cris666 0 Denunciar post Postado Agosto 28, 2009 Olá! Não consigo instalar antivirus. Eu tinha Norton mas ele parou de funcionar. Será que alguém poderia me ajudar? Só consegui baixar o "McAfee site advisor"... Além disso, as vezes aparece uma tela azul com algumas informações escritas. Porém, o conteúdo delas muda, uma vez estava escrito que ocorreu um problema na memória... Será que o virus que bloqueia a instalação do antivirus também está causando esse problema? A seguir está o log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:35:22, on 27/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Orbitdownloader\orbitdm.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Orbitdownloader\orbitnet.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Users\Owner\Desktop\imabunny.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8988 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 28, 2009 Boa Tarde! cris666 <@> Baixe: < Norton Removal Tool > <@> Execute esta tool,na remoção de resquícios do Norton. <><><><><><><><><><> <@> Baixe: < LopS&D > <@> Salve-o no Disco Local-C! <@> Instale o programa e clique em: LopSD.cmd <@> Na janela que abrir,aperte o "p" --> Aperte Enter. <@> Em outra janela,aperte a opção: 2 - Fix + Hosts --> Aperte Enter --> Aguarde! <@> Ps: Fique atento às notificações de seu antivírus,enviando os ficheiros detectados,para a quarentena. <@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt ) <><><><><><><><><><> <@> Baixe: < FindyKill > ( ...par Chiquitine29 ) <@> Salve-a em Arquivos de Programas! <@> Feche programas que estejam abertos. <@> Desabilite a proteção residente de antivírus e antispywares. <@> Ps: A detecção dessa ferramenta,por antivírus,é um falso positivo! <@> Instale a ferramenta,e aceite todas as condições pedidas. <@> Terminando;execute a ferramenta com um duplo-clique,em: C:\Arquivos de Programas\FindyKill\FindyKill.bat <@> No prompt,aperte o P. --> Enter. <-- Opção de linguas! <@> À seguir,aperte o 2. ( "Eliminar los ficheros infectados" ) <@> Aperte Enter --> O computador vai reiniciar,por duas vezes! --> Aguarde! <@> Terminando,clique em uma área vazia do prompt! --> Aperte Enter. <@> Abrir-se-à o Bloco de Notas,com o relatório: C:\FindyKill.txt <-- Rapport! <><><><><><><><><><> <@> Baixe: < DDS > ( ...by sUBs ) <@> Salve-o no desktop! <@> Desabilite seus programas de proteção: antivírus,antimalware,antispyware ou firewall. <@> Estando desconectado,execute a ferramenta! --> Duplo clique em . <@> Aguarde o término do scan,até obtermos o relatório. ( DDS.txt ) <-- <@> Surgirá,também,uma nova janela: "D.D.S - Optional_Scan" --> Clique em Sim. <@> O Bloco de Notas irá abrir,com outro relatório. ( Attach.txt ) <-- <@> Ps: Caso o relatório seja incompreensível,renomeie o executável para DDS.exe e repita o scan. <@> Outra janela,finalmente,abrir-se-à! --> Clique em OK. <@> Salve os relatórios: DDS.txt + Attach.txt <-- Poste-os! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 29, 2009 Olá! Muito obrigada pela sua resposta!!! Fiz a remoção de resquícios do Norton. E deu tudo certo com o LopS&D (vou colocar o relatório aqui). Porém, não consegui instalar o FindyKill na área "arquivos de programas" apareceu uma mensagem dizendo que eu necessitaria da autorização do administrador (porém, o usuário que estou usando é o administrador do pc) resolvi entao salvar em c: users owner. Quando acabei de execultar o pc só reiniciou 1 vez e não apareceu prompt e nem relatório com o nome que você mencionou. Além disso tive que reiniciar o pc manualmente, pois apareceu uma mensagem falando que tinha um problema nos "Bios memory". Instalei o dds no desktop, porem aparece a mensagem : Some installation files are corrupt. Please download a fresh copy and retry the installation. Muito obrigada por me ajudar!!! --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T5550 @ 1.83GHz ) BIOS : Ver 1.00PARTTBL8 USER : Owner ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:221 Go (Free:157 Go) D:\ (Local Disk) - NTFS - Total:11 Go (Free:2 Go) E:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 28/08/2009|21:32 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX Deleted! - C:\Program Files\Orbitdownloader\addons Deleted! - C:\Program Files\Orbitdownloader\banurl.ini Deleted! - C:\Program Files\Orbitdownloader\changelog.txt Failed ! - C:\Program Files\Orbitdownloader\download.dll Deleted! - C:\Program Files\Orbitdownloader\Grab.exe Deleted! - C:\Program Files\Orbitdownloader\GrabDll.dll Deleted! - C:\Program Files\Orbitdownloader\GrabKernel.dll Deleted! - C:\Program Files\Orbitdownloader\GrabPro.dll Failed ! - C:\Program Files\Orbitdownloader\idht.dll Deleted! - C:\Program Files\Orbitdownloader\Lang.ini Deleted! - C:\Program Files\Orbitdownloader\language Deleted! - C:\Program Files\Orbitdownloader\libeay32.dll Deleted! - C:\Program Files\Orbitdownloader\magic.mgc Deleted! - C:\Program Files\Orbitdownloader\orbitcth.dll Deleted! - C:\Program Files\Orbitdownloader\orbitdm.exe Deleted! - C:\Program Files\Orbitdownloader\orbitmxt.dll Deleted! - C:\Program Files\Orbitdownloader\orbitnet.exe Deleted! - C:\Program Files\Orbitdownloader\saction.dll Deleted! - C:\Program Files\Orbitdownloader\siteinfo.ini Deleted! - C:\Program Files\Orbitdownloader\ssleay32.dll Deleted! - C:\Program Files\Orbitdownloader\unins000.dat Deleted! - C:\Program Files\Orbitdownloader\unins000.exe Deleted! - C:\Program Files\Orbitdownloader\update Deleted! - C:\Program Files\Orbitdownloader\winfile.dll Deleted! - C:\Program Files\Orbitdownloader - [ Hosts file ] .. Restored! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Deleted! - C:\Program Files\Viewpoint Deleted! - C:\PROGRA~2\Viewpoint \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing folders in Local [27/08/2009|22:27] C:\Users\Owner\AppData\Local\Adobe [26/07/2008|20:03] C:\Users\Owner\AppData\Local\Application Data [26/07/2008|20:13] C:\Users\Owner\AppData\Local\AtStart.txt [28/08/2009|20:06] C:\Users\Owner\AppData\Local\d3d9caps.dat [22/08/2009|21:11] C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [26/07/2008|20:10] C:\Users\Owner\AppData\Local\Downloaded Installations [26/07/2008|20:13] C:\Users\Owner\AppData\Local\DSwitch.txt [10/03/2009|13:26] C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT [06/06/2009|14:45] C:\Users\Owner\AppData\Local\Google [25/08/2008|19:33] C:\Users\Owner\AppData\Local\Hewlett-Packard [26/07/2008|20:03] C:\Users\Owner\AppData\Local\History [01/01/2009|21:05] C:\Users\Owner\AppData\Local\HP [27/08/2009|23:52] C:\Users\Owner\AppData\Local\IconCache.db [01/01/2009|21:10] C:\Users\Owner\AppData\Local\Microsoft [23/08/2008|16:46] C:\Users\Owner\AppData\Local\Microsoft Games [08/01/2009|13:51] C:\Users\Owner\AppData\Local\Microsoft Help [26/07/2008|20:13] C:\Users\Owner\AppData\Local\QSwitch.txt [08/01/2009|13:51] C:\Users\Owner\AppData\Local\QuickPlay [28/12/2008|22:49] C:\Users\Owner\AppData\Local\Seven Zip [28/08/2009|21:33] C:\Users\Owner\AppData\Local\Temp [26/07/2008|20:03] C:\Users\Owner\AppData\Local\Temporary Internet Files [08/09/2008|15:51] C:\Users\Owner\AppData\Local\VirtualStore [19/08/2009|13:58] C:\Users\Owner\AppData\Local\Zylom Games --------------------\\ Scheduled Tasks located in C:\Windows\Tasks [28/08/2009 20:08][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job [28/08/2009 21:12][--ah-----] C:\Windows\tasks\SA.DAT [27/08/2009 23:52][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing Folders in C:\ProgramData [23/03/2009|17:07] C:\ProgramData\Adobe [29/08/2008|22:07] C:\ProgramData\AOL [24/08/2008|12:18] C:\ProgramData\AOL OCP [02/11/2006|10:02] C:\ProgramData\Application Data [27/06/2009|13:08] C:\ProgramData\Babylon [23/10/2008|18:24] C:\ProgramData\CyberLink [02/11/2006|10:02] C:\ProgramData\Desktop [02/11/2006|10:02] C:\ProgramData\Documents [20/06/2009|18:25] C:\ProgramData\Electronic Arts [17/01/2009|20:41] C:\ProgramData\eMule [02/11/2006|10:02] C:\ProgramData\Favorites [22/04/2009|19:44] C:\ProgramData\GoBit Games [06/06/2009|15:28] C:\ProgramData\Google [07/01/2009|10:13] C:\ProgramData\Hewlett-Packard [07/01/2009|10:16] C:\ProgramData\HP [07/01/2009|10:09] C:\ProgramData\HPSSUPPLY [08/01/2009|12:45] C:\ProgramData\hpzinstall.log [22/08/2009|21:52] C:\ProgramData\McAfee [16/03/2009|20:00] C:\ProgramData\Microsoft [13/08/2009|20:01] C:\ProgramData\Microsoft Help [23/02/2008|06:42] C:\ProgramData\muvee Technologies [28/08/2009|21:22] C:\ProgramData\NortonInstaller [11/07/2009|22:50] C:\ProgramData\NOS [19/01/2009|14:27] C:\ProgramData\SimCity Societies [22/08/2009|21:53] C:\ProgramData\SiteAdvisor [02/11/2006|10:02] C:\ProgramData\Start Menu [28/08/2009|21:23] C:\ProgramData\Symantec [02/11/2006|10:02] C:\ProgramData\Templates [07/01/2009|10:21] C:\ProgramData\WEBREG [21/12/2008|15:49] C:\ProgramData\WildTangent [14/01/2009|20:26] C:\ProgramData\WindowsSearch [02/08/2008|09:38] C:\ProgramData\WLInstaller --------------------\\ Listing Folders in C:\Program Files [23/03/2009|17:08] C:\Program Files\Adobe [27/06/2008|04:32] C:\Program Files\Apoint2K [23/02/2008|07:13] C:\Program Files\AWS [22/08/2009|21:52] C:\Program Files\Common Files [27/06/2008|04:34] C:\Program Files\CONEXANT [27/06/2008|04:47] C:\Program Files\CyberLink [20/06/2009|15:05] C:\Program Files\EA GAMES [23/02/2008|07:12] C:\Program Files\earthlink totalaccess [22/08/2009|16:02] C:\Program Files\Electronic Arts [17/01/2009|20:40] C:\Program Files\eMule [22/08/2009|13:24] C:\Program Files\Foxit Software [06/06/2009|15:28] C:\Program Files\Google [27/06/2008|04:45] C:\Program Files\Hewlett-Packard [07/01/2009|10:09] C:\Program Files\HP [27/06/2008|04:50] C:\Program Files\HP Games [26/07/2008|20:05] C:\Program Files\HPQ [14/07/2009|13:08] C:\Program Files\InstallShield Installation Information [27/06/2008|04:35] C:\Program Files\Intel [29/07/2009|13:33] C:\Program Files\Internet Explorer [27/08/2009|15:01] C:\Program Files\Java [08/01/2009|14:00] C:\Program Files\LimeWire [27/06/2008|04:35] C:\Program Files\Marvell [23/08/2009|13:10] C:\Program Files\McAfee [02/11/2006|09:37] C:\Program Files\Microsoft Games [23/02/2008|06:54] C:\Program Files\Microsoft Office [11/06/2009|12:23] C:\Program Files\Microsoft Works [20/06/2009|18:24] C:\Program Files\Microsoft WSE [23/02/2008|06:54] C:\Program Files\Microsoft.NET [20/01/2008|23:35] C:\Program Files\Movie Maker [02/11/2006|09:37] C:\Program Files\MSBuild [29/07/2008|13:45] C:\Program Files\MSXML 4.0 [23/02/2008|06:42] C:\Program Files\muvee Technologies [27/06/2008|04:33] C:\Program Files\NetWaiting [11/07/2009|22:50] C:\Program Files\NOS [08/01/2009|13:51] C:\Program Files\Online Services [27/08/2009|20:23] C:\Program Files\Panda Security [08/09/2008|15:49] C:\Program Files\PlotSoft [02/11/2006|09:37] C:\Program Files\Reference Assemblies [23/02/2008|06:57] C:\Program Files\Sling Media [02/11/2006|10:01] C:\Program Files\Uninstall Information [14/09/2008|12:19] C:\Program Files\uTorrent [11/12/2008|21:21] C:\Program Files\VideoLAN [20/01/2008|23:35] C:\Program Files\Windows Calendar [20/01/2008|23:35] C:\Program Files\Windows Collaboration [20/01/2008|23:35] C:\Program Files\Windows Defender [20/01/2008|23:35] C:\Program Files\Windows Journal [02/08/2008|09:57] C:\Program Files\Windows Live [12/08/2009|12:36] C:\Program Files\Windows Mail [12/08/2009|13:37] C:\Program Files\Windows Media Player [02/11/2006|09:37] C:\Program Files\Windows NT [20/01/2008|23:35] C:\Program Files\Windows Photo Gallery [20/01/2008|23:35] C:\Program Files\Windows Sidebar [29/06/2009|18:45] C:\Program Files\WinRAR [27/06/2008|04:30] C:\Program Files\WinTV [18/04/2009|15:31] C:\Program Files\XMedia Recode [26/07/2008|20:24] C:\Program Files\Yahoo! --------------------\\ Listing Folders in C:\Program Files\Common Files [23/03/2009|17:07] C:\Program Files\Common Files\Adobe [06/03/2009|11:46] C:\Program Files\Common Files\DESIGNER [07/01/2009|10:04] C:\Program Files\Common Files\Hewlett-Packard [23/02/2008|06:58] C:\Program Files\Common Files\HP [11/12/2008|21:00] C:\Program Files\Common Files\Hypnotizer [23/02/2008|07:00] C:\Program Files\Common Files\InstallShield [23/02/2008|07:24] C:\Program Files\Common Files\Java [26/07/2008|20:05] C:\Program Files\Common Files\LightScribe [22/08/2009|21:52] C:\Program Files\Common Files\McAfee [06/03/2009|11:46] C:\Program Files\Common Files\microsoft shared [23/02/2008|06:42] C:\Program Files\Common Files\muvee Technologies [02/11/2006|08:18] C:\Program Files\Common Files\Services [02/11/2006|08:18] C:\Program Files\Common Files\SpeechEngines [28/08/2009|21:23] C:\Program Files\Common Files\Symantec Shared [20/01/2008|23:35] C:\Program Files\Common Files\System [02/08/2008|09:44] C:\Program Files\Common Files\WindowsLiveInstaller --------------------\\ Process ( 68 Processes ) ... OK ! --------------------\\ Searching with S_Lop No Lop folder found ! --------------------\\ Searching for Lop Files - Folders No Lop folder found ! --------------------\\ Searching within the Registry ..... OK ! --------------------\\ Checking the Hosts file Hosts file CLEAN --------------------\\ Searching for hidden files with Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 21:33:14 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 3 --------------------\\ Searching for other infections --------------------\\ Cracks & Keygens .. C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JZHJEJ02\the-sims-3-crack-keygen-only-reloaded[1].htm C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Recent\crack the sims 3 ita [CrackNoCD].lnk [F:34][D:5]-> C:\Users\Owner\AppData\Local\Temp [F:2324][D:1]-> C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\Cookies [F:2501][D:12]-> C:\Users\Owner\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:7][D:4]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 28/08/2009|21:36 - Option : [2] --------------------\\ Scan completed at 21:36:34 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2009 Bom Dia! cris666 <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Clique em: < > --> Aguarde! <@> Poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 29, 2009 Olá, DigRam! Bom dia! A aqui está: OTL logfile created on: 29/08/2009 11:34:05 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 95,70% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,20 Gb Total Space | 157,60 Gb Free Space | 71,25% Space Free | Partition Type: NTFS Drive D: | 11,68 Gb Total Space | 2,00 Gb Free Space | 17,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) PRC - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () PRC - C:\Windows\Explorer.EXE (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\igfxtray.exe (Intel Corporation) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation) PRC - C:\Program Files\Apoint2K\Apntex.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools) ========== Win32 Services (SafeList) ========== SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Com4Qlb [On_Demand | Stopped]) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation) SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation) SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation) SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) SRV - (GameConsoleService [On_Demand | Stopped]) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (HP Health Check Service [Auto | Running]) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (hpqwmiex [Auto | Running]) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (idsvc [unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation) SRV - (LightScribeService [Auto | Running]) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (QPCapSvc [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe () SRV - (QPSched [Auto | Running]) -- C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe () SRV - (RichVideo [Auto | Running]) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (usnjsvc [On_Demand | Running]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (XAudioService [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.exe (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (BCM43XV [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corporation) DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (CnxtHdAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation) DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.) DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (HpqKbFiltr [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (HpqRemHid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (HSFHWAZL [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (HSF_DPV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (iaStor [boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (igfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\igdkmd32.sys (Intel Corporation) DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (mdmxsdk [Auto | Running]) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys (Conexant) DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw3v32.sys (Intel Corporation) DRV - (NETw4v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw4v32.sys (Intel Corporation) DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (NVENETFD [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\nvm60x32.sys (NVIDIA Corporation) DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (pavboot [boot | Running]) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC) DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC) DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC) DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (winachsf [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio [Auto | Running]) -- C:\Windows\System32\DRIVERS\xaudio.sys (Conexant Systems, Inc.) DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\S-1-5-21-242662230-3875772334-1554595176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\S-1-5-21-242662230-3875772334-1554595176-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 139.82.115.10:80 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/08/26 22:34:03 | 00,000,000 | ---D | M] O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O3 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation) O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation) O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll File not found O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet) O15 - HKU\S-1-5-21-242662230-3875772334-1554595176-1000\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Reg Error: Value error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O30 - LSA: Authentication Packages - (ows\S) - File not found O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/02/23 06:42:35 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 12:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [2009/08/29 11:32:56 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/08/28 22:26:27 | 00,359,932 | ---- | C] () -- C:\Users\Owner\Desktop\dds.scr [2009/08/28 22:15:45 | 00,001,412 | ---- | C] () -- C:\Users\Owner\Desktop\FindyKill.lnk [2009/08/28 22:15:41 | 00,000,000 | ---D | C] -- C:\FindyKill [2009/08/28 22:14:22 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS [2009/08/28 22:14:22 | 00,000,000 | RHS- | C] () -- C:\IO.SYS [2009/08/28 21:49:31 | 00,000,000 | ---D | C] -- C:\Program Files\FindyKill [2009/08/28 21:26:16 | 00,000,000 | ---D | C] -- C:\Lop SD [2009/08/27 23:01:57 | 00,000,610 | ---- | C] () -- C:\Users\Owner\Desktop\UnHookExec.inf [2009/08/27 22:13:00 | 32,090,56256 | -HS- | C] () -- C:\hiberfil.sys [2009/08/27 22:02:40 | 00,000,134 | ---- | C] () -- C:\Users\Owner\Desktop\System - Shortcut.lnk [2009/08/27 21:39:00 | 00,001,682 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2009/08/27 20:23:09 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys [2009/08/27 17:43:11 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe [2009/08/27 15:01:16 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2009/08/27 15:01:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2009/08/27 15:01:16 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2009/08/26 12:45:51 | 00,848,656 | ---- | C] (AVG Technologies) -- C:\Users\Owner\Desktop\hdjshn.exe [2009/08/26 10:05:50 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2009/08/25 21:23:40 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2009/08/25 21:23:40 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2009/08/23 16:18:28 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Owner\Desktop\imabunny.exe.exe [2009/08/23 16:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2009/08/22 21:52:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee [2009/08/22 21:52:32 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee [2009/08/22 13:24:58 | 00,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2009/08/22 13:24:58 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Foxit [2009/08/22 13:24:58 | 00,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2009/08/21 23:23:51 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll [2009/08/21 23:23:51 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll [2009/08/21 23:23:51 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll [2009/08/21 23:23:51 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll [2009/08/21 23:23:51 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll [2009/08/21 23:23:50 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys [2009/08/21 23:23:50 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll [2009/08/21 23:23:50 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe [2009/08/20 17:38:02 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG8 [2009/08/17 22:38:48 | 00,967,680 | ---- | C] () -- C:\Users\Owner\Documents\lista_ipc_enviado_para_cristiane.xls [2009/08/12 23:05:51 | 00,012,487 | ---- | C] () -- C:\Users\Owner\Documents\Artigos Goldin.rtf [2009/08/12 20:08:35 | 00,320,675 | ---- | C] () -- C:\Users\Owner\Documents\Grad_-_92_-_alterado.JPG [2009/08/11 22:55:41 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll [2009/08/11 22:55:35 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll [2009/08/11 22:53:38 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2009/08/11 19:07:51 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll [2009/08/11 19:07:50 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll [2009/08/11 19:07:49 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2009/08/11 19:07:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2009/08/11 19:07:48 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2009/08/11 19:07:46 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2009/08/11 19:07:46 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb [2009/08/11 19:07:46 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb [2009/08/11 19:01:51 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll [2009/08/06 21:25:36 | 00,248,320 | ---- | C] () -- C:\Users\Owner\Documents\lista ipc.xls [2009/08/04 20:58:00 | 00,109,568 | ---- | C] () -- C:\Users\Owner\Documents\lista ipc(1).xls [2008/06/27 04:29:34 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2008/06/27 04:29:34 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2008/06/27 04:29:34 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll [2008/06/27 04:29:34 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2006/11/02 09:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 07:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini [2006/11/02 07:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini [2006/11/02 04:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Files - Modified Within 30 Days ========== [2009/08/29 11:32:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe [2009/08/29 11:28:51 | 00,000,521 | ---- | M] () -- C:\Users\Owner\Documents\My Sharing Folders.lnk [2009/08/29 11:27:28 | 00,000,281 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2009/08/29 11:27:26 | 00,006,540 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2009/08/29 11:27:08 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2009/08/29 11:27:08 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2009/08/29 11:27:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2009/08/29 11:27:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2009/08/29 11:27:02 | 32,090,56256 | -HS- | M] () -- C:\hiberfil.sys [2009/08/29 01:34:11 | 02,221,009 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db [2009/08/28 22:40:39 | 00,359,932 | ---- | M] () -- C:\Users\Owner\Desktop\dds.scr [2009/08/28 22:15:45 | 00,001,412 | ---- | M] () -- C:\Users\Owner\Desktop\FindyKill.lnk [2009/08/28 22:14:22 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009/08/28 22:14:22 | 00,000,000 | RHS- | M] () -- C:\IO.SYS [2009/08/28 21:57:27 | 21,497,2327 | ---- | M] () -- C:\Windows\MEMORY.DMP [2009/08/28 21:33:05 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2009/08/28 20:08:22 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job [2009/08/27 23:01:58 | 00,000,610 | ---- | M] () -- C:\Users\Owner\Desktop\UnHookExec.inf [2009/08/27 22:08:02 | 00,001,682 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk [2009/08/27 22:02:40 | 00,000,134 | ---- | M] () -- C:\Users\Owner\Desktop\System - Shortcut.lnk [2009/08/22 21:11:33 | 00,034,816 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/08/22 13:26:25 | 00,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk [2009/08/18 20:16:16 | 00,967,680 | ---- | M] () -- C:\Users\Owner\Documents\lista_ipc_enviado_para_cristiane.xls [2009/08/12 23:05:51 | 00,012,487 | ---- | M] () -- C:\Users\Owner\Documents\Artigos Goldin.rtf [2009/08/12 20:08:56 | 00,320,675 | ---- | M] () -- C:\Users\Owner\Documents\Grad_-_92_-_alterado.JPG [2009/08/10 12:40:30 | 00,690,760 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2009/08/10 12:40:30 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2009/08/10 12:40:30 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2009/08/08 17:55:07 | 00,248,320 | ---- | M] () -- C:\Users\Owner\Documents\lista ipc.xls [2009/08/06 18:15:02 | 00,109,568 | ---- | M] () -- C:\Users\Owner\Documents\lista ipc(1).xls < End of report > OTL Extras logfile created on: 29/08/2009 11:34:05 - Run 1 OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Owner\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000416 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 95,70% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,20 Gb Total Space | 157,60 Gb Free Space | 71,25% Space Free | Partition Type: NTFS Drive D: | 11,68 Gb Total Space | 2,00 Gb Free Space | 17,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3018649E-A33C-4629-946D-036489690A32}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4EFA2B29-6B4C-4F9D-A0DE-6107989A823F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04820B17-7658-4344-A5B7-C41D45EF2E66}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a9f.tmp\symnrt.exe | "{2FD82A6D-14C5-408F-9477-B4E0800774FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3233706A-074C-4F28-8665-1BC990A4551C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{413BF656-5A07-4541-924D-B47163E46F2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{46406647-2382-4C5C-87AB-5BC87D3A28CF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{664F0F79-8476-42A6-B3AF-003D3834DEC2}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe | "{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6DA9DFEA-0AB2-459C-A646-158182C75152}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | "{763958AC-26B0-4590-9289-896518A1C8F3}" = protocol=6 | dir=in | app=c:\program files\mediacoder\mediacoder.exe | "{834D8F8C-8A4E-430F-9588-FDB3C06090DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{8D404B90-DBB6-4C47-A835-44EFD4C04957}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{98370C9E-BEDD-49B0-A1ED-3A6622AA16D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}" = protocol=17 | dir=in | app=c:\program files\mediacoder\mediacoder.exe | "{A2100764-A630-4771-8CE4-157B32414391}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe | "{AC7D0598-8C3D-4E24-813A-E058A514B547}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B4BE955E-960C-4B09-90A5-C11E55463523}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{B9BD04B8-8A4E-479F-9B66-3E6E74904126}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{C3A360BA-DF3F-4BD7-A944-861C779AA41C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CF346E64-6138-4C33-8090-6208B5A38FD8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{DAF86E4B-0735-47DC-A5DB-637A88C45C74}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{DB39C6BB-E5FB-4D42-A784-AE1001792996}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zs3a9f.tmp\symnrt.exe | "{FCE76EB6-72C7-448E-8F05-5635A203EAD5}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{3217AE1A-A3A5-4A1A-B79C-30CAECD7711C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe | "TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{B023B166-FC17-4CDB-A212-976C40D6EF47}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | "UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1 "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor "{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4 "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B53620C0-3A83-4F50-A7AB-175DB64C1CE3}" = HP User Guides 0090 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "ActiveScan 2.0" = Panda ActiveScan 2.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "eMule" = eMule "FindyKill" = FindyKill "Foxit Reader" = Foxit Reader "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149) "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Marvell Miniport Driver" = Marvell Miniport Driver "Orbit_is1" = Orbit Downloader "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "ViewpointMediaPlayer" = Viewpoint Media Player "WildTangent hp Master Uninstall" = My HP Games "WinRAR archiver" = WinRAR archiver "XMedia Recode" = XMedia Recode 2.1.2.5 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 29, 2009 Boa Tarde! cris666 <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <><><><><><><><><><><><> <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 29, 2009 Boa tarde! Aqui estão os relatórios: ComboFix 09-08-28.06 - Owner 29/08/2009 16:06.1.2 - NTFSx86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.3062.2606 [GMT -3:00] Executando de: c:\users\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-232775485-1230041090-1104653597-500 c:\$recycle.bin\S-1-5-21-242662230-3875772334-1554595176-500 C:\InfoSat.txt c:\windows\Installer\2fe256.msi c:\windows\Installer\69b02.msi c:\windows\system32\KBL.LOG . (((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))) . 2009-08-29 01:15 . 2009-08-29 01:17 -------- d-----w- C:\FindyKill 2009-08-29 00:49 . 2009-08-29 01:14 -------- d-----w- c:\program files\FindyKill 2009-08-29 00:45 . 2009-08-29 00:48 1227828 ----a-w- c:\users\Owner\FindyKill.exe 2009-08-29 00:29 . 2009-08-29 00:30 501736 ----a-w- c:\users\Owner\LopSD.exe 2009-08-29 00:26 . 2009-08-29 04:31 -------- d-----w- C:\Lop SD 2009-08-29 00:22 . 2009-08-29 00:22 -------- d-----w- c:\progra~2\NortonInstaller 2009-08-27 23:23 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-27 20:43 . 2009-08-28 01:27 -------- d-----w- c:\users\Owner\AppData\Local\Adobe 2009-08-27 17:41 . 2009-08-27 18:54 -------- d-----w- c:\users\Owner\.housecall6.6 2009-08-26 13:05 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-26 00:23 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-26 00:23 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-23 19:05 . 2009-08-27 23:23 -------- d-----w- c:\program files\Panda Security 2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\progra~2\SiteAdvisor 2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-23 00:52 . 2009-08-23 16:10 -------- d-----w- c:\program files\McAfee 2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\progra~2\McAfee 2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Foxit 2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\program files\Foxit Software 2009-08-22 02:23 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-22 02:23 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-22 02:23 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-22 02:23 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-22 02:23 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-22 02:23 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-22 02:23 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-22 02:23 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG8 2009-08-12 01:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 01:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 01:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-11 22:07 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-11 22:07 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-11 22:07 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-11 22:07 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-11 22:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-29 14:27 . 2008-07-26 23:14 6540 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat 2009-08-29 00:25 . 2008-09-16 21:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Orbit 2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\progra~2\Symantec 2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-27 18:01 . 2008-02-23 10:24 -------- d-----w- c:\program files\Java 2009-08-22 19:02 . 2008-07-26 23:08 -------- d-----w- c:\program files\Electronic Arts 2009-08-13 23:01 . 2008-02-23 09:53 -------- d-----w- c:\progra~2\Microsoft Help 2009-08-12 15:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-25 08:23 . 2009-03-15 19:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-18 16:06 . 2009-07-29 02:01 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 02:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 02:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-14 16:08 . 2008-02-23 08:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\progra~2\NOS 2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\program files\NOS 2009-06-20 21:24 . 2009-06-20 21:24 10134 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-15 15:24 . 2009-07-15 01:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 01:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 01:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 01:59 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{46406647-2382-4C5C-87AB-5BC87D3A28CF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{6DA9DFEA-0AB2-459C-A646-158182C75152}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DAF86E4B-0735-47DC-A5DB-637A88C45C74}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A2100764-A630-4771-8CE4-157B32414391}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8D404B90-DBB6-4C47-A835-44EFD4C04957}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{AC7D0598-8C3D-4E24-813A-E058A514B547}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B9BD04B8-8A4E-479F-9B66-3E6E74904126}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{CF346E64-6138-4C33-8090-6208B5A38FD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{04820B17-7658-4344-A5B7-C41D45EF2E66}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B4BE955E-960C-4B09-90A5-C11E55463523}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{3233706A-074C-4F28-8665-1BC990A4551C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{664F0F79-8476-42A6-B3AF-003D3834DEC2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{834D8F8C-8A4E-430F-9588-FDB3C06090DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FCE76EB6-72C7-448E-8F05-5635A203EAD5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{763958AC-26B0-4590-9289-896518A1C8F3}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder "{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder "TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DB39C6BB-E5FB-4D42-A784-AE1001792996}"= UDP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool "{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}"= TCP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink S0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [27/08/2009 20:23 28544] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22/08/2009 21:52 210216] --- =Outros Serviços/Drivers Na Memória --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Conteúdo da pasta 'Tarefas Agendadas' 2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . - - - - ORFÃOS REMOVIDOS - - - - HKLM-RunOnce-<NO NAME> - (no file) . ------- Scan Suplementar ------- . uStart Page = hxxp://www.freerice.com/index.php mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyServer = 139.82.115.10:80 uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-29 16:13 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'Explorer.exe'(1472) c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll c:\windows\system32\igfxsrvc.dll . Tempo para conclusão: 2009-08-29 16:15 ComboFix-quarantined-files.txt 2009-08-29 19:15 Pré-execução: The system cannot find message text for message number 0x2379 in the message file for Application. Pós execução: 172.254.035.968 bytes free 196 --- E O F --- 2009-08-29 00:31 ------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:26, on 29/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\Owner\Desktop\imabunny.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7692 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 30, 2009 Boa Noite! cris666 <@> Reinicie em Modo de Segurança. <@> Abra o HijackThis --> Clique: Do a system scan only R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 139.82.115.10:80 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (file missing) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 <@> Marque,àcima,estas entradas --> Clique: Fix checked --> Sim! <@> Reinicie em Modo Normal. <><><><><><><><><><><><> <@> Selecione e copie,todo o conteúdo que está na área do Quote,para o Bloco de Notas. <@> Salve-o,no desktop,com o nome: CFScript.txt Registry::[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000000 [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] File:: C:\Program Files\Orbitdownloader\orbitdm.exe C:\Program Files\Orbitdownloader\orbitmxt.dll Folder:: C:\Program Files\Orbitdownloader <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 30, 2009 Boa noite! Log do Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:24:57, on 30/08/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Safe mode Running processes: C:\Windows\Explorer.EXE C:\Users\Owner\Desktop\imabunny.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freerice.com/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://br.search.yahoo.com/search?fr=mcafee&p=%s O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" O4 - HKLM\..\Run: [igfxTray] "C:\Windows\system32\igfxtray.exe" O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5845 bytes ------------------------ ComboFix 09-08-28.06 - Owner 30/08/2009 20:09.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.55.1033.18.3062.2075 [GMT -3:00] Executando de: c:\users\Owner\Desktop\ComboFix.exe Comandos utilizados :: c:\users\Owner\Desktop\CFScript.txt FILE :: "c:\program files\Orbitdownloader\orbitdm.exe" "c:\program files\Orbitdownloader\orbitmxt.dll" . (((((((((((((((( Arquivos/Ficheiros criados de 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))) . 2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Public\AppData\Local\temp 2009-08-30 23:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2009-08-30 04:35 . 2009-08-30 04:35 -------- d-sh--w- C:\found.006 2009-08-29 19:16 . 2009-08-30 23:16 -------- d-----w- c:\users\Owner\AppData\Local\temp 2009-08-29 01:15 . 2009-08-29 01:17 -------- d-----w- C:\FindyKill 2009-08-29 00:49 . 2009-08-29 01:14 -------- d-----w- c:\program files\FindyKill 2009-08-29 00:45 . 2009-08-29 00:48 1227828 ----a-w- c:\users\Owner\FindyKill.exe 2009-08-29 00:29 . 2009-08-29 00:30 501736 ----a-w- c:\users\Owner\LopSD.exe 2009-08-29 00:26 . 2009-08-29 04:31 -------- d-----w- C:\Lop SD 2009-08-29 00:22 . 2009-08-29 00:22 -------- d-----w- c:\progra~2\NortonInstaller 2009-08-27 23:23 . 2008-06-19 20:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-27 20:43 . 2009-08-28 01:27 -------- d-----w- c:\users\Owner\AppData\Local\Adobe 2009-08-27 17:41 . 2009-08-27 18:54 -------- d-----w- c:\users\Owner\.housecall6.6 2009-08-26 13:05 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll 2009-08-26 00:23 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-26 00:23 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-23 19:05 . 2009-08-27 23:23 -------- d-----w- c:\program files\Panda Security 2009-08-23 00:53 . 2009-08-23 00:53 -------- d-----w- c:\progra~2\SiteAdvisor 2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\program files\Common Files\McAfee 2009-08-23 00:52 . 2009-08-23 16:10 -------- d-----w- c:\program files\McAfee 2009-08-23 00:52 . 2009-08-23 00:52 -------- d-----w- c:\progra~2\McAfee 2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\users\Owner\AppData\Roaming\Foxit 2009-08-22 16:24 . 2009-08-22 16:24 -------- d-----w- c:\program files\Foxit Software 2009-08-22 02:23 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-08-22 02:23 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll 2009-08-22 02:23 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll 2009-08-22 02:23 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll 2009-08-22 02:23 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-08-22 02:23 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-08-22 02:23 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll 2009-08-22 02:23 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe 2009-08-20 20:38 . 2009-08-20 20:38 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG8 2009-08-12 01:55 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll 2009-08-12 01:55 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-08-12 01:53 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-08-11 22:07 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-08-11 22:07 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-08-11 22:07 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-08-11 22:07 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-08-11 22:01 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-30 23:01 . 2008-07-26 23:14 6540 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat 2009-08-29 00:25 . 2008-09-16 21:25 -------- d-----w- c:\users\Owner\AppData\Roaming\Orbit 2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\progra~2\Symantec 2009-08-29 00:23 . 2008-02-23 08:50 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-27 18:01 . 2008-02-23 10:24 -------- d-----w- c:\program files\Java 2009-08-22 19:02 . 2008-07-26 23:08 -------- d-----w- c:\program files\Electronic Arts 2009-08-13 23:01 . 2008-02-23 09:53 -------- d-----w- c:\progra~2\Microsoft Help 2009-08-12 15:36 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-07-25 08:23 . 2009-03-15 19:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-18 16:06 . 2009-07-29 02:01 827904 ----a-w- c:\windows\system32\wininet.dll 2009-07-18 16:01 . 2009-07-29 02:01 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-07-18 09:46 . 2009-07-29 02:01 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-07-14 16:08 . 2008-02-23 08:48 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\progra~2\NOS 2009-07-12 01:50 . 2009-07-12 01:32 -------- d-----w- c:\program files\NOS 2009-06-20 21:24 . 2009-06-20 21:24 10134 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe 2009-06-15 15:24 . 2009-07-15 01:59 156672 ----a-w- c:\windows\system32\t2embed.dll 2009-06-15 15:20 . 2009-07-15 01:59 72704 ----a-w- c:\windows\system32\fontsub.dll 2009-06-15 15:20 . 2009-07-15 01:59 10240 ----a-w- c:\windows\system32\dciman32.dll 2009-06-15 12:52 . 2009-07-15 01:59 289792 ----a-w- c:\windows\system32\atmfd.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 129560] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{46406647-2382-4C5C-87AB-5BC87D3A28CF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{6DA9DFEA-0AB2-459C-A646-158182C75152}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{DAF86E4B-0735-47DC-A5DB-637A88C45C74}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A2100764-A630-4771-8CE4-157B32414391}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{8D404B90-DBB6-4C47-A835-44EFD4C04957}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{AC7D0598-8C3D-4E24-813A-E058A514B547}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B9BD04B8-8A4E-479F-9B66-3E6E74904126}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{CF346E64-6138-4C33-8090-6208B5A38FD8}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{04820B17-7658-4344-A5B7-C41D45EF2E66}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{B4BE955E-960C-4B09-90A5-C11E55463523}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{3233706A-074C-4F28-8665-1BC990A4551C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl "{ABEB31BB-FFC4-42B9-B066-09C59A411E5F}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{664F0F79-8476-42A6-B3AF-003D3834DEC2}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{834D8F8C-8A4E-430F-9588-FDB3C06090DB}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FCE76EB6-72C7-448E-8F05-5635A203EAD5}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{C7072CAC-4481-4A5E-AEAD-D402CDEF5AAB}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{763958AC-26B0-4590-9289-896518A1C8F3}"= UDP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder "{9DA60304-9ACB-40B3-AF93-70ADA7A4B2F5}"= TCP:c:\program files\MediaCoder\mediacoder.exe:MediaCoder "TCP Query User{952D6452-2EDF-4CF9-8866-A8388AB64089}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "UDP Query User{4EFC07F4-ECB1-4BCA-8C76-7081C913A1FE}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "TCP Query User{514470E4-7F3C-4C1A-9319-BA62212418A6}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{ED397CBA-705D-4CD4-BE7B-33B27E5CA5EE}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BF542637-3EDE-49CC-B755-C72537E9F425}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{CFD0A06B-F662-4300-B4B4-34E4C81F2F63}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{C729DE13-2C46-4681-B2FC-7BD77BFABC2A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{685B4C90-8C2C-4B64-AD9F-CE95CF82CEB7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DB39C6BB-E5FB-4D42-A784-AE1001792996}"= UDP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool "{15C56B49-E2CD-41FE-ADD8-0261477E4F3D}"= TCP:c:\users\Owner\AppData\Local\Temp\7zS3A9F.tmp\SymNRT.exe:Norton Removal Tool [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [27/08/2009 20:23 28544] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [22/08/2009 21:52 210216] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Conteúdo da pasta 'Tarefas Agendadas' 2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{BD821E18-E4F7-4738-9E37-983FA78A6579}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.freerice.com/index.php mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop uSearchURL,(Default) = hxxp://br.search.yahoo.com/search?fr=mcafee&p=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-30 20:16 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'Explorer.exe'(3368) c:\program files\McAfee\SiteAdvisor\saHook.dll c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll . Tempo para conclusão: 2009-08-30 20:18 ComboFix-quarantined-files.txt 2009-08-30 23:18 ComboFix2.txt 2009-08-29 19:16 Pré-execução: 169.065.472.000 bytes free Pós execução: 169.043.488.768 bytes free 170 --- E O F --- 2009-08-29 00:31 Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 31, 2009 Boa Noite! cris666 <@> Baixe: < > <!> Link-2 < RootRepeal.zip > <!> Link-3 < RootRepeal.zip > <@> Descompacte-o para o desktop. <@> Abra a o programa,e clique em "Report" --> "Scan" < > <@> Marque,àcima,as 7 caixinhas. --> Clique OK. <@> Escolha,à seguir,seu drive. ( C:\ ou D:\ ) --> OK. <@> Dê início ao scan e,ao terminar,clique em "Save Report" < > <@> Salve-o com o nome: "RootRepeal.txt" <-- Relatório! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 31, 2009 Olá! Segue abaixo o relatório! ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/08/31 11:01 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP1 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys Address: 0x82F04000 Size: 815104 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0x812CF000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{76594ed9-95bc-11de-8afa-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7b2d06b5-9240-11de-8905-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{86452437-8fff-11de-8a70-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{86c24819-90f5-11de-a381-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{98282c4a-9430-11de-9f8c-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9832db18-8d16-11de-8e2a-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{9d22dfdd-8f41-11de-86b3-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{bc43fa21-8db2-11de-8dcc-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{bf95f3a1-8604-11de-8d45-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c02f92b2-7bdf-11de-8f68-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{e9437ab8-8db5-11de-a3bc-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{ecb90237-8ce0-11de-a2f7-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{ECB90~2 Status: Locked to the Windows API! Path: C:\System Volume Information\{f1313f19-8c42-11de-914c-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f84c3937-8f2b-11de-8960-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3b045937-8755-11de-a1e7-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{4b7c22a1-8514-11de-8f01-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{509870a1-8360-11de-9067-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{02951b99-8087-11de-8dc4-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{0a555a19-7c5a-11de-8f38-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{2851c4a1-7dea-11de-9e09-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3761fc3e-9329-11de-b6ab-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3761fc46-9329-11de-b6ab-001d72639628}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Users\Owner\NetHood Status: Locked to the Windows API! Path: C:\Users\Owner\PrintHood Status: Locked to the Windows API! Path: C:\Users\Owner\SendTo Status: Locked to the Windows API! Path: C:\Users\Owner\Templates Status: Locked to the Windows API! Path: c:\windows\temp\sqlite_6bdsj56k9gff8to Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_9b3u756x0cyqh1a Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_bfqcydr3x5vyotc Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_lvsza8dwd2hzfbd Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_mrbulbe2hhwgqn7 Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_odbvdhinodlkyay Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_slbiylfszklpsws Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_wsy1inueoeh2lvp Status: Allocation size mismatch (API: 4096, Raw: 0) Path: C:\Windows\System32\migration\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\$$DeleteMe.lsass.exe.01ca234e526862d6.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca234e526f86f6.0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18000_none_e6d6dd2bb0cd8ff8\$$DeleteMe.kerberos.dll.01ca234e5271e856.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318\$$DeleteMe.msv1_0.dll.01ca234e527449b6.0006 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\$$DeleteMe.schannel.dll.01ca234e5271e856.0005 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-w..ure-other.resources_31bf3856ad364e35_6.0.6000.16386_en-us_aba6a9ba9bd9dfc2\wshelper.dll.mui Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WININE~1.DLL Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsasrv.dll.01ca234e526ac436.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.lsass.exe.01ca234e526862d6.0000 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\$$DeleteMe.secur32.dll.01ca234e526d2596.0002 Status: Locked to the Windows API! Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Locked to the Windows API! Path: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Locked to the Windows API! Path: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report03374394\Report.wer Status: Visible to the Windows API, but not on disk. Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.crwl Status: Allocation size mismatch (API: 280, Raw: 0) Path: c:\programdata\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.200.gthr Status: Allocation size mismatch (API: 4096, Raw: 0) Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1188 Status: Locked to the Windows API! ==EOF== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 31, 2009 Boa Tarde! cris666 <@> Baixe: < Win32kDiag.exe > <@> Salve-o no desktop! <@> Execute-o e poste o relatório: Win32kDiag.txt <-- <><><><><><><><><><> <@> Baixe: < Runscanner v. 1.8.1.0 > <@> Ps: Cuidado para não clicar em "Instant Scan". <@> Salve-o no Disco local(C) ou Desktop. <@> Descompacte-o e reserve o executável. ( RunScanner.exe ) <@> Abra o programa e,com o botão Expert mode já marcado,clique Ok. <@> Feche todas as janelas/programas,antes de executar este utilitário. <@> Rode-o,clicando em Scan computer. --> Aguarde! <@> Terminando,clique no menu: "Online analysis" <-- Esteja conectado! <@> Abrirá a página: "online malware analysis report" <@> Copie o resultado desta análise;Report Url:,para o seu computador. ( report.aspx ) <@> Coloque-o em um zip,dispondo-o no Desktop. <@> Mantenha a extenção ( .aspx ),ao copiá-lo! <@> Não desejando a verificação OnLine,salve-o como Arquivo RUN. <@> Execute-o e,ao terminar,clique em "Save Run File" --> Coloque-o em um zip,dispondo-o na área de trabalho. <@> Vá,agora,à este endereço: < Badongo > <@> Faça upload do report.aspx.zip ou runscanner.run,que estão no desktop,para esse servidor. <-- Badongo! <@> Copie o(s) endereço(s),que lhe serão fornecidos,para este Tópico. ( Report Url: ) ou ( Arquivo RUN ) Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
cris666 0 Denunciar post Postado Agosto 31, 2009 Boa noite! Link do Badongo: http://www.badongo.com/file/16921105 Relatório Win32kDiag.txt: Log file is located at: C:\Users\Owner\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-08-31 13:47:18 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2009-08-31 13:47:27 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl [1] 2009-08-31 13:48:30 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl () Finished! Abçs Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 1, 2009 Bom Dia! cris666 <@> Execute,novamente,RunScanner. <@> Clique,com o direito do Mouse,nas linhas destacadas em vermelho. <@> Clique em: Mark/unmark item Space <@> Clique na aba: Item fixer --> Fix selected items. <@> Na mensagem,dê o OK. <@> Em Information,confirme! <@> Clique em Unrated items,para confirmar-mos as remoções efetuadas. <@> Caso deseje uma limpeza mais profunda,vá em Extra stuff e remova todas as linhas destacadas em vermelho. <@> Terminando,execute a ferramenta e poste seu relatório. ( Report.txt ) <><><><><>< <@> Baixe: < > Malwarebytes <@> < Link - 2 > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme! <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><><> <@> Poste: mbam-log-2009-xx-xx (00-00-00).txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Outubro 1, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
