Zéee 0 Denunciar post Postado Outubro 13, 2009 Olá, o meu antivirus (Nod) diz que tenho um genetik trojan. Queria saber se posso entrar em contas de email, jogos online, youtube sem que os meus dados estejam em risco? Nao sei o que este trojan faz :S Já utilizei o HijackThis mas daqui pra frente nao sei o que fazer (sou muito "noob") Aqui vai o log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:47:42, on 13-10-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\conime.exe C:\Program Files\Apple Software Update\SoftwareUpdate.exe C:\Users\Fradinho\AppData\Windwnx32.exe C:\Users\Fradinho\AppData\Windwnx32.exe C:\Users\Fradinho\AppData\MsnSys.exe C:\Users\Fradinho\Downloads\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Explorer.exe C:\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll F2 - REG:system.ini: Shell= O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [{C181BA2D-D5FC-1992-E236-E52376241F19}] C:\Windows\system32\win\svchost.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [Downsys] C:\Users\Fradinho\AppData\Windwnx32.exe O4 - HKCU\..\Run: [MsnSys.exe] C:\Users\Fradinho\AppData\MsnSys.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema') O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'Sistema') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user') O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MS Common Service - Unknown owner - C:\Windows\system32\mscomserv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 14014 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 13, 2009 Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. Compartilhar este post Link para o post Compartilhar em outros sites
Zéee 0 Denunciar post Postado Outubro 14, 2009 Olá já fiz o processo que pediu, segue o log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:28:59, on 14-10-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\ehome\ehmsas.exe C:\Users\Fradinho\AppData\MsnSys.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Fradinho\AppData\Local\Temp\Rar$EX00.652\MSNCleaner.exe C:\Users\Fradinho\AppData\Local\Temp\Rar$EX04.597\MSNCleaner.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe C:\Program Files\Java\jre6\bin\java.exe C:\Windows\system32\taskeng.exe C:\Users\Fradinho\Desktop\Yitian2PT\Yitian2PT.exe C:\Users\Fradinho\Desktop\Yitian2PT\mc.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\Explorer.exe C:\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKCU\..\Run: [MsnSys.exe] C:\Users\Fradinho\AppData\MsnSys.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema') O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'Sistema') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user') O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MS Common Service - Unknown owner - C:\Windows\system32\mscomserv.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 14217 bytes O MalwareBytes deu dois log's um depois do scan e outro quando mandei resolver os "problemas" seguem os 2: Log do MalwareBytes depois do scan: Malwarebytes' Anti-Malware 1.41 Versão do banco de dados: 2954 Windows 6.0.6002 Service Pack 2 14-10-2009 13:27:06 mbam-log-2009-10-14 (13-26-49).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 396339 Tempo decorrido: 3 hour(s), 45 minute(s), 25 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registo infectadas: 0 Valores do Registo infectados: 1 Ítens do Registo infectados: 0 Pastas infectadas: 0 Ficheiros infectados: 2 Processos da Memória infectados: (Nenhum item malicioso foi detectado) Módulos de Memória Infectados: (Nenhum item malicioso foi detectado) Chaves do Registo infectadas: (Nenhum item malicioso foi detectado) Valores do Registo infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MsnSys.exe (Trojan.Banker) -> No action taken. Ítens do Registo infectados: (Nenhum item malicioso foi detectado) Pastas infectadas: (Nenhum item malicioso foi detectado) Ficheiros infectados: C:\Program Files\BT Next Evolution\btnext.exe (Malware.Packer.T) -> No action taken. C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) -> No action taken. Log quando pedi para apagar os arquivos infectados: Tipo de Verificação: Completa (C:\|) Objetos verificados: 396339 Tempo decorrido: 3 hour(s), 45 minute(s), 25 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registo infectadas: 0 Valores do Registo infectados: 1 Ítens do Registo infectados: 0 Pastas infectadas: 0 Ficheiros infectados: 2 Processos da Memória infectados: (Nenhum item malicioso foi detectado) Módulos de Memória Infectados: (Nenhum item malicioso foi detectado) Chaves do Registo infectadas: (Nenhum item malicioso foi detectado) Valores do Registo infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MsnSys.exe (Trojan.Banker) -> Quarantined and deleted successfully. Ítens do Registo infectados: (Nenhum item malicioso foi detectado) Pastas infectadas: (Nenhum item malicioso foi detectado) Ficheiros infectados: C:\Program Files\BT Next Evolution\btnext.exe (Malware.Packer.T) -> Not selected for removal. C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) -> Delete on reboot. Isto manda mensagens pelo msn com links infectados (reparei ontem) não sei se ajuda. O malware disse que nao era possivel apagar este ficheiro C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) Eu fui a localização do arquivo mas tive medo de apagar pois podia estragar algo visto que o malware nao o conseguia remover, fica a informação. Por ultimo desculpe o titulo mas nao percebo nada disto e quando vi que tinha virus fiquei em panico :X Não foi por mal. Obrigado e bom trabalho :) Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 15, 2009 O arquivo se trata de um trojan banker. Faça o download do ComboFix de um destes locais: Link 1. Link 2. Link 3. Importante! Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança. Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado. Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional. Certifique-se de que você salvou ComboFix.exe para o seu desktop. • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Dê um duplo clique no ComboFix.exe & siga as instruções. • Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware. • Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console. -- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos. Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem: Clique em Sim, para continuar a varredura de malware. Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis. Compartilhar este post Link para o post Compartilhar em outros sites
Zéee 0 Denunciar post Postado Outubro 15, 2009 Log do ComboFix: ComboFix 09-10-14.09 - Fradinho 15-10-2009 16:23.1.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.2046.1316 [GMT 1:00] Executando de: c:\users\Fradinho\Desktop\ComboFix.exe * AV residente está ativo . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-1852755797-1290170728-3876051309-500 c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500 c:\$recycle.bin\S-1-5-21-293510674-1826960219-205584072-500 C:\conf c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SeARchsettings.dll c:\program files\Dealio Toolbar\SearchSettings.exe c:\program files\Dealio Toolbar\SearchSettingsRes409.dll c:\program files\Dealio Toolbar\sscfg.ini c:\program files\Dealio Toolbar\WidgiHelper.exe c:\recycler\S-1-5-21-854245398-1647877149-839522115-1003 c:\users\Fradinho\AppData\Local\Temp\E_N4 c:\users\Fradinho\AppData\Local\Temp\E_N4\krnln.fnr c:\users\Fradinho\AppData\Roaming\.# c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F50.### c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F60.### c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F70.### c:\users\Fradinho\AppData\Roaming\avsdrv c:\users\Fradinho\AppData\Roaming\Desktopicon c:\users\Fradinho\AppData\Roaming\inst.exe c:\users\Fradinho\AppData\Roaming\preferred c:\users\Fradinho\AppData\Roaming\videovrx.vxd c:\windows\system32\drivers\taskmgr.exe c:\windows\system32\ntSVc.ocx c:\windows\system32\win c:\windows\system32\win\errorlog.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MS Common Service (((((((((((((((( Arquivos/Ficheiros criados de 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))) . 2009-10-15 15:34 . 2009-10-15 15:34 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2009-10-15 15:34 . 2009-10-15 15:34 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2009-10-15 15:19 . 2009-10-15 15:21 -------- d-----w- C:\32788R22FWJFW 2009-10-14 22:52 . 2009-10-15 09:01 -------- d-----w- c:\users\Fradinho\AppData\Roaming\DMCache 2009-10-14 22:52 . 2009-10-14 22:52 -------- d-----w- c:\program files\Internet Download Manager 2009-10-14 10:39 . 2009-10-14 10:39 -------- d-----w- c:\program files\BT Next Evolution 2009-10-14 04:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-14 04:39 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-14 04:39 . 2009-08-27 03:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-10-14 04:38 . 2009-08-27 05:17 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-10-14 04:38 . 2009-08-27 05:17 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-10-14 04:23 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-14 04:22 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-14 04:17 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-13 13:16 . 2009-10-13 13:16 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Malwarebytes 2009-10-13 13:16 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-10-13 13:16 . 2009-10-13 13:16 -------- d-----w- c:\programdata\Malwarebytes 2009-10-13 13:16 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-10-13 13:16 . 2009-10-14 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-10-13 11:32 . 2009-10-14 12:28 -------- d-----w- C:\HijackThis 2009-10-11 19:37 . 2009-10-11 19:37 -------- d-----w- c:\users\Fradinho\Office Genuine Advantage 2009-10-11 10:23 . 2009-10-11 10:23 -------- d-----w- c:\programdata\Office Genuine Advantage 2009-10-06 01:15 . 2009-10-06 01:15 -------- dc-h--w- c:\programdata\{7D4B3D1D-104E-4507-9123-568BC721B7E2} 2009-10-06 01:14 . 2009-10-06 01:14 -------- d-----w- c:\programdata\Transparent 2009-10-06 01:14 . 2009-10-06 01:14 -------- d-----w- c:\program files\Transparent 2009-10-05 18:43 . 2009-10-05 18:43 -------- d-----w- c:\programdata\Blizzard 2009-10-02 22:52 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe 2009-10-02 22:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-02 22:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe 2009-10-02 22:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll 2009-10-02 22:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-02 22:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll 2009-10-02 22:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll 2009-10-02 22:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-02 22:45 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-02 22:45 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-09-23 08:39 . 2009-09-23 08:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\ProxyCap 2009-09-23 07:53 . 2009-09-23 07:53 -------- d-----w- C:\found.001 2009-09-21 20:16 . 2009-09-21 20:16 -------- d-----w- c:\users\Fradinho\AppData\Local\VSO 2009-09-21 11:42 . 2009-09-21 11:42 -------- d-----w- c:\program files\FreeTime 2009-09-21 08:10 . 2009-09-21 08:10 -------- d-----w- C:\found.000 2009-09-20 12:36 . 2009-09-20 12:36 -------- d-----w- c:\program files\softendo.com 2009-09-18 20:40 . 2009-09-18 20:47 -------- d-----w- c:\windows\system32\ca-ES 2009-09-18 20:40 . 2009-09-18 20:47 -------- d-----w- c:\windows\system32\eu-ES 2009-09-18 20:40 . 2009-09-18 20:46 -------- d-----w- c:\windows\system32\vi-VN 2009-09-18 19:52 . 2009-09-18 19:52 -------- d-----w- c:\windows\system32\EventProviders 2009-09-17 08:31 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll 2009-09-17 08:31 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll 2009-09-17 08:31 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe 2009-09-17 08:31 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll 2009-09-17 08:31 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe 2009-09-17 08:31 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll 2009-09-17 08:29 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll 2009-09-17 08:28 . 2009-04-11 06:28 69632 ----a-w- c:\windows\system32\rastapi.dll 2009-09-17 08:27 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-09-17 08:27 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-09-17 08:27 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-09-17 08:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-09-17 08:27 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-09-17 08:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-09-17 08:27 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-09-17 08:27 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-09-17 08:26 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-09-17 08:26 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-09-17 08:25 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-15 15:34 . 2007-08-02 18:47 12 ----a-w- c:\windows\bthservsdp.dat 2009-10-15 15:18 . 2009-03-26 22:41 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Skype 2009-10-15 13:07 . 2007-06-08 09:21 662200 ----a-w- c:\windows\system32\prfh0816.dat 2009-10-15 13:07 . 2007-06-08 09:21 133116 ----a-w- c:\windows\system32\prfc0816.dat 2009-10-15 04:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-10-15 01:06 . 2009-07-18 16:26 -------- d-----w- c:\users\Fradinho\AppData\Roaming\uTorrent 2009-10-14 22:54 . 2007-06-08 01:07 -------- d-----w- c:\program files\Google 2009-10-14 21:31 . 2009-09-11 09:53 -------- d-----w- c:\users\Fradinho\AppData\Roaming\VSO 2009-10-14 20:13 . 2007-07-31 19:04 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Image Zone Express 2009-10-14 20:10 . 2007-07-30 15:48 139453 ----a-w- c:\windows\hpoins13.dat 2009-10-14 14:10 . 2008-10-17 20:55 -------- d-----w- c:\programdata\Microsoft Help 2009-10-14 14:06 . 2007-06-08 01:03 -------- d-----w- c:\program files\Microsoft Works 2009-10-14 12:39 . 2007-10-22 11:57 9052 ----a-w- c:\users\Fradinho\AppData\Local\d3d9caps.dat 2009-10-13 09:28 . 2008-11-24 17:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2009-10-10 23:03 . 2007-07-28 16:22 127888 ----a-w- c:\users\Fradinho\AppData\Local\GDIPFONTCACHEV1.DAT 2009-10-06 08:36 . 2009-04-03 17:52 -------- d-----w- c:\program files\ONGAME 2009-10-05 14:02 . 2007-10-10 11:24 -------- d-----w- c:\program files\Common Files\Steam 2009-10-05 12:08 . 2007-07-28 20:06 40586 ----a-w- c:\users\Fradinho\AppData\Roaming\wklnhst.dat 2009-10-04 14:44 . 2009-07-17 14:12 -------- d-----w- c:\program files\UlisesSoft 2009-09-21 21:31 . 2009-08-20 13:04 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Ahead 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2009-09-15 10:51 . 2009-09-15 10:19 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Uniblue 2009-09-15 10:46 . 2009-09-15 10:45 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2009-09-15 10:46 . 2009-09-15 10:13 -------- d-----w- c:\program files\Uniblue 2009-09-15 10:14 . 2009-09-15 10:14 -------- d-----w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-09-15 10:13 . 2009-09-15 10:12 -------- dc-h--w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151} 2009-09-14 17:46 . 2008-09-14 19:17 -------- d-----w- c:\programdata\TrackMania 2009-09-14 07:47 . 2008-11-02 11:27 -------- d-----w- c:\program files\SystemRequirementsLab 2009-09-14 07:41 . 2008-11-02 11:27 -------- d-----w- c:\users\Fradinho\AppData\Roaming\SystemRequirementsLab 2009-09-11 21:19 . 2009-09-11 21:19 -------- d-----w- c:\program files\Free YouTube Downloader Converter 2009-09-11 09:53 . 2009-09-11 09:53 -------- d-----w- c:\program files\VSO 2009-09-10 07:40 . 2008-11-20 22:49 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-06 23:23 . 2009-09-06 23:23 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Juce VST Host 2009-09-06 22:59 . 2009-09-06 22:59 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Thinstall 2009-09-06 22:52 . 2009-09-06 22:52 -------- d-----w- c:\program files\Hair Pro 2008 Light 2009-09-06 20:21 . 2009-09-06 20:21 -------- d-----w- c:\program files\ZZEE 2009-09-05 01:11 . 2009-09-05 01:11 -------- d-----w- c:\program files\TeamViewer 2009-09-05 01:08 . 2008-10-21 19:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\TeamViewer 2009-09-03 16:10 . 2009-09-03 16:10 315392 ----a-w- c:\windows\system32\sbcrreag.dll 2009-09-02 12:16 . 2009-09-02 12:16 -------- d-----w- c:\program files\teci 2009-09-01 21:32 . 2008-02-14 10:40 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Windows Live Writer 2009-09-01 10:21 . 2009-09-01 10:20 -------- d-----w- c:\program files\QuickTime 2009-09-01 10:20 . 2007-08-27 19:41 -------- d-----w- c:\programdata\Apple Computer 2009-09-01 10:20 . 2008-09-09 02:41 -------- d-----w- c:\program files\Common Files\Apple 2009-08-29 12:43 . 2009-08-29 12:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Babylon 2009-08-29 12:43 . 2009-08-29 12:39 -------- d-----w- c:\programdata\Babylon 2009-08-29 12:39 . 2009-07-24 17:17 -------- d-----w- c:\program files\myBabylon_English 2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll 2009-08-29 00:27 . 2009-09-02 20:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-08-29 00:14 . 2009-09-02 20:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-08-27 20:27 . 2009-03-20 22:03 -------- d-----w- c:\program files\Opera 2009-08-24 00:15 . 2007-11-01 16:47 -------- d-----w- c:\program files\Windows Live 2009-08-23 17:54 . 2009-08-23 17:49 -------- d-----w- c:\program files\Microsoft 2009-08-23 17:54 . 2009-08-23 17:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-08-21 18:16 . 2009-06-28 01:23 -------- d-----w- c:\program files\Audible 2009-08-21 18:15 . 2007-06-08 01:01 -------- d-----w- c:\program files\Common Files\Real 2009-08-21 06:12 . 2009-08-21 13:26 267433 ----a-w- c:\windows\system32\drivers\win.exe 2009-08-20 13:05 . 2009-08-20 13:01 -------- d-----w- c:\program files\Common Files\Ahead 2009-08-20 13:01 . 2008-10-30 11:56 -------- d-----w- c:\programdata\Nero 2009-08-20 13:01 . 2008-10-30 11:57 -------- d-----w- c:\program files\Nero 2009-08-19 21:36 . 2009-08-19 21:32 -------- d-----w- c:\program files\Image-Line 2009-08-19 21:36 . 2009-08-19 21:36 -------- d-----w- c:\program files\ASIO4ALL v2 2009-08-19 21:36 . 2009-08-19 21:36 -------- d-----w- c:\program files\VstPlugins 2009-08-19 21:35 . 2009-08-19 21:35 -------- d-----w- c:\program files\Outsim 2009-08-19 17:07 . 2009-08-19 17:07 -------- d-----w- c:\program files\Movie Maker 2.6 2009-08-19 16:10 . 2009-07-25 19:08 -------- d-----w- c:\program files\YouTube Downloader 2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 22:15 . 2009-08-17 22:15 -------- d-----w- c:\program files\WinAVI Video Converter 9.0 2009-08-17 20:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild 2009-08-17 19:59 . 2009-08-17 19:59 -------- d-----w- c:\program files\Microsoft.NET 2009-08-17 19:57 . 2009-08-17 19:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-08-17 16:32 . 2008-10-30 11:56 -------- d-----w- c:\program files\Common Files\Nero 2009-08-17 16:30 . 2007-06-08 01:01 -------- d---a-w- c:\program files\Common Files\LightScribe 2009-08-17 15:55 . 2008-04-23 20:23 1648 ----a-w- c:\users\Fradinho\AppData\Local\d3d8caps.dat 2009-08-14 16:27 . 2009-09-09 00:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-08-14 15:53 . 2009-09-09 00:04 17920 ----a-w- c:\windows\system32\netevent.dll 2009-08-14 13:49 . 2009-09-09 00:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-08-14 13:49 . 2009-09-09 00:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-08-14 13:49 . 2009-09-09 00:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-08-14 13:49 . 2009-09-09 00:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-08-14 13:49 . 2009-09-09 00:04 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-08-14 13:49 . 2009-09-09 00:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-08-14 13:49 . 2009-09-09 00:04 10240 ----a-w- c:\windows\system32\finger.exe 2009-08-14 13:48 . 2009-09-09 00:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-08-14 13:48 . 2009-09-09 00:04 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-08-08 14:28 . 2009-08-06 19:23 134 ----a-w- c:\users\Fradinho\AppData\Roaming\atec.drv 2009-08-05 21:48 . 2009-08-23 17:54 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll 2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll 2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe 2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll 2009-07-25 04:23 . 2008-11-30 00:42 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-18 18:14 . 2007-11-22 15:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-18 16:48 . 2008-10-07 23:09 720896 ----a-w- c:\windows\iun6002ev.exe 2009-02-03 16:35 . 2009-02-03 16:13 1004 --sha-w- c:\windows\System32\sys_drv.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-07-15 09:09 2224152 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-09-07 17:06 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] "{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2009-03-30 278848] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040] "Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-21 198160] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-09 6281760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl] 2008-06-13 20:39 45184 ----a-w- c:\windows\System32\fsp_lmwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macroworx Filing Cabinets.lnk] backup=c:\windows\pss\Macroworx Filing Cabinets.lnk.CommonStartup backupExtension=.CommonStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(B):23,c0,c1,c8,a2,38,ca,01 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5CA872A8-4AD4-4E5B-B007-06E6E8500E15}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{EC5B640A-DEFC-48DB-BD63-6B1031652380}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{8B5BA973-9161-4E9E-8760-588A50279540}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{3BE41948-8463-4A9D-A5F9-4ABE32A79926}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{05A8495A-EE17-4C34-A97C-FD8262BDFEC4}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{E1383468-DE9B-4BAC-A319-1DC07E90244A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{4A489254-A282-458D-9DDA-73254D2FD6B4}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{5FC48BC1-3312-4A16-9DF4-464EE6B29100}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{5D02B9E7-79DF-4D8E-AF81-4A423D3F6AC9}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype "{F95E180F-D195-4D57-90EC-43D12EB5C6DD}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype "{75190A2C-65F7-4D74-AB2B-11E1382E1C7C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{FBEC3026-2EE9-4847-87F8-8BE3F839B2AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{B972B600-6385-4796-9566-E6072757D9E4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{A521BFCA-C90E-4DF7-848E-FD94298FFCFF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{5EFE8EC4-9165-462C-8430-684F03A5F63D}"= UDP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{2BCFBE46-BD97-4BCA-86FB-2B08FC6EE6CB}"= TCP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{B1BE598B-8D62-44BB-925D-C157C54A9640}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{633E5D71-747C-4FFF-90A1-69A973B3EA4E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{53D266C4-8EF8-412D-BC92-380A670BE026}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{BFF85F90-C5F5-4645-A09D-FEB06922A202}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{59365CEF-C7E3-43D5-8223-A69766FE8E93}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{A011C6DF-6008-4CDD-B3A9-835A115FBE6C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare "{9DE391BD-A40D-45FA-A81C-DEBF23D2200B}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{413AB613-973A-4114-898C-A7F1FFFA7F8A}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{88C696D3-A6AC-4590-A4A6-306FC673E600}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{EAA49130-EECC-4D69-832B-C27282525D8D}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{051F895C-8FB8-49C6-A1BF-18901CC3850C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas "{8E261363-D614-43D8-B5AC-489B0BDD14EE}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas "{9EAD8234-F114-41B5-A627-B10F587D7D7C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater "{96713DFC-A7F0-4A5E-90EA-0B3299492FF9}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater "{706D1A01-B0F2-466E-ADAF-BB762260A5A7}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{7DDA80C3-1445-4493-AEE6-99B648A53CAE}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI) "{542695A1-56B1-40FC-9165-F0431B41F45E}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{B57E70E3-3FFF-4ED9-8A19-02747CB85B51}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV) "{7B640231-C943-48AF-8B7D-24AF379BA5EB}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "{EDC65C68-E0FD-4A3F-8BA1-B2FE753F991C}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable "TCP Query User{B49952A3-47D1-4F6D-9A65-8D6458E8A743}c:\\program files\\metin2_portugal\\metin2.bin"= UDP:c:\program files\metin2_portugal\metin2.bin:metin2.bin "UDP Query User{DA8C77EC-FC6C-432B-A279-1FFBAA745E16}c:\\program files\\metin2_portugal\\metin2.bin"= TCP:c:\program files\metin2_portugal\metin2.bin:metin2.bin "{3BFF61DB-AC3C-4E8C-8139-E1DD110F0678}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In) "{2FB0EDD2-E23C-4A80-AC66-4E061078E0DF}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In) "{9076332A-A036-4424-8A43-8D1E21829F0B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{10167C03-F9B2-46BF-BC88-AA99B0F17BFC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{9DC5F4A3-FF41-4A9E-B9F0-B278BADFFFAD}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8A7473CC-2F9D-4DC9-B574-AC06E91D499C}"= c:\program files\Skype\Phone\Skype.exe:Skype "{C39117EC-28CE-45FA-B54A-24D622B23C61}"= c:\program files\Skype\Phone\Skype.exe:Skype "{8EA32B00-5C4A-4C26-8F04-189ABDBE490D}"= c:\program files\Skype\Phone\Skype.exe:Skype "{66E5671E-C9E8-43DD-B400-4717BD58ACA7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{FBAC459B-DEB7-4137-AAF5-ABA7819DEF4B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{1285A507-A3CF-41BC-A4F6-F3AB130A666F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{2ABBA80C-98C7-45AC-8941-69F8A0566D11}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{8C231E08-42B6-4ECA-A8A0-462392E41CBF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E8D12527-48CF-421B-AF60-44D702B3BB80}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7760E085-FA77-4040-9DA5-8307A0B63B5E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{A38CD49C-1D0B-4B2E-8813-6CAAE84E2833}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "{1A3F9608-6C9C-44C1-853D-75B121103E00}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application "{A7C24F4A-87F0-4079-80BD-D1486C0FDD04}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application "TCP Query User{AF0B6D97-D44E-44C7-82B4-89A2AA8B0AD5}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\yt2sf.exe:yt2sf.exe "UDP Query User{351BC6E1-0372-4901-85C4-4ACA1865A76E}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\yt2sf.exe:yt2sf.exe "TCP Query User{D9B7D1F8-C5C1-434D-BF8F-B3AA2AD75C6D}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe "UDP Query User{DACF0394-EA34-4099-8D90-B084CF15D654}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe "TCP Query User{E71590E5-58B5-4BB3-81A0-6DE655E6923D}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe "UDP Query User{449BE48C-671B-4C50-91ED-ECE0B810E049}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe "TCP Query User{49B52F13-E9BA-4435-9840-848987128DAB}c:\\program files\\metin2_portugal\\metin2.bin"= UDP:c:\program files\metin2_portugal\metin2.bin:metin2.bin "UDP Query User{6DCC481D-8F43-45A9-97F4-399BDFD44591}c:\\program files\\metin2_portugal\\metin2.bin"= TCP:c:\program files\metin2_portugal\metin2.bin:metin2.bin "TCP Query User{6AFC5A49-56E9-4AE2-B79A-B72C3564F229}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary "UDP Query User{4F9A4372-4D21-4084-AD4C-F4DCE025CC32}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary "TCP Query User{929B324F-85E3-44D3-91C2-2BBC26EFDE51}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "UDP Query User{4C44903D-7125-497F-AFD8-12D21ED3A283}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary "TCP Query User{CDD0F735-84FE-4B87-BA55-4FC5D1E8BD07}c:\\program files\\valve\\steam\\steamapps\\snakeeater16\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\snakeeater16\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{B4EA5ADF-68E3-478B-B619-A30527407C24}c:\\program files\\valve\\steam\\steamapps\\snakeeater16\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\snakeeater16\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{5211A141-8B6F-4093-98D2-AEAFE6A997DA}c:\\program files\\teci\\metin2\\metin2.bin"= UDP:c:\program files\teci\metin2\metin2.bin:metin2.bin "UDP Query User{A96F0771-76F2-4C42-B827-4F27A8B18E9F}c:\\program files\\teci\\metin2\\metin2.bin"= TCP:c:\program files\teci\metin2\metin2.bin:metin2.bin "TCP Query User{BB851D4E-72CA-4F83-81A1-52295096112C}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\longjuytsever2login.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\longjuytsever2login.exe:longjuytsever2login.exe "UDP Query User{D4130EBA-B45C-474E-8C7D-93A05A5FC292}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\longjuytsever2login.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\longjuytsever2login.exe:longjuytsever2login.exe "TCP Query User{746CB103-4971-4B34-A31B-023DA7741E06}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\gamewt.bin"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\gamewt.bin:gamewt.bin "UDP Query User{959335C5-EC74-4C79-8CAB-1F1E9D2A048F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\gamewt.bin"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\gamewt.bin:gamewt.bin "TCP Query User{BDDFC31B-8CC5-4575-9A5D-A3174B6DA9B0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent "UDP Query User{A897C413-6B82-4068-AE31-F08343DD969A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent "TCP Query User{5C4CD77E-FE30-465D-AD29-28EEECFC44AA}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_sunnight2_by_murdakilla.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_sunnight2_by_murdakilla.exe:metin_sunnight2_by_murdakilla.exe "UDP Query User{9693604E-3510-41D2-A879-833BFD82BE01}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_sunnight2_by_murdakilla.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_sunnight2_by_murdakilla.exe:metin_sunnight2_by_murdakilla.exe "TCP Query User{6D3EC253-D3A7-4586-8015-89D2C67F4DD2}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe "UDP Query User{B8B4B721-7208-4A4F-B649-865F86911BA0}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe "TCP Query User{8DCFE6FE-D46E-4017-A666-B6BAA7BBD62A}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe "UDP Query User{FDEEE70B-B0F8-42B3-B078-6FA0C769F46F}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe "TCP Query User{43E58877-EC23-4638-8C35-346CF9264E66}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\????.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\????.exe:????.exe "UDP Query User{45A2C198-3262-4D16-8E35-299184DE5694}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\????.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\????.exe:????.exe "TCP Query User{7E5A291F-6693-4293-9031-2E7BC22DC709}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2 (2).exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metin2 (2).exe:metin2 (2).exe "UDP Query User{6ACF870E-B54D-4A79-B6E4-B570584EA78F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2 (2).exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metin2 (2).exe:metin2 (2).exe "TCP Query User{5844CCD7-C5D7-48E6-BA54-A5EF48B19941}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe "UDP Query User{46EC843F-75B2-48BA-AB47-00FC4D7E598A}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe "TCP Query User{4EDB8636-2230-4269-876E-4A72C3244601}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2ol.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metin2ol.exe:metin2ol.exe "UDP Query User{6821C6CC-E838-4988-AE9B-1E40D135F1B1}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2ol.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metin2ol.exe:metin2ol.exe "TCP Query User{93FDA62D-C57C-45CB-90C3-078919729B2E}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe "UDP Query User{5BCC9704-D413-49BA-B30A-9CAF3DFE2B18}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe "TCP Query User{E8BE408F-97D8-40C1-A653-54B574C9B2AF}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\???? (2).exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\???? (2).exe:???? (2).exe "UDP Query User{5F1255EB-2784-4775-A6D1-74E3BFEBFA3B}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\???? (2).exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\???? (2).exe:???? (2).exe "TCP Query User{57A95937-2526-4602-9662-C43100802322}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metinp.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metinp.exe:metinp.exe "UDP Query User{B0EBC286-160F-4C70-AFE6-CC48C5A20C45}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metinp.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metinp.exe:metinp.exe "TCP Query User{1A51BF38-0063-4809-8680-7E1ADA16D314}c:\\users\\fradinho\\desktop\\nova pasta\\????.exe"= UDP:c:\users\fradinho\desktop\nova pasta\????.exe:????.exe "UDP Query User{25DB9AB3-33DD-4C1C-9219-12BB3F04088E}c:\\users\\fradinho\\desktop\\nova pasta\\????.exe"= TCP:c:\users\fradinho\desktop\nova pasta\????.exe:????.exe "TCP Query User{BD46774E-81B5-4352-A32F-08A07F5099E0}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_97yx.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_97yx.exe:metin_97yx.exe "UDP Query User{62950240-0E8F-405E-B0E3-D1D21ADFFFE6}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_97yx.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_97yx.exe:metin_97yx.exe "TCP Query User{02AA9519-2FA0-49E8-9C09-D21CA30728B0}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\jqlj.bin"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\jqlj.bin:jqlj.bin "UDP Query User{136273E0-DA5F-46C8-84CD-2FB763DD247A}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\jqlj.bin"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\jqlj.bin:jqlj.bin "TCP Query User{E0C3B5D7-2BCD-4C58-AC84-42498060E184}c:\\program files\\metin2_spain\\metin2.bin"= UDP:c:\program files\metin2_spain\metin2.bin:metin2.bin "UDP Query User{1C9B030E-A549-4868-BDC0-A3E50E1D0950}c:\\program files\\metin2_spain\\metin2.bin"= TCP:c:\program files\metin2_spain\metin2.bin:metin2.bin "TCP Query User{2EFBA6E0-82F7-4FBC-9661-2483F9821CC6}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\stargame.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\stargame.exe:stargame.exe "UDP Query User{6D316BA9-7408-4408-8673-F4D18482E696}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\stargame.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\stargame.exe:stargame.exe "TCP Query User{64C9DAEE-3445-4D31-9A55-A6CFE844D302}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metalongju.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metalongju.exe:metalongju.exe "UDP Query User{45F8F23D-45BE-4E2B-BAF5-70BAEA968192}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metalongju.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metalongju.exe:metalongju.exe "TCP Query User{33A41FAC-BCF7-4849-A024-44DF97B11786}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe:hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe "UDP Query User{0CDB2F1E-EB2D-46DE-B26E-9924A84EFD2B}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe:hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe "TCP Query User{B5D86DF9-ACF4-4414-BEB1-7EADAE11D62C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_tmlj_by_boy4538.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_tmlj_by_boy4538.exe:metin_tmlj_by_boy4538.exe "UDP Query User{09F1ACD0-44F9-4D37-8E39-FDE6FD36F517}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_tmlj_by_boy4538.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_tmlj_by_boy4538.exe:metin_tmlj_by_boy4538.exe "TCP Query User{FA1ECD0C-D531-4583-A9D2-6940B4D9353C}c:\\users\\fradinho\\downloads\\utorrent.exe"= UDP:c:\users\fradinho\downloads\utorrent.exe:utorrent.exe "UDP Query User{16C042E4-63BF-440E-9654-8A349029C605}c:\\users\\fradinho\\downloads\\utorrent.exe"= TCP:c:\users\fradinho\downloads\utorrent.exe:utorrent.exe "TCP Query User{604BF085-A684-4AEB-A37D-0D2F016BA02F}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin "UDP Query User{068208E8-C838-44A5-B266-D5C5DFC47099}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin "TCP Query User{7ED647F0-8EB6-4DFE-A9E9-229EBEF3D459}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin "UDP Query User{F3AEF350-8ADA-48BF-A546-FE9702E443FF}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin "TCP Query User{F6F0B30A-1685-45C0-B360-4FB64E83FBAA}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zuiaipk2009.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zuiaipk2009.exe:zuiaipk2009.exe "UDP Query User{458C4C78-BFEA-4DD3-A232-23AB21505977}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zuiaipk2009.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zuiaipk2009.exe:zuiaipk2009.exe "TCP Query User{357CB599-3236-43CA-9562-C74FC927B359}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= UDP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe "UDP Query User{F5482318-26FF-4E44-B085-45ECE78C3874}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= TCP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe "TCP Query User{41665EA1-87D9-413D-BB03-4BF9CE954096}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin "UDP Query User{3583B360-EA51-40D1-BDC4-474EDD163D14}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin "TCP Query User{5BDF5D59-07C6-406F-BD1A-78D3A58158FA}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin "UDP Query User{A936A696-B52C-41D6-A3C2-ADA9898613C2}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin "TCP Query User{9524B8C8-6993-4697-9F1A-89AB9115C88F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljwt.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\ftljwt.exe:ftljwt.exe "UDP Query User{5510679A-1FA0-4389-BAA7-136A28E2176C}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljwt.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\ftljwt.exe:ftljwt.exe "TCP Query User{7BC3CCDC-4DD7-4541-8092-70DF3C4B4E20}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljdx.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\ftljdx.exe:ftljdx.exe "UDP Query User{F99E18C5-A658-4A18-821F-5DEBB28E4884}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljdx.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\ftljdx.exe:ftljdx.exe "TCP Query User{19F2E4A6-F811-45BB-AF26-E543E6F1564C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\remixmt2_de_exe.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\remixmt2_de_exe.exe:remixmt2_de_exe.exe "UDP Query User{152C32E2-FF48-4EBD-AFB5-DF5E97C10CA4}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\remixmt2_de_exe.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\remixmt2_de_exe.exe:remixmt2_de_exe.exe "TCP Query User{927B48A4-9ECE-47B2-85BF-CD31B0ED1112}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= UDP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe "UDP Query User{4770100B-087E-4A29-A033-03BFB044FF83}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= TCP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe "TCP Query User{977F41EB-7BF9-46A2-9AF3-E88241A6B726}c:\\users\\fradinho\\desktop\\revengemt2\\mc.exe"= UDP:c:\users\fradinho\desktop\revengemt2\mc.exe:mc.exe "UDP Query User{CA58AAF1-3A77-4F52-9639-E27D1F2374E6}c:\\users\\fradinho\\desktop\\revengemt2\\mc.exe"= TCP:c:\users\fradinho\desktop\revengemt2\mc.exe:mc.exe "TCP Query User{FDB1A043-F830-40FC-8635-EBE13606FEAD}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\legendmt2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\legendmt2.exe:legendmt2.exe "UDP Query User{2AF5CE08-C70F-4458-BBC0-8618AF59CB0C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\legendmt2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\legendmt2.exe:legendmt2.exe R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21-12-2007 08:21 468224] R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\System32\drivers\nxsIO32.sys [11-12-2008 16:16 2208] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [24-08-2009 15:51 185640] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [08-06-2007 10:23 2831232] R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [05-02-2009 10:10 10096] R3 nskbfltr;nskbfltr;c:\windows\System32\drivers\nskbfltr.sys [31-10-2008 11:25 20512] R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [21-04-2007 15:15 9344] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [18-07-2009 17:29 234888] S2 gupdate1ca228b3721f695;Serviço Google Update (gupdate1ca228b3721f695);c:\program files\Google\Update\GoogleUpdate.exe [21-08-2009 19:14 133104] S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?] S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10-05-2006 09:13 29696] S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [23-08-2009 18:54 54632] S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05-08-2009 22:48 704864] S4 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-05-2008 12:42 64000] S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03-09-2006 10:32 208896] S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?] S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?] S4 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [05-02-2009 10:10 52592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc bthsvcs REG_MULTI_SZ BthServ [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C181BA2D-D5FC-1992-E236-E52376241F19}] c:\windows\system32\win\svchost.exe s . Conteúdo da pasta 'Tarefas Agendadas' 2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:14] 2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:14] 2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{4A9BDDB8-FEA9-432C-A753-9B7CC1294ADC}.job - c:\windows\system32\msfeedssync.exe [2009-10-14 03:41] . . ------- Scan Suplementar ------- . uStart Page = about:blank mStart Page = hxxp://home.sweetim.com uInternet Settings,ProxyOverride = *.local IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm LSP: c:\windows\system32\wpclsp.dll TCP: {6E0BB984-00AA-468D-811C-750D6A2474C5} = 192.168.1.1,194.65.100.117 FF - ProfilePath - c:\users\Fradinho\AppData\Roaming\Mozilla\Firefox\Profiles\yhc9oq3s.default\ FF - prefs.js: browser.startup.homepage - www.google.pt FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORFÃOS REMOVIDOS - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-Locked - (no file) Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe AddRemove-HijackThis - c:\users\Fradinho\Desktop\HijackThis.exe AddRemove-Fishdom Deluxe - c:\users\Fradinho\AppData\Local\Zylom Games\Fishdom Deluxe\GameInstlr.exe ************************************************************************** Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'Explorer.exe'(888) c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\oodag.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\System32\WUDFHost.exe c:\windows\System32\osk.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\ehome\ehsched.exe c:\windows\ehome\ehrecvr.exe c:\windows\System32\wbem\WMIADAP.exe c:\program files\Windows Media Player\wmpnscfg.exe . ************************************************************************** . Tempo para conclusão: 2009-10-15 16:45 - Máquina reiniciou ComboFix-quarantined-files.txt 2009-10-15 15:44 Pré-execução: 136.777.932.800 bytes livres Pós execução: 136.410.439.680 bytes livres 578 --- E O F --- 2009-10-14 14:16 Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:36, on 15-10-2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\Explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HijackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Sistema') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- End of file - 12341 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 15, 2009 Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento. Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt. Folder::C:\found.001 C:\found.000 Registry:: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=- Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos. Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo. O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção. IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Quando acabar, será gerado um log, que estará em C:\ComboFix.txt. Logo em seguida realize os procedimentos abaixo: • Baixe: < '>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D > • Salve-o no Disco Local-C, em uma pasta própria. • Reinicie o computador, em Modo de Segurança. <-- Importante! • Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok. • Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde! • Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt ) Compartilhar este post Link para o post Compartilhar em outros sites
Zéee 0 Denunciar post Postado Outubro 16, 2009 Olá. Tive problemas em completar o processo que pediu, é que o ComboFix diz que tinha de desactivar o anti-virus e outro programa "spyware sweeper" e depois carregar "Ok" e como ele desapareceu da barra do iniciar (aquela parte no canto inferior direito) pensei que estava desactivado, fiz ontem o mesmo para o processo anterior :S O Spyware Sweeper nem o encontrei -_-' Não percebo como devo desactiva-los? O anti-virus chama.se ESET Smart Security 3.0. E quando pediu para não usar a internet durante o processo queria dizer para não a usar só ou desconecta-la? Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 16, 2009 Veja aqui como desativar temporariamente os programas de proteção. http://forum.imasters.com.br/index.php?/topic/323876-desabilitar-temporariamente-o-programa-de-seguranca/ E quando pediu para não usar a internet durante o processo queria dizer para não a usar só ou desconecta-la? Basta apenas fechar a página da internet. Abraços Compartilhar este post Link para o post Compartilhar em outros sites
Zéee 0 Denunciar post Postado Outubro 17, 2009 Obrigado o link ajudou :) Só há mais um problema, o ComboFix diz para desligar o anti-spyware "Spy sweeper" mas não encontro no computador :unsure: Será que faz parte de outro programa? Não percebo :cry: Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 17, 2009 Não está consiguindo rodar o combofix por causa do anti-spyware? Va apertando em "ok" nas mensagem que surgir, qualquer coisa tente rodar em modo segurança. Compartilhar este post Link para o post Compartilhar em outros sites
Zéee 0 Denunciar post Postado Outubro 17, 2009 O problema não é não conseguir, é o ComboFix diz que se não desactivar o anti-spyware poderam ocorrer danos no sistema e como é obvio não quero danos no pc, por isso a pergunta. Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Outubro 18, 2009 Entendo o seu problema.Acesse este site: http://www.kaspersky.com/virusscanner Clique em Siga as instruções de configuração do verificador conforme imagem abaixo. poste o log do scan aqui mesmo no tópico Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Novembro 18, 2009 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites