10 14:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2009-08-29 12:12 . 2009-08-29 12:16 -------- d-----w- c:\program files\Spyware Doctor

2009-08-29 12:12 . 2009-08-29 12:12 -------- d-----w- c:\users\Kaique\AppData\Roaming\PC Tools

2009-08-29 12:12 . 2009-08-29 12:12 -------- d-----w- c:\programdata\PC Tools

2009-08-29 01:31 . 2009-08-29 01:31 -------- d-----w- c:\program files\VS Revo Group

2009-08-28 20:09 . 2009-08-28 20:09 -------- d-----w- c:\users\Lolzin\AppData\Local\Mozilla

2009-08-28 14:31 . 2009-08-29 02:51 -------- d-----w- c:\users\Kaique\Extrair

2009-08-26 09:38 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll

2009-08-26 08:06 . 2009-06-05 12:30 1686016 ----a-w- c:\windows\system32\gameux.dll

2009-08-26 08:06 . 2009-06-05 12:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-26 08:06 . 2009-06-05 08:44 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-25 22:47 . 2009-08-25 22:47 -------- d-----w- c:\programdata\is-894DR

2009-08-25 22:46 . 2009-08-28 20:26 106930208 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-08-25 22:08 . 2009-08-25 22:08 -------- d-----w- c:\program files\Ares

2009-08-23 14:52 . 2009-08-23 14:52 -------- d-----w- c:\program files\CCleaner

2009-08-11 23:38 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll

2009-08-11 23:38 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll

2009-08-11 23:38 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll

2009-08-11 23:38 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll

2009-08-11 23:38 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll

2009-08-11 23:37 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll

2009-08-11 23:37 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll

2009-08-11 23:37 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll

2009-08-11 23:37 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll

2009-08-11 23:37 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll

2009-08-11 23:37 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll

2009-08-11 23:37 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll

2009-08-11 23:37 . 2009-07-14 13:00 7680 ----a-w- c:\windows\system32\spwmp.dll

2009-08-11 23:37 . 2009-07-14 13:01 4096 ----a-w- c:\windows\system32\dxmasf.dll

2009-08-11 23:37 . 2009-07-14 11:11 8147968 ----a-w- c:\windows\system32\wmploc.DLL

2009-08-11 04:51 . 2009-08-11 04:51 -------- d-----w- C:\VundoFix Backups

2009-08-11 04:33 . 2009-08-21 20:19 -------- d-----w- C:\ToolBar SD

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\users\Kaique\AppData\Roaming\Malwarebytes

2009-08-07 02:34 . 2009-08-03 16:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\programdata\Malwarebytes

2009-08-07 02:34 . 2009-08-07 02:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-07 02:34 . 2009-08-03 16:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-05 20:53 . 2009-08-05 20:53 -------- d-----w- c:\program files\Alwil Software

2009-08-03 06:09 . 2009-08-03 06:10 -------- d-----w- c:\users\Kaique\AppData\Roaming\Screaming Bee

2009-08-03 06:07 . 2009-08-03 06:09 -------- d-----w- c:\programdata\Screaming Bee

2009-08-03 06:07 . 2009-08-03 06:07 -------- d-----w- c:\program files\Screaming Bee

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-31 15:33 . 2008-11-07 18:07 -------- d-----w- c:\program files\Steam

2009-08-31 15:32 . 2009-03-26 12:37 -------- d-----w- c:\users\Kaique\AppData\Roaming\skypePM

2009-08-30 22:05 . 2008-11-07 18:08 -------- d-----w- c:\program files\Common Files\Steam

2009-08-29 16:58 . 2009-03-26 12:28 -------- d-----w- c:\programdata\Skype

2009-08-28 20:26 . 2009-08-25 22:46 1255208 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-08-27 13:49 . 2008-11-03 19:06 680 ----a-w- c:\users\Kaique\AppData\Local\d3d9caps.dat

2009-08-19 09:25 . 2007-10-06 01:02 84154 ----a-w- c:\windows\system32\prfc0416.dat

2009-08-19 09:25 . 2007-10-06 01:02 490140 ----a-w- c:\windows\system32\prfh0416.dat

2009-08-18 00:34 . 2008-11-29 23:55 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2009-08-12 06:11 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-08-11 01:29 . 2008-08-11 17:01 -------- d-----w- c:\program files\Valve

2009-08-07 17:51 . 2007-10-05 21:18 -------- d-----w- c:\program files\Common Files\Symantec Shared

2009-08-07 17:25 . 2007-10-05 21:19 -------- d-----w- c:\programdata\Symantec

2009-08-06 19:32 . 2008-05-24 17:50 -------- d-----w- c:\program files\Messenger Plus! Live

2009-07-31 23:55 . 2009-07-25 04:16 -------- d-----w- c:\program files\Multi Desktop

2009-07-25 04:25 . 2009-07-25 04:25 -------- d-----w- c:\program files\MultiDesktop Manager

2009-07-21 21:52 . 2009-07-28 17:09 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-21 21:47 . 2009-07-28 17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-07-21 21:47 . 2009-07-28 17:08 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-07-21 20:13 . 2009-07-28 17:08 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-07-20 22:11 . 2008-05-30 16:36 -------- d-----w- c:\program files\Counter-Strike 1.6

2009-07-18 03:40 . 2009-06-23 01:23 -------- d-----w- c:\program files\Astral Masters

2009-07-18 03:37 . 2009-07-18 01:49 -------- d-----w- c:\programdata\Norton

2009-07-18 01:49 . 2009-07-18 01:49 -------- d-----w- c:\programdata\NortonInstaller

2009-06-26 00:37 . 2009-06-26 00:37 231872 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2989.exe

2009-06-15 15:29 . 2009-07-15 18:57 156160 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 15:23 . 2009-07-15 18:57 24064 ----a-w- c:\windows\system32\lpk.dll

2009-06-15 15:22 . 2009-07-15 18:57 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 15:21 . 2009-07-15 18:57 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-06-15 15:20 . 2009-07-15 18:57 34304 ----a-w- c:\windows\system32\atmlib.dll

2009-06-15 13:03 . 2009-07-15 18:57 289792 ----a-w- c:\windows\system32\atmfd.dll

2007-10-06 01:23 . 2007-10-06 01:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( SnapShot@2009-08-08_02.08.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-11 23:37 . 2009-06-10 11:44 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvidc32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:44 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msrle32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:44 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:42 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avifil32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:42 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\avicap32.dll

+ 2009-08-11 23:37 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:38 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avifil32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:58 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvidc32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:57 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msrle32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:56 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:52 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avifil32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:52 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\avicap32.dll

+ 2009-08-11 23:37 . 2008-01-19 07:35 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:07 91136 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avifil32.dll

+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:03 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvidc32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:03 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msrle32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:00 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:57 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avifil32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:57 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\avicap32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:10 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvidc32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:09 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msrle32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:07 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\mciavi32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:04 88576 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avifil32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:04 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\avicap32.dll

+ 2009-08-11 23:38 . 2009-06-04 10:52 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\tsgqec.dll

+ 2009-08-11 23:38 . 2009-04-11 06:28 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\tsgqec.dll

+ 2009-08-11 23:38 . 2009-06-04 12:35 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\tsgqec.dll

+ 2009-08-11 23:38 . 2008-01-19 07:36 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll

+ 2009-08-11 23:38 . 2009-06-04 12:34 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\tsgqec.dll

+ 2009-08-11 23:38 . 2009-06-04 12:47 36352 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\tsgqec.dll

+ 2009-08-26 09:37 . 2009-06-22 10:13 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22155_none_17865cb11ffa07ae\tzupd.exe

+ 2008-08-15 15:53 . 2008-01-19 07:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18054_none_16fbbf9c06dd4e8d\tzupd.exe

+ 2009-08-26 09:37 . 2009-06-22 10:26 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22454_none_159eea7f22d49933\tzupd.exe

+ 2008-08-15 15:53 . 2008-01-19 07:33 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18275_none_1500ac4009c64d7b\tzupd.exe

+ 2009-08-26 09:37 . 2009-06-22 10:21 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21070_none_139ee11525c210e3\tzupd.exe

+ 2009-08-26 09:37 . 2009-06-22 10:30 18944 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16873_none_13186d060ca189dc\tzupd.exe

+ 2009-08-11 23:38 . 2009-07-17 14:15 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.22179_none_ad4da751702700f0\atl.dll

+ 2009-08-11 23:38 . 2009-07-17 13:54 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6002.18070_none_acbb07ec57117d17\atl.dll

+ 2009-08-11 23:38 . 2009-07-17 14:24 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.22474_none_ab6233f773052d19\atl.dll

+ 2009-08-11 23:38 . 2009-07-17 14:35 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\atl.dll

+ 2009-08-11 23:38 . 2009-07-17 14:39 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.21088_none_a974fcc975e35390\atl.dll

+ 2009-08-11 23:38 . 2009-07-17 14:52 71680 c:\windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6000.16889_none_a8ec88265cc499db\atl.dll

+ 2009-08-26 08:06 . 2009-06-05 09:43 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22147_none_844db081772163a0\Apphlpdm.dll

+ 2009-08-26 08:06 . 2009-06-05 09:40 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18046_none_83c3136c5e04aa7f\Apphlpdm.dll

+ 2009-08-26 08:06 . 2009-06-05 12:18 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22444_none_82643dbb79fdc277\Apphlpdm.dll

+ 2009-08-26 08:06 . 2009-06-05 12:34 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18267_none_81c8001060eda96d\Apphlpdm.dll

+ 2009-08-26 08:06 . 2009-06-05 12:12 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21062_none_806634e57ce96cd5\Apphlpdm.dll

+ 2009-08-26 08:06 . 2009-06-05 12:28 28672 c:\windows\winsxs\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16866_none_7fe0c12063c7ff25\Apphlpdm.dll

+ 2007-10-05 20:57 . 2009-08-31 15:32 47044 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:09 . 2009-08-31 15:33 78340 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-04-11 22:45 . 2009-08-30 22:33 11028 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-522821090-2830918792-1459007492-1000_UserData.bin

- 2008-04-11 21:54 . 2009-08-08 00:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2008-04-11 21:54 . 2009-08-31 15:55 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2008-04-11 21:54 . 2009-08-08 00:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2008-04-11 21:54 . 2009-08-31 15:55 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-08-26 09:37 . 2009-06-22 10:30 18944 c:\windows\servicing\GC32\tzupd.exe

- 2008-12-12 14:16 . 2008-10-22 03:43 18944 c:\windows\servicing\GC32\tzupd.exe

+ 2009-08-11 23:37 . 2009-07-15 12:46 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-15 12:46 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\dxmasf.dll

+ 2009-08-11 23:37 . 2009-07-15 12:39 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-15 12:39 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\dxmasf.dll

+ 2009-08-11 23:37 . 2009-07-15 14:51 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-15 14:51 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\dxmasf.dll

+ 2009-08-11 23:37 . 2009-07-14 12:58 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-14 12:59 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\dxmasf.dll

+ 2009-08-11 23:37 . 2009-07-15 14:42 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-15 14:43 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\dxmasf.dll

+ 2009-08-11 23:37 . 2009-07-14 13:00 7680 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\spwmp.dll

+ 2009-08-11 23:37 . 2009-07-14 13:01 4096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\dxmasf.dll

+ 2009-08-26 09:38 . 2009-06-22 10:13 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22155_none_17865cb11ffa07ae\tzres.dll

+ 2009-08-26 09:38 . 2009-06-22 10:09 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18054_none_16fbbf9c06dd4e8d\tzres.dll

+ 2009-08-26 09:38 . 2009-06-22 10:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22454_none_159eea7f22d49933\tzres.dll

+ 2009-08-26 09:38 . 2009-06-22 10:22 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18275_none_1500ac4009c64d7b\tzres.dll

+ 2009-08-26 09:38 . 2009-06-22 08:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.21070_none_139ee11525c210e3\tzres.dll

+ 2009-08-26 09:38 . 2009-06-22 08:44 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6000.16873_none_13186d060ca189dc\tzres.dll

+ 2009-08-26 08:06 . 2009-06-05 09:48 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22147_none_0e6e0ee508aa7955\AcRes.dll

+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034\AcRes.dll

+ 2009-08-26 08:06 . 2009-06-05 10:01 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22444_none_0c849c1f0b86d82c\AcRes.dll

+ 2008-05-27 17:04 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22\AcRes.dll

+ 2009-08-26 08:06 . 2009-06-05 08:24 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21062_none_0a8693490e72828a\AcRes.dll

+ 2009-08-26 08:06 . 2009-06-05 08:29 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16866_none_0a011f83f55114da\AcRes.dll

+ 2009-08-28 20:09 . 2009-08-28 20:09 9560 c:\windows\System32\networklist\icons\{A267C1AA-4209-40A2-A1D3-276292E06974}_48.bin

+ 2009-08-28 20:09 . 2009-08-28 20:09 4280 c:\windows\System32\networklist\icons\{A267C1AA-4209-40A2-A1D3-276292E06974}_32.bin

+ 2009-08-28 20:09 . 2009-08-28 20:09 2456 c:\windows\System32\networklist\icons\{A267C1AA-4209-40A2-A1D3-276292E06974}_24.bin

- 2008-12-11 12:25 . 2008-10-31 23:23 2560 c:\windows\AppPatch\AcRes.dll

+ 2009-08-26 08:06 . 2009-06-05 08:29 2560 c:\windows\AppPatch\AcRes.dll

- 2008-11-29 23:55 . 2009-08-06 22:35 2560 c:\windows\_MSRSTRT.EXE

+ 2008-11-29 23:55 . 2009-08-18 00:34 2560 c:\windows\_MSRSTRT.EXE

+ 2009-08-11 23:38 . 2009-06-10 11:46 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.22150_none_ce741cb6ed3e398c\wkssvc.dll

+ 2009-08-11 23:38 . 2009-06-10 11:42 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6002.18049_none_cdfe5271d41061e0\wkssvc.dll

+ 2009-08-11 23:38 . 2009-06-10 12:00 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.22447_none_cc9f7cc0f00979d8\wkssvc.dll

+ 2009-08-11 23:38 . 2009-06-10 12:12 160256 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\wkssvc.dll

+ 2009-08-11 23:38 . 2009-06-10 12:06 158208 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.21065_none_caa173eaf2f52436\wkssvc.dll

+ 2009-08-11 23:38 . 2009-06-10 12:16 156160 c:\windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6000.16868_none_ca1affdbd9d49d2f\wkssvc.dll

+ 2009-08-11 23:37 . 2009-06-10 11:44 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.22150_none_946bf5749f2e8c01\msvfw32.dll

+ 2009-08-11 23:37 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll

+ 2009-08-11 23:37 . 2009-06-10 11:58 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.22447_none_9297557ea1f9cc4d\msvfw32.dll

+ 2009-08-11 23:37 . 2008-01-19 07:35 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:03 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.21065_none_90994ca8a4e576ab\msvfw32.dll

+ 2009-08-11 23:37 . 2009-06-10 12:10 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6000.16868_none_9012d8998bc4efa4\msvfw32.dll

+ 2009-08-11 23:38 . 2009-06-04 12:54 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\aaclient.dll

+ 2009-08-11 23:38 . 2009-04-11 06:28 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\aaclient.dll

+ 2009-08-11 23:38 . 2009-06-04 12:29 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\aaclient.dll

+ 2009-08-11 23:38 . 2008-01-19 07:33 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll

+ 2009-08-11 23:38 . 2009-06-04 12:25 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\aaclient.dll

+ 2009-08-11 23:38 . 2009-06-04 12:36 116736 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\aaclient.dll

+ 2009-08-11 23:37 . 2009-07-15 12:46 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.22172_none_a65e88df3e466bbf\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-15 12:39 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6002.18065_none_a5e2bcde251dfc09\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-15 14:52 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.22470_none_a47616634121e3ed\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-14 13:00 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6001.18289_none_a3eaaa60280446fc\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-15 14:44 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.21083_none_a287deeb4400f10d\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-14 13:02 313344 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-wmpdxm_31bf3856ad364e35_6.0.6000.16885_none_a2006a922ae150af\wmpdxm.dll

+ 2009-08-11 23:37 . 2009-07-15 12:45 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-15 12:46 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-15 12:46 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmpconfig.exe

+ 2009-08-11 23:37 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-15 12:39 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-15 12:39 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmpconfig.exe

+ 2009-08-11 23:37 . 2009-07-15 13:05 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-15 13:06 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-15 13:06 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmpconfig.exe

+ 2009-08-11 23:37 . 2009-07-14 10:58 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-14 10:59 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-14 10:59 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmpconfig.exe

+ 2009-08-11 23:37 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-15 12:53 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-15 12:53 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmpconfig.exe

+ 2009-08-11 23:37 . 2009-07-14 11:10 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpshare.exe

+ 2009-08-11 23:37 . 2009-07-14 11:10 168960 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmplayer.exe

+ 2009-08-11 23:37 . 2009-07-14 11:11 107520 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmpconfig.exe

+ 2009-08-26 08:05 . 2009-08-06 13:45 100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288\iecompat.dll

+ 2009-08-26 08:05 . 2009-08-06 03:44 100352 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf\iecompat.dll

+ 2009-08-26 08:06 . 2009-06-05 12:11 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:11 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 11:56 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 11:56 542720 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:18 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:18 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:34 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:33 541696 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:12 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:12 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 173056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 537600 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:11 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22147_none_0e710fc308a7c55a\AcSpecfc.dll

+ 2009-08-26 08:06 . 2009-06-05 11:56 458752 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18046_none_0de672adef8b0c39\AcSpecfc.dll

+ 2009-08-26 08:06 . 2009-06-05 12:18 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22444_none_0c879cfd0b842431\AcSpecfc.dll

+ 2009-08-26 08:06 . 2009-06-05 12:33 459776 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18267_none_0beb5f51f2740b27\AcSpecfc.dll

+ 2009-08-26 08:06 . 2009-06-05 12:12 450560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21062_none_0a8994270e6fce8f\AcSpecfc.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 449024 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16866_none_0a042061f54e60df\AcSpecfc.dll

+ 2008-04-15 23:09 . 2009-08-22 17:02 348132 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2006-11-02 10:33 . 2009-07-31 07:28 594632 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-08-19 09:25 594632 c:\windows\System32\perfh009.dat

+ 2006-11-02 10:33 . 2009-08-19 09:25 104582 c:\windows\System32\perfc009.dat

- 2006-11-02 10:33 . 2009-07-31 07:28 104582 c:\windows\System32\perfc009.dat

+ 2006-11-02 12:45 . 2009-08-12 06:47 334312 c:\windows\System32\FNTCACHE.DAT

- 2006-11-02 12:45 . 2009-07-16 06:22 334312 c:\windows\System32\FNTCACHE.DAT

+ 2008-04-11 21:54 . 2009-08-31 15:55 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2008-04-11 21:54 . 2009-08-08 00:50 114688 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2006-11-02 12:46 . 2009-08-12 06:20 792605 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

- 2006-11-02 12:46 . 2009-04-17 06:32 792605 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareLicensing\tokens.dat

+ 2009-08-29 16:59 . 2009-08-29 16:59 364726 c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe

+ 2009-08-26 08:06 . 2009-06-05 12:27 173056 c:\windows\AppPatch\AcXtrnal.dll

- 2008-12-11 12:25 . 2008-11-01 03:33 173056 c:\windows\AppPatch\AcXtrnal.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 449024 c:\windows\AppPatch\AcSpecfc.dll

- 2008-12-11 12:25 . 2008-11-01 03:33 537600 c:\windows\AppPatch\AcLayers.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 537600 c:\windows\AppPatch\AcLayers.dll

+ 2009-08-11 23:38 . 2009-06-04 12:56 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.22146_none_3238de2ddc072aae\mstscax.dll

+ 2009-08-11 23:38 . 2009-06-04 12:07 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6002.18045_none_31ae4118c2ea718d\mstscax.dll

+ 2009-08-11 23:38 . 2009-06-04 12:33 2067968 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.22443_none_304f6b67dee38985\mstscax.dll

+ 2009-08-11 23:38 . 2009-06-04 12:34 2066432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\mstscax.dll

+ 2009-08-11 23:38 . 2009-06-04 12:31 1874432 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.21061_none_2e516291e1cf33e3\mstscax.dll

+ 2009-08-11 23:38 . 2009-06-04 12:43 1871872 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6000.16865_none_2dcbeeccc8adc633\mstscax.dll

+ 2009-08-11 23:37 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22179_none_f4b581af81eee730\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18070_none_f422e24a68d96357\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22474_none_f2ca0e5584cd1359\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18293_none_f229cf826bc094f3\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-02 07:47 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21088_none_f0dcd72787ab39d0\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-02 07:48 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16889_none_f05462846e8c801b\OESpamFilter.dat

+ 2009-08-11 23:37 . 2009-07-15 12:47 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmploc.DLL

+ 2009-08-11 23:37 . 2009-07-15 12:40 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmploc.DLL

+ 2009-08-11 23:37 . 2009-07-15 13:07 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmploc.DLL

+ 2009-08-11 23:37 . 2009-07-14 10:59 8147456 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmploc.DLL

+ 2009-08-11 23:37 . 2009-07-15 12:53 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmploc.DLL

+ 2009-08-11 23:37 . 2009-07-14 11:11 8147968 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmploc.DLL

+ 2009-08-26 08:06 . 2009-06-05 09:57 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03\GameUXLegacyGDFs.dll

+ 2009-08-26 08:06 . 2009-06-05 12:11 1696256 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 09:53 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2\GameUXLegacyGDFs.dll

+ 2009-08-26 08:07 . 2009-04-11 06:28 1696768 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 10:12 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda\GameUXLegacyGDFs.dll

+ 2009-08-26 08:06 . 2009-06-05 12:20 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 10:08 4240384 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0\GameUXLegacyGDFs.dll

+ 2008-05-27 17:04 . 2008-03-08 04:21 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 08:39 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838\GameUXLegacyGDFs.dll

+ 2009-08-26 08:06 . 2009-06-05 12:14 1686528 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 08:44 4247552 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88\GameUXLegacyGDFs.dll

+ 2009-08-26 08:06 . 2009-06-05 12:30 1686016 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88\gameux.dll

+ 2009-08-26 08:06 . 2009-06-05 12:11 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22147_none_0e700f7908a8ac03\AcGenral.dll

+ 2009-08-26 08:06 . 2009-06-05 11:56 2159616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18046_none_0de57263ef8bf2e2\AcGenral.dll

+ 2009-08-26 08:06 . 2009-06-05 12:18 2157056 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22444_none_0c869cb30b850ada\AcGenral.dll

+ 2009-08-26 08:06 . 2009-06-05 12:33 2153984 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18267_none_0bea5f07f274f1d0\AcGenral.dll

+ 2009-08-26 08:06 . 2009-06-05 12:12 2144768 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21062_none_0a8893dd0e70b538\AcGenral.dll

+ 2009-08-26 08:06 . 2009-06-05 12:27 2143744 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16866_none_0a032017f54f4788\AcGenral.dll

- 2006-11-02 10:22 . 2009-07-29 06:09 6029312 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2006-11-02 10:22 . 2009-08-26 13:40 6029312 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2009-08-29 16:59 . 2009-08-29 16:59 1602048 c:\windows\Installer\11417de.msi

+ 2009-08-26 08:06 . 2009-06-05 12:27 2143744 c:\windows\AppPatch\AcGenral.dll

+ 2009-08-11 23:37 . 2009-07-15 14:36 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22172_none_0d9028a465949c3d\wmp.dll

+ 2009-08-11 23:37 . 2009-07-15 14:30 10628096 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18065_none_0d145ca34c6c2c87\wmp.dll

+ 2009-08-11 23:37 . 2009-07-15 14:52 10627584 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22470_none_0ba7b6286870146b\wmp.dll

+ 2009-08-11 23:37 . 2009-07-14 13:00 10626048 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\wmp.dll

+ 2009-08-11 23:37 . 2009-07-15 14:44 10622464 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21083_none_09b97eb06b4f218b\wmp.dll

+ 2009-08-11 23:37 . 2009-07-14 13:02 10621952 c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16885_none_09320a57522f812d\wmp.dll

+ 2009-08-11 23:37 . 2009-07-14 13:02 10621952 c:\windows\System32\wmp.dll

+ 2006-11-02 10:24 . 2009-07-30 00:49 24281536 c:\windows\System32\mrt.exe

+ 2009-05-01 06:04 . 2009-08-26 09:39 165725374 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin

.

-- Snapshot resetado para data atual --

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"ares"="c:\program files\Ares\Ares.exe" [2008-02-20 963072]

"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 860672]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-06 1006264]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDFSTab"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MultiDesktop Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MultiDesktop Manager.lnk

backup=c:\windows\pss\MultiDesktop Manager.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5BB25582-2A88-4BAB-9543-D9D6EF86F1D1}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox

"{FFA3B6AE-8305-40EC-90C4-388A874B2D2A}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox

"{CC397B07-88B5-49AC-BA26-3052629A2516}"= UDP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{D98641DE-5D34-4D15-9505-1BB5BD0D2F9B}"= TCP:c:\program files\Internet Explorer\iexplore.exe:Internet Explorer

"{96532971-BD2C-42AD-9796-FA1D4BA838D4}"= TCP:27015:Counter Strike

"{1BF761C5-7848-4AD7-B259-B130E1A4B8CE}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DisableNotifications"= 1 (0x1)

 

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [29/08/2009 09:13 130936]

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080521.001\IDSvix86.sys [22/05/2010 10:42 261680]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [29/08/2009 09:12 348752]

R3 alcan5ln;Alcatel SpeedTouch USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\System32\drivers\alcan5ln.sys [11/04/2008 19:08 36048]

R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [09/01/2007 04:32 38200]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [02/11/2006 07:25 167936]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [22/11/2008 12:53 23064]

S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\System32\drivers\w300obex.sys [15/04/2008 22:30 85696]

 

--- =Outros Serviços/Drivers Na Memória ---

 

*NewlyCreated* - COMHOST

*Deregistered* - mchInjDrv

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-08-31 c:\windows\Tasks\User_Feed_Synchronization-{15DD3D4E-BB02-4615-8650-3E6E269EE66B}.job

- c:\windows\system32\msfeedssync.exe [2009-07-28 20:13]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://orkut.com/

mWindow Title =

LSP: c:\windows\system32\wpclsp.dll

FF - ProfilePath - c:\users\Kaique\AppData\Roaming\Mozilla\Firefox\Profiles\0hnobwjj.default\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-31 12:57

Windows 6.0.6000 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(2864)

c:\windows\System32\NLSData0416.dll

.

Tempo para conclusão: 2009-08-31 13:18

ComboFix-quarantined-files.txt 2009-08-31 16:18

ComboFix2.txt 2009-08-08 02:35

 

Pré-execução: 103.298.981.888 bytes disponíveis

Pós execução: 102.995.849.216 bytes disponíveis

 

507 --- E O F --- 2009-08-31 15:44

 

SuperAntiSpyware...

 

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 08/31/2009 at 10:35 PM

 

Application Version : 4.27.1002

 

Core Rules Database Version : 4040

Trace Rules Database Version: 1980

 

Scan type : Complete Scan

Total Scan Time : 00:35:26

 

Memory items scanned : 344

Memory threats detected : 0

Registry items scanned : 6647

Registry threats detected : 1

File items scanned : 25070

File threats detected : 8

 

Adware.Tracking Cookie

 

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@adserver.dialhost.com[1].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@atdmt[1].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@doubleclick[1].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@ad.adnetwork.com[1].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@adserver.dialhost.com[2].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@ad.zanox[1].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@doubleclick[2].txt

C:\Users\Kaique\AppData\Roaming\Microsoft\Windows\Cookies\kaique@ero-advertising[2].txt

 

Rogue.WebMediaViewer

HKU\S-1-5-21-522821090-2830918792-1459007492-1000\Software\WebMediaViewer

 

Hijackthis..

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:03:08, on 31/08/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\SUPERAntiSpyware.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\System32\notepad.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\Kaique\Pictures\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.0\EasyGifAnimator_Toolbar.dll

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B5B5F162-95B5-4903-A1B6-687989C79E2C}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: lxcc_device - Lexmark International, Inc. - C:\Windows\system32\lxcccoms.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 7973 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Abra o HijackThis, clique em Do a system scan only, marque a entrada abaixo e clique em Fix checked:

 

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

__________________________________________

 

Esse desinstalador está desatualizado e eu não consegui baixar sua atualização..

:seta: Baixe e instale esta versão atualizada do Norton Removal Tool e a execute para desinstalar o Norton:

http://www.4shared.com/file/129627183/757fcfbc/Norton_Removal_Tool.html

 

Obs: Quando acessar o site acima, clique no botão Download now > aguarde a contagem regressiva > Clique na opção: Click here to download this file.

__________________________________________

 

Baixe o programa ToolsCleaner:

http://pc-system.fr/TC/ToolsCleaner2.exe

Salve-o no Desktop (área de trabalho);

Feche programas que estejam abertos e execute a ferramenta.

Clique no botão Recherche para iniciar o scan. <-- Aguarde!

Terminando, teremos relacionados os itens que serão removidos.

Clique no botão Supression para remover os itens encontrados.

Clique, à seguir, em Quitter.

Poste o relatório: ( C:\TCleaner.txt ) <--

__________________________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

MV RegClean

 

MV AntiSpy

 

SpywareBlaster

 

Auslogics Disk Defrag

__________________________________________

 

Depois disto nos diga, por gentileza, como está o seu PC e se os problemas foram resolvidos.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Baixe o programa ToolsCleaner:

http://pc-system.fr/...olsCleaner2.exe

Salve-o no Desktop (área de trabalho);

Feche programas que estejam abertos e execute a ferramenta.

Clique no botão Recherche para iniciar o scan. <-- Aguarde!

Terminando, teremos relacionados os itens que serão removidos.

Clique no botão Supression para remover os itens encontrados.

Clique, à seguir, em Quitter.

Poste o relatório: ( C:\TCleaner.txt ) <--

 

Bom o ToolsCleaner trava quando é iniciado , não sei oque ocorre ..

Executei todos os outros programas e nada .

Nenhum navegador abre ainda ..

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.