[Arquivado] genetik trojan

[Zéee 0]

Olá, o meu antivirus (Nod) diz que tenho um genetik trojan. Queria saber se posso entrar em contas de email, jogos online, youtube sem que os meus dados estejam em risco? Nao sei o que este trojan faz :S

Já utilizei o HijackThis mas daqui pra frente nao sei o que fazer (sou muito "noob")

 

Aqui vai o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:47:42, on 13-10-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dealio Toolbar\SearchSettings.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C:\Users\Fradinho\AppData\Windwnx32.exe

C:\Users\Fradinho\AppData\Windwnx32.exe

C:\Users\Fradinho\AppData\MsnSys.exe

C:\Users\Fradinho\Downloads\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Explorer.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

F2 - REG:system.ini: Shell=

O1 - Hosts: ::1 localhost

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file)

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [{C181BA2D-D5FC-1992-E236-E52376241F19}] C:\Windows\system32\win\svchost.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKCU\..\Run: [Downsys] C:\Users\Fradinho\AppData\Windwnx32.exe

O4 - HKCU\..\Run: [MsnSys.exe] C:\Users\Fradinho\AppData\MsnSys.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'Sistema')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MS Common Service - Unknown owner - C:\Windows\system32\mscomserv.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 14014 bytes

[PedroN 1]

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

[Zéee 0]

Olá já fiz o processo que pediu, segue o log do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:28:59, on 14-10-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18813)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Dealio Toolbar\SearchSettings.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Windows\ehome\ehmsas.exe

C:\Users\Fradinho\AppData\MsnSys.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Fradinho\AppData\Local\Temp\Rar$EX00.652\MSNCleaner.exe

C:\Users\Fradinho\AppData\Local\Temp\Rar$EX04.597\MSNCleaner.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\taskeng.exe

C:\Users\Fradinho\Desktop\Yitian2PT\Yitian2PT.exe

C:\Users\Fradinho\Desktop\Yitian2PT\mc.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\Explorer.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll

O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file)

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKCU\..\Run: [MsnSys.exe] C:\Users\Fradinho\AppData\MsnSys.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema')

O4 - HKUS\S-1-5-18\..\RunOnce: [] OSK.exe (User 'Sistema')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [] OSK.exe (User 'Default user')

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MS Common Service - Unknown owner - C:\Windows\system32\mscomserv.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 14217 bytes

 

O MalwareBytes deu dois log's um depois do scan e outro quando mandei resolver os "problemas" seguem os 2:

Log do MalwareBytes depois do scan:

 

 

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 2954

Windows 6.0.6002 Service Pack 2

 

14-10-2009 13:27:06

mbam-log-2009-10-14 (13-26-49).txt

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 396339

Tempo decorrido: 3 hour(s), 45 minute(s), 25 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 1

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 2

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MsnSys.exe (Trojan.Banker) -> No action taken.

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

C:\Program Files\BT Next Evolution\btnext.exe (Malware.Packer.T) -> No action taken.

C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) -> No action taken.

 

 

Log quando pedi para apagar os arquivos infectados:

 

 

Tipo de Verificação: Completa (C:\|)

Objetos verificados: 396339

Tempo decorrido: 3 hour(s), 45 minute(s), 25 second(s)

 

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 0

Valores do Registo infectados: 1

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 2

 

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

 

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

 

Chaves do Registo infectadas:

(Nenhum item malicioso foi detectado)

 

Valores do Registo infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MsnSys.exe (Trojan.Banker) -> Quarantined and deleted successfully.

 

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

 

Pastas infectadas:

(Nenhum item malicioso foi detectado)

 

Ficheiros infectados:

C:\Program Files\BT Next Evolution\btnext.exe (Malware.Packer.T) -> Not selected for removal.

C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) -> Delete on reboot.

 

Isto manda mensagens pelo msn com links infectados (reparei ontem) não sei se ajuda. O malware disse que nao era possivel apagar este ficheiro C:\Users\Fradinho\AppData\MsnSys.exe (Trojan.Banker) Eu fui a localização do arquivo mas tive medo de apagar pois podia estragar algo visto que o malware nao o conseguia remover, fica a informação. Por ultimo desculpe o titulo mas nao percebo nada disto e quando vi que tinha virus fiquei em panico :X Não foi por mal. Obrigado e bom trabalho :)

[PedroN 1]

O arquivo se trata de um trojan banker.

 

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

[Zéee 0]

Log do ComboFix:

 

ComboFix 09-10-14.09 - Fradinho 15-10-2009 16:23.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.351.2070.18.2046.1316 [GMT 1:00]

Executando de: c:\users\Fradinho\Desktop\ComboFix.exe

* AV residente está ativo

 

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1852755797-1290170728-3876051309-500

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-293510674-1826960219-205584072-500

C:\conf

c:\program files\Dealio Toolbar

c:\program files\Dealio Toolbar\config.ini

c:\program files\Dealio Toolbar\DealioToolbarIE.dll

c:\program files\Dealio Toolbar\Res\amazon.gif

c:\program files\Dealio Toolbar\Res\apple.gif

c:\program files\Dealio Toolbar\Res\barnes.gif

c:\program files\Dealio Toolbar\Res\bestbuy.gif

c:\program files\Dealio Toolbar\Res\dealio_logo.gif

c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif

c:\program files\Dealio Toolbar\Res\ebay.gif

c:\program files\Dealio Toolbar\Res\icon_settings.gif

c:\program files\Dealio Toolbar\Res\macys.gif

c:\program files\Dealio Toolbar\Res\newegg.gif

c:\program files\Dealio Toolbar\Res\overstock.gif

c:\program files\Dealio Toolbar\Res\search-button-hover.gif

c:\program files\Dealio Toolbar\Res\search-button.gif

c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif

c:\program files\Dealio Toolbar\Res\search-chevron.gif

c:\program files\Dealio Toolbar\Res\search_amazon.gif

c:\program files\Dealio Toolbar\Res\search_dealio.gif

c:\program files\Dealio Toolbar\Res\search_ebay.gif

c:\program files\Dealio Toolbar\Res\search_yahoo.gif

c:\program files\Dealio Toolbar\Res\separator.gif

c:\program files\Dealio Toolbar\Res\target.gif

c:\program files\Dealio Toolbar\Res\walmart.gif

c:\program files\Dealio Toolbar\Res\widgets.xml

c:\program files\Dealio Toolbar\SeARchsettings.dll

c:\program files\Dealio Toolbar\SearchSettings.exe

c:\program files\Dealio Toolbar\SearchSettingsRes409.dll

c:\program files\Dealio Toolbar\sscfg.ini

c:\program files\Dealio Toolbar\WidgiHelper.exe

c:\recycler\S-1-5-21-854245398-1647877149-839522115-1003

c:\users\Fradinho\AppData\Local\Temp\E_N4

c:\users\Fradinho\AppData\Local\Temp\E_N4\krnln.fnr

c:\users\Fradinho\AppData\Roaming\.#

c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F50.###

c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F60.###

c:\users\Fradinho\AppData\Roaming\.#\MBX@10E0@3B1F70.###

c:\users\Fradinho\AppData\Roaming\avsdrv

c:\users\Fradinho\AppData\Roaming\Desktopicon

c:\users\Fradinho\AppData\Roaming\inst.exe

c:\users\Fradinho\AppData\Roaming\preferred

c:\users\Fradinho\AppData\Roaming\videovrx.vxd

c:\windows\system32\drivers\taskmgr.exe

c:\windows\system32\ntSVc.ocx

c:\windows\system32\win

c:\windows\system32\win\errorlog.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_MS Common Service

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2009-09-15 to 2009-10-15 ))))))))))))))))))))))))))))

.

 

2009-10-15 15:34 . 2009-10-15 15:34 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2009-10-15 15:34 . 2009-10-15 15:34 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp

2009-10-15 15:19 . 2009-10-15 15:21 -------- d-----w- C:\32788R22FWJFW

2009-10-14 22:52 . 2009-10-15 09:01 -------- d-----w- c:\users\Fradinho\AppData\Roaming\DMCache

2009-10-14 22:52 . 2009-10-14 22:52 -------- d-----w- c:\program files\Internet Download Manager

2009-10-14 10:39 . 2009-10-14 10:39 -------- d-----w- c:\program files\BT Next Evolution

2009-10-14 04:41 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll

2009-10-14 04:39 . 2009-08-27 05:22 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-14 04:39 . 2009-08-27 03:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-10-14 04:38 . 2009-08-27 05:17 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-10-14 04:38 . 2009-08-27 05:17 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-10-14 04:23 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2009-10-14 04:22 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2009-10-14 04:17 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2009-10-13 13:16 . 2009-10-13 13:16 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Malwarebytes

2009-10-13 13:16 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-13 13:16 . 2009-10-13 13:16 -------- d-----w- c:\programdata\Malwarebytes

2009-10-13 13:16 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-10-13 13:16 . 2009-10-14 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-13 11:32 . 2009-10-14 12:28 -------- d-----w- C:\HijackThis

2009-10-11 19:37 . 2009-10-11 19:37 -------- d-----w- c:\users\Fradinho\Office Genuine Advantage

2009-10-11 10:23 . 2009-10-11 10:23 -------- d-----w- c:\programdata\Office Genuine Advantage

2009-10-06 01:15 . 2009-10-06 01:15 -------- dc-h--w- c:\programdata\{7D4B3D1D-104E-4507-9123-568BC721B7E2}

2009-10-06 01:14 . 2009-10-06 01:14 -------- d-----w- c:\programdata\Transparent

2009-10-06 01:14 . 2009-10-06 01:14 -------- d-----w- c:\program files\Transparent

2009-10-05 18:43 . 2009-10-05 18:43 -------- d-----w- c:\programdata\Blizzard

2009-10-02 22:52 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe

2009-10-02 22:46 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll

2009-10-02 22:46 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-10-02 22:46 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-10-02 22:46 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll

2009-10-02 22:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll

2009-10-02 22:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-10-02 22:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll

2009-10-02 22:45 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll

2009-10-02 22:45 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe

2009-09-23 08:39 . 2009-09-23 08:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\ProxyCap

2009-09-23 07:53 . 2009-09-23 07:53 -------- d-----w- C:\found.001

2009-09-21 20:16 . 2009-09-21 20:16 -------- d-----w- c:\users\Fradinho\AppData\Local\VSO

2009-09-21 11:42 . 2009-09-21 11:42 -------- d-----w- c:\program files\FreeTime

2009-09-21 08:10 . 2009-09-21 08:10 -------- d-----w- C:\found.000

2009-09-20 12:36 . 2009-09-20 12:36 -------- d-----w- c:\program files\softendo.com

2009-09-18 20:40 . 2009-09-18 20:47 -------- d-----w- c:\windows\system32\ca-ES

2009-09-18 20:40 . 2009-09-18 20:47 -------- d-----w- c:\windows\system32\eu-ES

2009-09-18 20:40 . 2009-09-18 20:46 -------- d-----w- c:\windows\system32\vi-VN

2009-09-18 19:52 . 2009-09-18 19:52 -------- d-----w- c:\windows\system32\EventProviders

2009-09-17 08:31 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll

2009-09-17 08:31 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll

2009-09-17 08:31 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe

2009-09-17 08:31 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll

2009-09-17 08:31 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe

2009-09-17 08:31 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll

2009-09-17 08:29 . 2009-04-11 06:28 1077248 ----a-w- c:\windows\system32\vssapi.dll

2009-09-17 08:28 . 2009-04-11 06:28 69632 ----a-w- c:\windows\system32\rastapi.dll

2009-09-17 08:27 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll

2009-09-17 08:27 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll

2009-09-17 08:27 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll

2009-09-17 08:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll

2009-09-17 08:27 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll

2009-09-17 08:27 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll

2009-09-17 08:27 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll

2009-09-17 08:27 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll

2009-09-17 08:26 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll

2009-09-17 08:26 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe

2009-09-17 08:25 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-10-15 15:34 . 2007-08-02 18:47 12 ----a-w- c:\windows\bthservsdp.dat

2009-10-15 15:18 . 2009-03-26 22:41 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Skype

2009-10-15 13:07 . 2007-06-08 09:21 662200 ----a-w- c:\windows\system32\prfh0816.dat

2009-10-15 13:07 . 2007-06-08 09:21 133116 ----a-w- c:\windows\system32\prfc0816.dat

2009-10-15 04:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-10-15 01:06 . 2009-07-18 16:26 -------- d-----w- c:\users\Fradinho\AppData\Roaming\uTorrent

2009-10-14 22:54 . 2007-06-08 01:07 -------- d-----w- c:\program files\Google

2009-10-14 21:31 . 2009-09-11 09:53 -------- d-----w- c:\users\Fradinho\AppData\Roaming\VSO

2009-10-14 20:13 . 2007-07-31 19:04 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Image Zone Express

2009-10-14 20:10 . 2007-07-30 15:48 139453 ----a-w- c:\windows\hpoins13.dat

2009-10-14 14:10 . 2008-10-17 20:55 -------- d-----w- c:\programdata\Microsoft Help

2009-10-14 14:06 . 2007-06-08 01:03 -------- d-----w- c:\program files\Microsoft Works

2009-10-14 12:39 . 2007-10-22 11:57 9052 ----a-w- c:\users\Fradinho\AppData\Local\d3d9caps.dat

2009-10-13 09:28 . 2008-11-24 17:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-10-10 23:03 . 2007-07-28 16:22 127888 ----a-w- c:\users\Fradinho\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-06 08:36 . 2009-04-03 17:52 -------- d-----w- c:\program files\ONGAME

2009-10-05 14:02 . 2007-10-10 11:24 -------- d-----w- c:\program files\Common Files\Steam

2009-10-05 12:08 . 2007-07-28 20:06 40586 ----a-w- c:\users\Fradinho\AppData\Roaming\wklnhst.dat

2009-10-04 14:44 . 2009-07-17 14:12 -------- d-----w- c:\program files\UlisesSoft

2009-09-21 21:31 . 2009-08-20 13:04 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Ahead

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2009-09-18 20:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2009-09-15 10:51 . 2009-09-15 10:19 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Uniblue

2009-09-15 10:46 . 2009-09-15 10:45 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2009-09-15 10:46 . 2009-09-15 10:13 -------- d-----w- c:\program files\Uniblue

2009-09-15 10:14 . 2009-09-15 10:14 -------- d-----w- c:\programdata\{D5ABFFAD-D592-4F98-B02B-587125B4801F}

2009-09-15 10:13 . 2009-09-15 10:12 -------- dc-h--w- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}

2009-09-14 17:46 . 2008-09-14 19:17 -------- d-----w- c:\programdata\TrackMania

2009-09-14 07:47 . 2008-11-02 11:27 -------- d-----w- c:\program files\SystemRequirementsLab

2009-09-14 07:41 . 2008-11-02 11:27 -------- d-----w- c:\users\Fradinho\AppData\Roaming\SystemRequirementsLab

2009-09-11 21:19 . 2009-09-11 21:19 -------- d-----w- c:\program files\Free YouTube Downloader Converter

2009-09-11 09:53 . 2009-09-11 09:53 -------- d-----w- c:\program files\VSO

2009-09-10 07:40 . 2008-11-20 22:49 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-06 23:23 . 2009-09-06 23:23 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Juce VST Host

2009-09-06 22:59 . 2009-09-06 22:59 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Thinstall

2009-09-06 22:52 . 2009-09-06 22:52 -------- d-----w- c:\program files\Hair Pro 2008 Light

2009-09-06 20:21 . 2009-09-06 20:21 -------- d-----w- c:\program files\ZZEE

2009-09-05 01:11 . 2009-09-05 01:11 -------- d-----w- c:\program files\TeamViewer

2009-09-05 01:08 . 2008-10-21 19:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\TeamViewer

2009-09-03 16:10 . 2009-09-03 16:10 315392 ----a-w- c:\windows\system32\sbcrreag.dll

2009-09-02 12:16 . 2009-09-02 12:16 -------- d-----w- c:\program files\teci

2009-09-01 21:32 . 2008-02-14 10:40 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Windows Live Writer

2009-09-01 10:21 . 2009-09-01 10:20 -------- d-----w- c:\program files\QuickTime

2009-09-01 10:20 . 2007-08-27 19:41 -------- d-----w- c:\programdata\Apple Computer

2009-09-01 10:20 . 2008-09-09 02:41 -------- d-----w- c:\program files\Common Files\Apple

2009-08-29 12:43 . 2009-08-29 12:39 -------- d-----w- c:\users\Fradinho\AppData\Roaming\Babylon

2009-08-29 12:43 . 2009-08-29 12:39 -------- d-----w- c:\programdata\Babylon

2009-08-29 12:39 . 2009-07-24 17:17 -------- d-----w- c:\program files\myBabylon_English

2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-08-29 00:27 . 2009-09-02 20:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2009-08-29 00:14 . 2009-09-02 20:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2009-08-27 20:27 . 2009-03-20 22:03 -------- d-----w- c:\program files\Opera

2009-08-24 00:15 . 2007-11-01 16:47 -------- d-----w- c:\program files\Windows Live

2009-08-23 17:54 . 2009-08-23 17:49 -------- d-----w- c:\program files\Microsoft

2009-08-23 17:54 . 2009-08-23 17:54 -------- d-----w- c:\program files\Microsoft Office Outlook Connector

2009-08-23 17:53 . 2009-08-23 17:53 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-08-21 18:16 . 2009-06-28 01:23 -------- d-----w- c:\program files\Audible

2009-08-21 18:15 . 2007-06-08 01:01 -------- d-----w- c:\program files\Common Files\Real

2009-08-21 06:12 . 2009-08-21 13:26 267433 ----a-w- c:\windows\system32\drivers\win.exe

2009-08-20 13:05 . 2009-08-20 13:01 -------- d-----w- c:\program files\Common Files\Ahead

2009-08-20 13:01 . 2008-10-30 11:56 -------- d-----w- c:\programdata\Nero

2009-08-20 13:01 . 2008-10-30 11:57 -------- d-----w- c:\program files\Nero

2009-08-19 21:36 . 2009-08-19 21:32 -------- d-----w- c:\program files\Image-Line

2009-08-19 21:36 . 2009-08-19 21:36 -------- d-----w- c:\program files\ASIO4ALL v2

2009-08-19 21:36 . 2009-08-19 21:36 -------- d-----w- c:\program files\VstPlugins

2009-08-19 21:35 . 2009-08-19 21:35 -------- d-----w- c:\program files\Outsim

2009-08-19 17:07 . 2009-08-19 17:07 -------- d-----w- c:\program files\Movie Maker 2.6

2009-08-19 16:10 . 2009-07-25 19:08 -------- d-----w- c:\program files\YouTube Downloader

2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-17 22:15 . 2009-08-17 22:15 -------- d-----w- c:\program files\WinAVI Video Converter 9.0

2009-08-17 20:01 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild

2009-08-17 19:59 . 2009-08-17 19:59 -------- d-----w- c:\program files\Microsoft.NET

2009-08-17 19:57 . 2009-08-17 19:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2009-08-17 16:32 . 2008-10-30 11:56 -------- d-----w- c:\program files\Common Files\Nero

2009-08-17 16:30 . 2007-06-08 01:01 -------- d---a-w- c:\program files\Common Files\LightScribe

2009-08-17 15:55 . 2008-04-23 20:23 1648 ----a-w- c:\users\Fradinho\AppData\Local\d3d8caps.dat

2009-08-14 16:27 . 2009-09-09 00:04 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys

2009-08-14 15:53 . 2009-09-09 00:04 17920 ----a-w- c:\windows\system32\netevent.dll

2009-08-14 13:49 . 2009-09-09 00:04 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE

2009-08-14 13:49 . 2009-09-09 00:04 11264 ----a-w- c:\windows\system32\MRINFO.EXE

2009-08-14 13:49 . 2009-09-09 00:04 17920 ----a-w- c:\windows\system32\ROUTE.EXE

2009-08-14 13:49 . 2009-09-09 00:04 27136 ----a-w- c:\windows\system32\NETSTAT.EXE

2009-08-14 13:49 . 2009-09-09 00:04 19968 ----a-w- c:\windows\system32\ARP.EXE

2009-08-14 13:49 . 2009-09-09 00:04 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE

2009-08-14 13:49 . 2009-09-09 00:04 10240 ----a-w- c:\windows\system32\finger.exe

2009-08-14 13:48 . 2009-09-09 00:04 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2009-08-14 13:48 . 2009-09-09 00:04 105984 ----a-w- c:\windows\system32\netiohlp.dll

2009-08-08 14:28 . 2009-08-06 19:23 134 ----a-w- c:\users\Fradinho\AppData\Roaming\atec.drv

2009-08-05 21:48 . 2009-08-23 17:54 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys

2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll

2009-07-25 04:23 . 2008-11-30 00:42 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-18 18:14 . 2007-11-22 15:00 721904 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-07-18 16:48 . 2008-10-07 23:09 720896 ----a-w- c:\windows\iun6002ev.exe

2009-02-03 16:35 . 2009-02-03 16:13 1004 --sha-w- c:\windows\System32\sys_drv.dat

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

2009-07-15 09:09 2224152 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2008-09-07 17:06 1172792 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

"{4d02e7e6-5930-4b51-b9b0-9f21b3789400}"= "mscoree.dll" [2009-03-30 278848]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

 

[HKEY_CLASSES_ROOT\clsid\{4d02e7e6-5930-4b51-b9b0-9f21b3789400}]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-07-15 2224152]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 149040]

"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13683232]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 92704]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-04 161328]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-21 198160]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-09-09 6281760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]

2008-06-13 20:39 45184 ----a-w- c:\windows\System32\fsp_lmwl.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Macroworx Filing Cabinets.lnk]

backup=c:\windows\pss\Macroworx Filing Cabinets.lnk.CommonStartup

backupExtension=.CommonStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(B):23,c0,c1,c8,a2,38,ca,01

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{5CA872A8-4AD4-4E5B-B007-06E6E8500E15}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{EC5B640A-DEFC-48DB-BD63-6B1031652380}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM

"{8B5BA973-9161-4E9E-8760-588A50279540}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{3BE41948-8463-4A9D-A5F9-4ABE32A79926}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server

"{05A8495A-EE17-4C34-A97C-FD8262BDFEC4}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{E1383468-DE9B-4BAC-A319-1DC07E90244A}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service

"{4A489254-A282-458D-9DDA-73254D2FD6B4}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery

"{5FC48BC1-3312-4A16-9DF4-464EE6B29100}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery

"{5D02B9E7-79DF-4D8E-AF81-4A423D3F6AC9}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype

"{F95E180F-D195-4D57-90EC-43D12EB5C6DD}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype

"{75190A2C-65F7-4D74-AB2B-11E1382E1C7C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{FBEC3026-2EE9-4847-87F8-8BE3F839B2AD}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{B972B600-6385-4796-9566-E6072757D9E4}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{A521BFCA-C90E-4DF7-848E-FD94298FFCFF}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{5EFE8EC4-9165-462C-8430-684F03A5F63D}"= UDP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne

"{2BCFBE46-BD97-4BCA-86FB-2B08FC6EE6CB}"= TCP:c:\program files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne

"{B1BE598B-8D62-44BB-925D-C157C54A9640}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{633E5D71-747C-4FFF-90A1-69A973B3EA4E}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA

"{53D266C4-8EF8-412D-BC92-380A670BE026}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{BFF85F90-C5F5-4645-A09D-FEB06922A202}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB

"{59365CEF-C7E3-43D5-8223-A69766FE8E93}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{A011C6DF-6008-4CDD-B3A9-835A115FBE6C}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare

"{9DE391BD-A40D-45FA-A81C-DEBF23D2200B}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{413AB613-973A-4114-898C-A7F1FFFA7F8A}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)

"{88C696D3-A6AC-4590-A4A6-306FC673E600}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{EAA49130-EECC-4D69-832B-C27282525D8D}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)

"{051F895C-8FB8-49C6-A1BF-18901CC3850C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas

"{8E261363-D614-43D8-B5AC-489B0BDD14EE}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas

"{9EAD8234-F114-41B5-A627-B10F587D7D7C}"= UDP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater

"{96713DFC-A7F0-4A5E-90EA-0B3299492FF9}"= TCP:c:\program files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater

"{706D1A01-B0F2-466E-ADAF-BB762260A5A7}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)

"{7DDA80C3-1445-4493-AEE6-99B648A53CAE}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (CLI)

"{542695A1-56B1-40FC-9165-F0431B41F45E}"= UDP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)

"{B57E70E3-3FFF-4ED9-8A19-02747CB85B51}"= TCP:c:\program files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:S.T.A.L.K.E.R. - Clear Sky (SRV)

"{7B640231-C943-48AF-8B7D-24AF379BA5EB}"= UDP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable

"{EDC65C68-E0FD-4A3F-8BA1-B2FE753F991C}"= TCP:c:\program files\Microsoft Games\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable

"TCP Query User{B49952A3-47D1-4F6D-9A65-8D6458E8A743}c:\\program files\\metin2_portugal\\metin2.bin"= UDP:c:\program files\metin2_portugal\metin2.bin:metin2.bin

"UDP Query User{DA8C77EC-FC6C-432B-A279-1FFBAA745E16}c:\\program files\\metin2_portugal\\metin2.bin"= TCP:c:\program files\metin2_portugal\metin2.bin:metin2.bin

"{3BFF61DB-AC3C-4E8C-8139-E1DD110F0678}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{2FB0EDD2-E23C-4A80-AC66-4E061078E0DF}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{9076332A-A036-4424-8A43-8D1E21829F0B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{10167C03-F9B2-46BF-BC88-AA99B0F17BFC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{9DC5F4A3-FF41-4A9E-B9F0-B278BADFFFAD}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8A7473CC-2F9D-4DC9-B574-AC06E91D499C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C39117EC-28CE-45FA-B54A-24D622B23C61}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8EA32B00-5C4A-4C26-8F04-189ABDBE490D}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{66E5671E-C9E8-43DD-B400-4717BD58ACA7}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{FBAC459B-DEB7-4137-AAF5-ABA7819DEF4B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{1285A507-A3CF-41BC-A4F6-F3AB130A666F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{2ABBA80C-98C7-45AC-8941-69F8A0566D11}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{8C231E08-42B6-4ECA-A8A0-462392E41CBF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{E8D12527-48CF-421B-AF60-44D702B3BB80}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{7760E085-FA77-4040-9DA5-8307A0B63B5E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{A38CD49C-1D0B-4B2E-8813-6CAAE84E2833}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

"{1A3F9608-6C9C-44C1-853D-75B121103E00}"= UDP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application

"{A7C24F4A-87F0-4079-80BD-D1486C0FDD04}"= TCP:c:\program files\TeamViewer\Version4\TeamViewer.exe:Teamviewer Remote Control Application

"TCP Query User{AF0B6D97-D44E-44C7-82B4-89A2AA8B0AD5}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\yt2sf.exe:yt2sf.exe

"UDP Query User{351BC6E1-0372-4901-85C4-4ACA1865A76E}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\yt2sf.exe:yt2sf.exe

"TCP Query User{D9B7D1F8-C5C1-434D-BF8F-B3AA2AD75C6D}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe

"UDP Query User{DACF0394-EA34-4099-8D90-B084CF15D654}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe

"TCP Query User{E71590E5-58B5-4BB3-81A0-6DE655E6923D}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe

"UDP Query User{449BE48C-671B-4C50-91ED-ECE0B810E049}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\yt2sf.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\yt2sf.exe:yt2sf.exe

"TCP Query User{49B52F13-E9BA-4435-9840-848987128DAB}c:\\program files\\metin2_portugal\\metin2.bin"= UDP:c:\program files\metin2_portugal\metin2.bin:metin2.bin

"UDP Query User{6DCC481D-8F43-45A9-97F4-399BDFD44591}c:\\program files\\metin2_portugal\\metin2.bin"= TCP:c:\program files\metin2_portugal\metin2.bin:metin2.bin

"TCP Query User{6AFC5A49-56E9-4AE2-B79A-B72C3564F229}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary

"UDP Query User{4F9A4372-4D21-4084-AD4C-F4DCE025CC32}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java Platform SE binary

"TCP Query User{929B324F-85E3-44D3-91C2-2BBC26EFDE51}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"UDP Query User{4C44903D-7125-497F-AFD8-12D21ED3A283}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java Platform SE binary

"TCP Query User{CDD0F735-84FE-4B87-BA55-4FC5D1E8BD07}c:\\program files\\valve\\steam\\steamapps\\snakeeater16\\counter-strike\\hl.exe"= UDP:c:\program files\valve\steam\steamapps\snakeeater16\counter-strike\hl.exe:Half-Life Launcher

"UDP Query User{B4EA5ADF-68E3-478B-B619-A30527407C24}c:\\program files\\valve\\steam\\steamapps\\snakeeater16\\counter-strike\\hl.exe"= TCP:c:\program files\valve\steam\steamapps\snakeeater16\counter-strike\hl.exe:Half-Life Launcher

"TCP Query User{5211A141-8B6F-4093-98D2-AEAFE6A997DA}c:\\program files\\teci\\metin2\\metin2.bin"= UDP:c:\program files\teci\metin2\metin2.bin:metin2.bin

"UDP Query User{A96F0771-76F2-4C42-B827-4F27A8B18E9F}c:\\program files\\teci\\metin2\\metin2.bin"= TCP:c:\program files\teci\metin2\metin2.bin:metin2.bin

"TCP Query User{BB851D4E-72CA-4F83-81A1-52295096112C}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\longjuytsever2login.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\longjuytsever2login.exe:longjuytsever2login.exe

"UDP Query User{D4130EBA-B45C-474E-8C7D-93A05A5FC292}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\longjuytsever2login.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\longjuytsever2login.exe:longjuytsever2login.exe

"TCP Query User{746CB103-4971-4B34-A31B-023DA7741E06}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\gamewt.bin"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\gamewt.bin:gamewt.bin

"UDP Query User{959335C5-EC74-4C79-8CAB-1F1E9D2A048F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\gamewt.bin"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\gamewt.bin:gamewt.bin

"TCP Query User{BDDFC31B-8CC5-4575-9A5D-A3174B6DA9B0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{A897C413-6B82-4068-AE31-F08343DD969A}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{5C4CD77E-FE30-465D-AD29-28EEECFC44AA}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_sunnight2_by_murdakilla.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_sunnight2_by_murdakilla.exe:metin_sunnight2_by_murdakilla.exe

"UDP Query User{9693604E-3510-41D2-A879-833BFD82BE01}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_sunnight2_by_murdakilla.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_sunnight2_by_murdakilla.exe:metin_sunnight2_by_murdakilla.exe

"TCP Query User{6D3EC253-D3A7-4586-8015-89D2C67F4DD2}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe

"UDP Query User{B8B4B721-7208-4A4F-B649-865F86911BA0}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe

"TCP Query User{8DCFE6FE-D46E-4017-A666-B6BAA7BBD62A}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe

"UDP Query User{FDEEE70B-B0F8-42B3-B078-6FA0C769F46F}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zzyt2 traduçao by mt2ptpservers.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zzyt2 traduçao by mt2ptpservers.exe:zzyt2 traduçao by mt2ptpservers.exe

"TCP Query User{43E58877-EC23-4638-8C35-346CF9264E66}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\????.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\????.exe:????.exe

"UDP Query User{45A2C198-3262-4D16-8E35-299184DE5694}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\????.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\????.exe:????.exe

"TCP Query User{7E5A291F-6693-4293-9031-2E7BC22DC709}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2 (2).exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metin2 (2).exe:metin2 (2).exe

"UDP Query User{6ACF870E-B54D-4A79-B6E4-B570584EA78F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2 (2).exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metin2 (2).exe:metin2 (2).exe

"TCP Query User{5844CCD7-C5D7-48E6-BA54-A5EF48B19941}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe

"UDP Query User{46EC843F-75B2-48BA-AB47-00FC4D7E598A}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe

"TCP Query User{4EDB8636-2230-4269-876E-4A72C3244601}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2ol.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metin2ol.exe:metin2ol.exe

"UDP Query User{6821C6CC-E838-4988-AE9B-1E40D135F1B1}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metin2ol.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metin2ol.exe:metin2ol.exe

"TCP Query User{93FDA62D-C57C-45CB-90C3-078919729B2E}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe

"UDP Query User{5BCC9704-D413-49BA-B30A-9CAF3DFE2B18}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\tm1metin2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\tm1metin2.exe:tm1metin2.exe

"TCP Query User{E8BE408F-97D8-40C1-A653-54B574C9B2AF}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\???? (2).exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\???? (2).exe:???? (2).exe

"UDP Query User{5F1255EB-2784-4775-A6D1-74E3BFEBFA3B}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\???? (2).exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\???? (2).exe:???? (2).exe

"TCP Query User{57A95937-2526-4602-9662-C43100802322}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metinp.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metinp.exe:metinp.exe

"UDP Query User{B0EBC286-160F-4C70-AFE6-CC48C5A20C45}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metinp.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metinp.exe:metinp.exe

"TCP Query User{1A51BF38-0063-4809-8680-7E1ADA16D314}c:\\users\\fradinho\\desktop\\nova pasta\\????.exe"= UDP:c:\users\fradinho\desktop\nova pasta\????.exe:????.exe

"UDP Query User{25DB9AB3-33DD-4C1C-9219-12BB3F04088E}c:\\users\\fradinho\\desktop\\nova pasta\\????.exe"= TCP:c:\users\fradinho\desktop\nova pasta\????.exe:????.exe

"TCP Query User{BD46774E-81B5-4352-A32F-08A07F5099E0}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_97yx.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_97yx.exe:metin_97yx.exe

"UDP Query User{62950240-0E8F-405E-B0E3-D1D21ADFFFE6}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_97yx.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_97yx.exe:metin_97yx.exe

"TCP Query User{02AA9519-2FA0-49E8-9C09-D21CA30728B0}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\jqlj.bin"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\jqlj.bin:jqlj.bin

"UDP Query User{136273E0-DA5F-46C8-84CD-2FB763DD247A}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\jqlj.bin"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\jqlj.bin:jqlj.bin

"TCP Query User{E0C3B5D7-2BCD-4C58-AC84-42498060E184}c:\\program files\\metin2_spain\\metin2.bin"= UDP:c:\program files\metin2_spain\metin2.bin:metin2.bin

"UDP Query User{1C9B030E-A549-4868-BDC0-A3E50E1D0950}c:\\program files\\metin2_spain\\metin2.bin"= TCP:c:\program files\metin2_spain\metin2.bin:metin2.bin

"TCP Query User{2EFBA6E0-82F7-4FBC-9661-2483F9821CC6}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\stargame.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\stargame.exe:stargame.exe

"UDP Query User{6D316BA9-7408-4408-8673-F4D18482E696}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\stargame.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\stargame.exe:stargame.exe

"TCP Query User{64C9DAEE-3445-4D31-9A55-A6CFE844D302}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metalongju.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\metalongju.exe:metalongju.exe

"UDP Query User{45F8F23D-45BE-4E2B-BAF5-70BAEA968192}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\metalongju.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\metalongju.exe:metalongju.exe

"TCP Query User{33A41FAC-BCF7-4849-A024-44DF97B11786}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe:hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe

"UDP Query User{0CDB2F1E-EB2D-46DE-B26E-9924A84EFD2B}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe:hamachi_server_id_cheating-mt2_pass_ cheating-mt2.exe

"TCP Query User{B5D86DF9-ACF4-4414-BEB1-7EADAE11D62C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_tmlj_by_boy4538.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_tmlj_by_boy4538.exe:metin_tmlj_by_boy4538.exe

"UDP Query User{09F1ACD0-44F9-4D37-8E39-FDE6FD36F517}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\metin_tmlj_by_boy4538.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\metin_tmlj_by_boy4538.exe:metin_tmlj_by_boy4538.exe

"TCP Query User{FA1ECD0C-D531-4583-A9D2-6940B4D9353C}c:\\users\\fradinho\\downloads\\utorrent.exe"= UDP:c:\users\fradinho\downloads\utorrent.exe:utorrent.exe

"UDP Query User{16C042E4-63BF-440E-9654-8A349029C605}c:\\users\\fradinho\\downloads\\utorrent.exe"= TCP:c:\users\fradinho\downloads\utorrent.exe:utorrent.exe

"TCP Query User{604BF085-A684-4AEB-A37D-0D2F016BA02F}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin

"UDP Query User{068208E8-C838-44A5-B266-D5C5DFC47099}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin

"TCP Query User{7ED647F0-8EB6-4DFE-A9E9-229EBEF3D459}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin

"UDP Query User{F3AEF350-8ADA-48BF-A546-FE9702E443FF}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin

"TCP Query User{F6F0B30A-1685-45C0-B360-4FB64E83FBAA}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zuiaipk2009.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zuiaipk2009.exe:zuiaipk2009.exe

"UDP Query User{458C4C78-BFEA-4DD3-A232-23AB21505977}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\zuiaipk2009.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\zuiaipk2009.exe:zuiaipk2009.exe

"TCP Query User{357CB599-3236-43CA-9562-C74FC927B359}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= UDP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe

"UDP Query User{F5482318-26FF-4E44-B085-45ECE78C3874}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= TCP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe

"TCP Query User{41665EA1-87D9-413D-BB03-4BF9CE954096}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin

"UDP Query User{3583B360-EA51-40D1-BDC4-474EDD163D14}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2.bin:metin2.bin

"TCP Query User{5BDF5D59-07C6-406F-BD1A-78D3A58158FA}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= UDP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin

"UDP Query User{A936A696-B52C-41D6-A3C2-ADA9898613C2}c:\\users\\fradinho\\desktop\\metin2_portugal\\metin2client.bin"= TCP:c:\users\fradinho\desktop\metin2_portugal\metin2client.bin:metin2client.bin

"TCP Query User{9524B8C8-6993-4697-9F1A-89AB9115C88F}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljwt.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\ftljwt.exe:ftljwt.exe

"UDP Query User{5510679A-1FA0-4389-BAA7-136A28E2176C}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljwt.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\ftljwt.exe:ftljwt.exe

"TCP Query User{7BC3CCDC-4DD7-4541-8092-70DF3C4B4E20}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljdx.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\longju\ftljdx.exe:ftljdx.exe

"UDP Query User{F99E18C5-A658-4A18-821F-5DEBB28E4884}c:\\users\\fradinho\\desktop\\os meus jogos\\longju\\ftljdx.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\longju\ftljdx.exe:ftljdx.exe

"TCP Query User{19F2E4A6-F811-45BB-AF26-E543E6F1564C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\remixmt2_de_exe.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\remixmt2_de_exe.exe:remixmt2_de_exe.exe

"UDP Query User{152C32E2-FF48-4EBD-AFB5-DF5E97C10CA4}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\remixmt2_de_exe.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\remixmt2_de_exe.exe:remixmt2_de_exe.exe

"TCP Query User{927B48A4-9ECE-47B2-85BF-CD31B0ED1112}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= UDP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe

"UDP Query User{4770100B-087E-4A29-A033-03BFB044FF83}c:\\users\\fradinho\\desktop\\yitian2pt\\mc.exe"= TCP:c:\users\fradinho\desktop\yitian2pt\mc.exe:mc.exe

"TCP Query User{977F41EB-7BF9-46A2-9AF3-E88241A6B726}c:\\users\\fradinho\\desktop\\revengemt2\\mc.exe"= UDP:c:\users\fradinho\desktop\revengemt2\mc.exe:mc.exe

"UDP Query User{CA58AAF1-3A77-4F52-9639-E27D1F2374E6}c:\\users\\fradinho\\desktop\\revengemt2\\mc.exe"= TCP:c:\users\fradinho\desktop\revengemt2\mc.exe:mc.exe

"TCP Query User{FDB1A043-F830-40FC-8635-EBE13606FEAD}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\legendmt2.exe"= UDP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\legendmt2.exe:legendmt2.exe

"UDP Query User{2AF5CE08-C70F-4458-BBC0-8618AF59CB0C}c:\\users\\fradinho\\desktop\\os meus jogos\\nova pasta (3)\\legendmt2.exe"= TCP:c:\users\fradinho\desktop\os meus jogos\nova pasta (3)\legendmt2.exe:legendmt2.exe

 

R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [21-12-2007 08:21 468224]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\System32\drivers\nxsIO32.sys [11-12-2008 16:16 2208]

R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [24-08-2009 15:51 185640]

R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [08-06-2007 10:23 2831232]

R3 LMPC4;LMPC4;c:\windows\System32\drivers\lmpc4.sys [05-02-2009 10:10 10096]

R3 nskbfltr;nskbfltr;c:\windows\System32\drivers\nskbfltr.sys [31-10-2008 11:25 20512]

R3 tenCapture;tenCapture;c:\windows\System32\drivers\tenCapture.sys [21-04-2007 15:15 9344]

S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [18-07-2009 17:29 234888]

S2 gupdate1ca228b3721f695;Serviço Google Update (gupdate1ca228b3721f695);c:\program files\Google\Update\GoogleUpdate.exe [21-08-2009 19:14 133104]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10-05-2006 09:13 29696]

S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [23-08-2009 18:54 54632]

S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\program files\Windows Live\Family Safety\fsssvc.exe [05-08-2009 22:48 704864]

S4 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21-05-2008 12:42 64000]

S4 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03-09-2006 10:32 208896]

S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [?]

S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance --> c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [?]

S4 LmpcService;Lock My PC Service;c:\program files\Lock My PC 4\LmpcServ.exe [05-02-2009 10:10 52592]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

bthsvcs REG_MULTI_SZ BthServ

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C181BA2D-D5FC-1992-E236-E52376241F19}]

c:\windows\system32\win\svchost.exe s

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:14]

 

2009-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-21 18:14]

 

2009-10-15 c:\windows\Tasks\User_Feed_Synchronization-{4A9BDDB8-FEA9-432C-A753-9B7CC1294ADC}.job

- c:\windows\system32\msfeedssync.exe [2009-10-14 03:41]

.

.

------- Scan Suplementar -------

.

uStart Page = about:blank

mStart Page = hxxp://home.sweetim.com

uInternet Settings,ProxyOverride = *.local

IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

LSP: c:\windows\system32\wpclsp.dll

TCP: {6E0BB984-00AA-468D-811C-750D6A2474C5} = 192.168.1.1,194.65.100.117

FF - ProfilePath - c:\users\Fradinho\AppData\Roaming\Mozilla\Firefox\Profiles\yhc9oq3s.default\

FF - prefs.js: browser.startup.homepage - www.google.pt

FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORFÃOS REMOVIDOS - - - -

 

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll

Toolbar-Locked - (no file)

Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll

HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe

AddRemove-HijackThis - c:\users\Fradinho\Desktop\HijackThis.exe

AddRemove-Fishdom Deluxe - c:\users\Fradinho\AppData\Local\Zylom Games\Fishdom Deluxe\GameInstlr.exe

 

 

 

**************************************************************************

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos:

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'Explorer.exe'(888)

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\nvvsvc.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\rundll32.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\System32\oodag.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\System32\WUDFHost.exe

c:\windows\System32\osk.exe

c:\windows\System32\wbem\unsecapp.exe

c:\windows\ehome\ehsched.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\System32\wbem\WMIADAP.exe

c:\program files\Windows Media Player\wmpnscfg.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-10-15 16:45 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-10-15 15:44

 

Pré-execução: 136.777.932.800 bytes livres

Pós execução: 136.410.439.680 bytes livres

 

578 --- E O F --- 2009-10-14 14:16

 

 

 

Log do HijackThis:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:49:36, on 15-10-2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18828)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\conime.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - (no file)

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Searchme Toolbar - {4d02e7e6-5930-4b51-b9b0-9f21b3789400} - mscoree.dll (file missing)

O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Sistema')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Sistema')

O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')

O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm

O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6E0BB984-00AA-468D-811C-750D6A2474C5}: NameServer = 192.168.1.1,194.65.100.117

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll

O20 - Winlogon Notify: fsp_lmwl - C:\Windows\SYSTEM32\fsp_lmwl.dll

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Serviço Google Update (gupdate1ca228b3721f695) (gupdate1ca228b3721f695) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 12341 bytes

[PedroN 1]

Sugiro que imprima ou salve os procedimentos abaixo, e não use a internet até terminado o procedimento.

 

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

 

Folder::

C:\found.001

C:\found.000

 

Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"=-

 

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes não use-o em outro computador, pos pode trazer danos.

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

 

Logo em seguida realize os procedimentos abaixo:

 

• Baixe: < '>http://eric.71.mespages.googlepages.com/ToolBarSD.exe"]ToolBar S&D >

• Salve-o no Disco Local-C, em uma pasta própria.

• Reinicie o computador, em Modo de Segurança. <-- Importante!

• Execute o programa, e à seguir, aperte o "p" --> Enter --> Ok.

• Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde!

• Terminando, poste o relatório. ( C:\ToolBar SD\TB_1.txt )

[Zéee 0]

Olá. Tive problemas em completar o processo que pediu, é que o ComboFix diz que tinha de desactivar o anti-virus e outro programa "spyware sweeper" e depois carregar "Ok" e como ele desapareceu da barra do iniciar (aquela parte no canto inferior direito) pensei que estava desactivado, fiz ontem o mesmo para o processo anterior :S O Spyware Sweeper nem o encontrei -_-' Não percebo como devo desactiva-los? O anti-virus chama.se ESET Smart Security 3.0. E quando pediu para não usar a internet durante o processo queria dizer para não a usar só ou desconecta-la?

[PedroN 1]

Veja aqui como desativar temporariamente os programas de proteção.

http://forum.imasters.com.br/index.php?/topic/323876-desabilitar-temporariamente-o-programa-de-seguranca/

 

E quando pediu para não usar a internet durante o processo queria dizer para não a usar só ou desconecta-la?

 

Basta apenas fechar a página da internet.

 

Abraços

[Zéee 0]

Obrigado o link ajudou :) Só há mais um problema, o ComboFix diz para desligar o anti-spyware "Spy sweeper" mas não encontro no computador :unsure: Será que faz parte de outro programa? Não percebo :cry:

[PedroN 1]

Não está consiguindo rodar o combofix por causa do anti-spyware? Va apertando em "ok" nas mensagem que surgir, qualquer coisa tente rodar em modo segurança.

[Zéee 0]

O problema não é não conseguir, é o ComboFix diz que se não desactivar o anti-spyware poderam ocorrer danos no sistema e como é obvio não quero danos no pc, por isso a pergunta.

[PedroN 1]

Entendo o seu problema.Acesse este site: http://www.kaspersky.com/virusscanner

Clique em

Siga as instruções de configuração do verificador conforme imagem abaixo.

poste o log do scan aqui mesmo no tópico

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.