Tulyo 0 Denunciar post Postado Dezembro 14, 2009 Entao...toda vez que ligo meu pc e abro o google chrome ( navegador que uso como padrao) ele fecha sozinho e automaticamente abre o mesmo site no internet 6 ( tenho o internet instalado soh que é o 9 )com o nome nao sei ao certo... e o msn da mesma forma... quando abro ele...ele fecha e reabre o messenger cm o nome de taskmgr dll e alem de tudo desativa os scripts que tenhu do messenger plus... Depois fecho essas janelas que abrem sozinha e abro de novo o google chrome e o msn e tudo roda normal...Esse problema se repete toda vez q ligo o pc e na primeira vez q entro no google chrome e no msn..... Da uma força ae... Vlew desde jah :natal_wink: ... Abrs Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Entao...toda vez que ligo meu pc e abro o google chrome ( navegador que uso como padrao) ele fecha sozinho e automaticamente abre o mesmo site no internet 6 ( tenho o internet instalado soh que é o 9 )com o nome nao sei ao certo... e o msn da mesma forma... quando abro ele...ele fecha e reabre o messenger cm o nome de taskmgr dll e alem de tudo desativa os scripts que tenhu do messenger plus... Depois fecho essas janelas que abrem sozinha e abro de novo o google chrome e o msn e tudo roda normal...Esse problema se repete toda vez q ligo o pc e na primeira vez q entro no google chrome e no msn..... Da uma força ae... Vlew desde jah :natal_wink: ... Abrs <><><><><> Opa! Tulyo <!> Poste o log do HijackThis,segundo este Tutorial. < Regra Nº 02 - Utilizando O Hijackthis - LEIA ANTES DE POSTAR! > Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 14, 2009 Segue o log.... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:43:53, on 14/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\AVG\AVG9\avgemc.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\ARQUIV~1\FREEDO~1\fdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\scvhostdll.exe C:\WINDOWS\taskmgrdll.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\svchost.exe C:\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real player\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Free Download Manager] C:\ARQUIV~1\FREEDO~1\fdm.exe -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ultimateork] C:\WINDOWS\scvhostdll.exe O4 - HKCU\..\Run: [win] C:\WINDOWS\taskmgrdll.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 12142 bytes Obrigado desde ja Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Boa Tarde! Tulyo <@> Baixe: < > <@> < Link - 2 > <@> < Link - 3 > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme! <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><><> <@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 14, 2009 Boa Tarde! Tulyo <@> Baixe: < > <@> < Link - 2 > <@> < Link - 3 > <@> Atualize o programa! <@> Escolha o escaneamento Completo! <@> Desabilite programas de proteção,ao executar o malwarebytes. <@> Ps: Para determinadas infecções,a ferramenta pedirá reboot. <-- Confirme! <@> Procure enviar os ítens detectados para a quarentena,clicando em Remover itens. <@> Para maiores detalhes: < Link > <><><><><><><><><><><> <@> Poste,os relatórios: mbam-log-2009-xx-xx (00-00-00).txt + HijackThis,atualizado. Abraços! Segue o log do malwarebytes' anti-malware Malwarebytes' Anti-Malware 1.42 Versão do banco de dados: 3357 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 14/12/2009 17:22:19 mbam-log-2009-12-14 (17-22-19).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 289057 Tempo decorrido: 41 minute(s), 32 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 0 Valores do Registro infectados: 1 Ítens do Registro infectados: 0 Pastas infectadas: 0 Arquivos infectados: 1 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: (Nenhum ítem malicioso foi detectado) Valores do Registro infectados: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ultimateork (Spyware.Banker) -> Quarantined and deleted successfully. Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: (Nenhum ítem malicioso foi detectado) Arquivos infectados: C:\System Volume Information\_restore{E099A6AD-2FFA-4739-AFAE-8E99A39F19CD}\RP298\A0055392.exe (Adware.ADON) -> Quarantined and deleted successfully. e agora o log do hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:30:42, on 14/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\ARQUIV~1\GbPlugin\GbpSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe C:\Arquivos de programas\AVG\AVG9\avgrsx.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\AVG\AVG9\avgnsx.exe C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Arquivos de programas\AVG\AVG9\avgemc.exe C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe C:\Arquivos de programas\Java\jre6\bin\jusched.exe C:\ARQUIV~1\AVG\AVG9\avgtray.exe C:\ARQUIV~1\FREEDO~1\fdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\taskmgrdll.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\svchost.exe C:\HiJackThis\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real player\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [AVG9_TRAY] C:\ARQUIV~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ccleaner] "C:\Arquivos de programas\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Free Download Manager] C:\ARQUIV~1\FREEDO~1\fdm.exe -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [win] C:\WINDOWS\taskmgrdll.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11825 bytes Vlww... Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 14, 2009 Havia dois malwares detectados pelo anti malware..... Depois que o programa os removeu..apareceu tudo quanto e mensagem de erro e eu confirmei para reiniciar o pc.... Depois que reiniciei a problema do google chrome resolveu..nao abre mais aqela janela sem permissao.. Agora o problema do msn continua...quando entro nele abre junto uma janela = do msn soh q cm o nome na barra do menu iniciar de taskmgrdll Abrs e vlw Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Boa Noite! Tulyo <@> Abra o HijackThis --> Clique: Do a system scan only O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [win] C:\WINDOWS\taskmgrdll.exe <@> Marque,àcima,estas entradas! <@> Clique em Fix checked :seta: Sim! °°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°° <@> Abra o Malwarebytes! --> Clique em Ferramentas. <@> Clique em Executar ferramenta. <-- File Assassin! <@> Na janela Open e Examinar,busque o arquivo em destaque: C:\WINDOWS\taskmgrdll.exe <@> Clique em Abrir. <@> Na mensagem,clique em Sim! --> OK. <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <!> Link-4 --> < como usar o combofix > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível:<@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na solicitação: "Negação de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download.<!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> O ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Àfim de completar as remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! °°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°° <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 14, 2009 Nao consigo baixar d jeito nenhum o combofix....nem com seus link nem de otru jeito em outros sites... Sempre acaba numa janela escrito (ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page. DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com! Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again. We will also announce when ComboFix is available on our Twitter and Facebook pages.) Nao tah dando certo nenhum linkk "/ Vlw Consigui baixar pelo Dreamule P2P... Jaja posto os log... Vlw baixei o combofix e o salvei lah na area d trabalho soh q quando executo o codigo..abre o bloco d notas cm essa mensagem " ComboFix is Offline. Please visit http://download.bleepingcomputer.com/sUBs/ComboFix.html " Se executar o combofix direto tbm da essa mensagem "/ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 14, 2009 Boa Noite! Tulyo <!> Devido a esse problema,baixe outra ferramenta. ( OTL ) <><><><><><><><><><> <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Marque as caixas: <!> [] LOP check e [] Purity check <@> Clique em: < > --> Aguarde! <@> Poste: <1> OTL.txt <-- <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 14, 2009 otl.txt OTL logfile created on: 14/12/2009 20:34:08 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\usuario\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,73% Memory free 3,85 Gb Paging File | 3,32 Gb Available in Paging File | 86,30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 38,89 Gb Free Space | 26,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEGA Current User Name: usuario Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\usuario\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( ) PRC - C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Arquivos de programas\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\usuario\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Arquivos de programas\real player\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll (RealPlayer) MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvwrsptb.dll (NVIDIA Corporation) MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avg9emc) -- C:\Arquivos de programas\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.) SRV - (avg9wd) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (GbpSv) -- C:\Arquivos de programas\GbPlugin\gbpsv.exe ( ) SRV - (JavaQuickStarterService) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (gupdate) Google Update Service (gupdate) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (Google Inc.) SRV - (fsssvc) -- C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (hpqcxs08) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Arquivos de programas\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (StarWindServiceAE) -- C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (odserv) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (NBService) -- C:\Arquivos de programas\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (IDriverT) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (NOD32FiXTemDono) -- C:\WINDOWS\System32\regedt32.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (GbpKm) -- C:\WINDOWS\system32\drivers\GbpKm.sys (GAS Tecnologia) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60049 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 98 91 AD B2 59 CA 01 [binary data] IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1606980848-706699826-839522115-1003\S-1-5-21-1606980848-706699826-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaultthis.engineName: "LocalStrike_English Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.avg.com/dns_err.aspx?i=23&l=en&tp=dns&q=http%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3FLinkId%3D69157&iy=&ychte=us&al=pb&alu=br-pt" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=" FF - prefs.js..network.proxy.share_proxy_settings: true FF - user.js..network.proxy.type: 0 FF - user.js..network.proxy.http: "" FF - user.js..network.proxy.http_port: FF - user.js..network.proxy.no_proxies_on: "" FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: c:\arquivos de programas\real player\browserrecord\firefox\ext [2009/09/29 22:15:01 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG9\Firefox [2009/12/12 10:22:18 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/12/03 22:44:17 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/12/03 22:44:17 | 00,000,000 | ---D | M] [2009/08/18 13:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Extensions [2009/07/26 17:56:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Extensions\mozswing@mozswing.org [2009/11/20 16:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\f6z46btw.default\extensions [2009/07/10 17:26:08 | 00,002,257 | ---- | M] () -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\f6z46btw.default\searchplugins\askcom.xml [2009/11/20 16:09:34 | 00,000,564 | ---- | M] () -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\f6z46btw.default\searchplugins\bing.xml [2009/08/22 00:14:54 | 00,000,900 | ---- | M] () -- C:\Documents and Settings\usuario\Dados de aplicativos\Mozilla\Firefox\Profiles\f6z46btw.default\searchplugins\conduit.xml [2009/11/21 01:26:51 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions [2009/11/21 01:20:55 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions\proxy@hide-my-ip.com [2009/07/30 20:51:30 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml [2009/07/30 20:51:30 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2009/07/30 20:51:30 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2009/07/30 20:51:30 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: (362094 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 12470 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll (Conduit Ltd.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Arquivos de programas\real player\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdm2.dll () O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Arquivos de programas\4shared.com\tb4sha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-1606980848-706699826-839522115-1003\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Arquivos de programas\4shared.com\tb4sha.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Arquivos de programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1606980848-706699826-839522115-1003..\Run: [AlcoholAutomount] C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-1606980848-706699826-839522115-1003..\Run: [ccleaner] C:\Arquivos de programas\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-1606980848-706699826-839522115-1003..\Run: [Free Download Manager] C:\Arquivos de programas\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKU\S-1-5-21-1606980848-706699826-839522115-1003..\Run: [Google Update] C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe (Google Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O7 - HKU\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: Baixar com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dllink.htm () O8 - Extra context menu item: Baixar tudo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlall.htm () O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download selecionado pelo Free Download Manager - C:\Arquivos de programas\Free Download Manager\dlselected.htm () O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-1606980848-706699826-839522115-1003\..Trusted Domains: 69 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} https://imagem.caixa.gov.br/cab/gbpdist.cab (GbpDistObj Class) O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.7.96.15 189.7.96.16 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginAbn: DllName - C:\ARQUIV~1\GbPlugin\gbiehAbn.dll - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real) O20 - Winlogon\Notify\ GbPluginCef: DllName - C:\Arquivos de programas\GbPlugin\gbiehCef.dll - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Arquivos de programas\GbPlugin\gbiehAbn.dll (Banco Real) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/07/09 11:52:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\Shell\AutoRun\command - "" = yudald.bat O33 - MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\Shell\open\Command - "" = yudald.bat O33 - MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\Shell\AutoRun\command - "" = ktly.exe O33 - MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\Shell\open\Command - "" = ktly.exe O33 - MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\Shell - "" = AutoRun O33 - MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\Shell\AutoRun\command - "" = G:\hwpcassistant.exe -- File not found O33 - MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\Shell - "" = AutoRun O33 - MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\Shell\AutoRun\command - "" = G:\hwpcassistant.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2009/12/14 20:32:29 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\usuario\Desktop\OTL.exe [2009/12/14 12:40:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/14 12:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2009/12/14 12:40:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/14 12:40:16 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware [2009/12/14 12:35:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Meus documentos\Os Meus Registos [2009/12/14 11:39:29 | 00,000,000 | ---D | C] -- C:\HiJackThis [2009/12/13 11:22:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\eMule [2009/12/13 11:22:25 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\DreaMule [2009/12/12 14:21:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Curso de violão ETM 5.0 [2009/12/11 09:28:28 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\GameVicio [2009/12/11 09:26:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Meus documentos\NFS Carbon [2009/12/11 08:58:10 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Electronic Arts [2009/12/05 16:11:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\4shared.com [2009/12/05 16:11:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Apple [2009/12/03 22:43:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Dados de aplicativos\Apple Computer [2009/12/03 22:41:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Apple [2009/12/03 22:41:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Apple [2009/12/03 22:38:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Apple Computer [2009/12/01 21:36:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Meus documentos\Minhas digitalizações [2009/12/01 10:58:48 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\sXe Injected [2009/11/26 18:39:57 | 00,000,000 | -H-D | C] -- C:\$AVG [2009/11/26 18:39:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9 [2009/11/26 18:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel [2009/11/26 18:37:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft [2009/11/21 00:55:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\TechSmith [2009/11/21 00:54:57 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll [2009/11/21 00:54:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith [2009/11/21 00:54:30 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\TechSmith Shared [2009/11/21 00:54:27 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\TechSmith [2009/11/20 16:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2009/11/15 16:22:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\Identities [2009/11/15 11:28:54 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/11/15 11:28:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/11/15 11:28:54 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/11/09 02:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET [2009/11/09 01:02:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft [2009/11/09 01:02:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft [2009/11/09 01:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft [2009/09/11 00:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google [2009/09/11 00:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google [2004/11/24 16:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/14 20:32:41 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\usuario\Desktop\OTL.exe [2009/12/14 20:28:50 | 00,000,412 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job [2009/12/14 20:28:21 | 00,189,607 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2009/12/14 20:28:18 | 00,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009/12/14 20:28:18 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job [2009/12/14 20:28:17 | 00,000,448 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job [2009/12/14 20:28:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/14 20:28:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/14 19:55:43 | 16,252,928 | ---- | M] () -- C:\Documents and Settings\usuario\ntuser.dat [2009/12/14 19:55:43 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\usuario\ntuser.ini [2009/12/14 19:55:31 | 12,876,096 | -H-- | M] () -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\IconCache.db [2009/12/14 19:49:00 | 00,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2009/12/14 19:46:18 | 00,206,336 | ---- | M] () -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/14 18:56:00 | 00,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-706699826-839522115-1003UA.job [2009/12/14 18:06:12 | 00,000,424 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job [2009/12/14 17:59:19 | 00,000,042 | ---- | M] () -- C:\WINDOWS\winmsn.ini [2009/12/14 09:47:02 | 46,607,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/12/14 09:46:35 | 00,123,841 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/12/13 22:56:01 | 00,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-706699826-839522115-1003Core.job [2009/12/13 21:52:09 | 00,002,250 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/13 18:23:59 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2009/12/12 21:56:24 | 00,014,075 | ---- | M] () -- C:\Documents and Settings\usuario\Meus documentos\DVDs GRAVADOS.xlsx [2009/12/12 20:07:02 | 00,362,094 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/12/12 17:41:00 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/10 12:50:55 | 00,274,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/12/10 12:00:46 | 00,071,592 | ---- | M] () -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2009/12/07 22:09:27 | 01,211,392 | -HS- | M] () -- C:\WINDOWS\scvhostdll.exe [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/26 18:39:51 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/11/26 18:39:50 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm [2009/11/26 18:39:35 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2009/11/26 18:39:35 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/11/26 18:39:35 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/11/21 22:36:25 | 00,039,691 | ---- | M] () -- C:\Documents and Settings\usuario\Desktop\Tulyo Curriculo.docx [2009/11/21 01:33:50 | 00,000,032 | ---- | M] () -- C:\WINDOWS\go [2009/11/20 13:31:22 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\usuario\default.pls [2009/11/15 11:28:11 | 01,077,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/15 11:28:11 | 00,474,612 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2009/11/15 11:28:11 | 00,438,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/15 11:28:11 | 00,081,402 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2009/11/15 11:28:11 | 00,069,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/14 17:59:19 | 00,000,042 | ---- | C] () -- C:\WINDOWS\winmsn.ini [2009/12/07 22:08:55 | 01,211,392 | -HS- | C] () -- C:\WINDOWS\scvhostdll.exe [2009/12/03 22:41:15 | 00,000,300 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/11/21 01:33:50 | 00,000,032 | ---- | C] () -- C:\WINDOWS\go [2009/11/02 00:20:11 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/11/02 00:20:09 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2009/11/02 00:20:03 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/11/02 00:20:02 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/11/02 00:20:01 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/11/02 00:20:01 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/10/19 13:15:28 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2009/10/10 15:58:09 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll.old.nxvogtv [2009/10/10 15:58:09 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll [2009/09/23 16:13:23 | 00,000,172 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft.SqlServer.Compact.351.32.bc [2009/09/17 22:33:59 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\ztlsss.sys [2009/09/17 22:32:54 | 00,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\UpApp32.dll [2009/08/24 00:22:58 | 00,000,020 | ---- | C] () -- C:\WINDOWS\mafosav.INI [2009/08/15 11:10:33 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/08/10 20:43:32 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\SDGLYBMPWPP.SYS [2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/07/28 22:55:47 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009/07/20 20:17:58 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/07/17 17:19:23 | 00,000,592 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2009/07/14 17:34:28 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009/07/10 11:38:27 | 00,000,340 | ---- | C] () -- C:\WINDOWS\game.ini [2009/07/09 22:21:10 | 00,001,096 | ---- | C] () -- C:\Documents and Settings\All Users\Dados de aplicativos\hpzinstall.log [2009/07/09 15:50:06 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/07/09 15:49:33 | 00,206,336 | ---- | C] () -- C:\Documents and Settings\usuario\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/09 12:54:30 | 00,040,960 | ---- | C] () -- C:\Arquivos de programas\Uninstall_CDS.exe [2009/07/09 12:47:17 | 00,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/07/09 12:20:23 | 00,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini [2009/07/09 12:11:41 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2009/07/09 12:11:29 | 00,024,315 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2009/07/09 12:11:29 | 00,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008/08/01 12:48:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/08/01 12:48:00 | 01,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/08/01 12:48:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/08/01 12:48:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/08/01 12:48:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [1997/06/14 00:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll ========== LOP Check ========== [2009/10/11 01:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [2009/10/18 21:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\AutoHideIP [2009/11/26 18:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9 [2009/07/28 13:32:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite [2009/11/09 01:12:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET [2009/10/07 14:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\FreeDownloadManager.ORG [2009/12/13 21:52:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin [2009/09/17 22:33:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\log [2009/10/30 22:01:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus! [2009/10/12 11:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\MumboJumbo [2009/10/12 11:02:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\n7-89-o9-3r-4t-r9 [2009/10/12 10:57:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\SpinTop Games [2009/11/21 00:54:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TechSmith [2009/07/27 13:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP [2009/11/06 17:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Winferno [2009/10/16 23:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\AutoHideIP [2009/07/28 19:31:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\DAEMON Tools Lite [2009/10/25 23:35:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\DAEMON Tools Pro [2009/12/14 20:34:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Free Download Manager [2009/10/12 11:00:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\GameHouse [2009/07/10 00:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\IObit [2009/09/23 15:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\MessengerDiscovery 2 [2009/07/10 00:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Opera [2009/10/19 13:15:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\PPLive [2009/11/14 08:42:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\ProtectDisc [2009/11/06 17:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\SoundSpectrum [2009/10/12 11:00:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\SpinTop [2009/10/31 13:34:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\usuario\Dados de aplicativos\Windows Live Writer [2009/12/14 20:28:50 | 00,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\AWC AutoSweep.job [2009/12/14 18:06:12 | 00,000,424 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job [2009/12/14 20:28:18 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2009/12/14 20:28:17 | 00,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 308 bytes -> C:\WINDOWS\System32\drivers:GbpKmAp.lst < End of report > extras.txt OTL Extras logfile created on: 14/12/2009 20:34:08 - Run 1 OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\usuario\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 2,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,73% Memory free 3,85 Gb Paging File | 3,32 Gb Available in Paging File | 86,30% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 149,04 Gb Total Space | 38,89 Gb Free Space | 26,09% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MEGA Current User Name: usuario Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [mega] -- "C:\Arquivos de programas\Megacubo\megacubo.exe" "%1" (www.megacubo.net ) Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.) "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.) "C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.) "C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard) "C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard) "C:\Arquivos de programas\Free Download Manager\fdmwi.exe" = C:\Arquivos de programas\Free Download Manager\fdmwi.exe:*:Enabled:fdmwi -- () "C:\Arquivos de programas\Free Download Manager\fdm.exe" = C:\Arquivos de programas\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG) "C:\Arquivos de programas\Megacubo\megacubo.exe" = C:\Arquivos de programas\Megacubo\megacubo.exe:*:Enabled:MegaCubo -- (www.megacubo.net ) "C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe" = C:\Arquivos de programas\Arquivos comuns\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG) "C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Arquivos de programas\DreaMule\emule.exe" = C:\Arquivos de programas\DreaMule\emule.exe:*:Enabled:Dreamule -- (http://www.dreamule.org) "C:\Arquivos de programas\Ares\Ares.exe" = C:\Arquivos de programas\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- (Ares Development Group) "C:\Arquivos de programas\Ares\chatServer.exe" = C:\Arquivos de programas\Ares\chatServer.exe:*:Enabled:Ares Chat Server -- (Ares Development Group) "C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Arquivos de programas\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- (Konami Digital Entertainment Co., Ltd.) "C:\Arquivos de programas\Valve\hl.exe" = C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\Windows Media Player\wmplayer.exe" = C:\Arquivos de programas\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation) "C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Arquivos de programas\AVG\AVG9\avgemc.exe" = C:\Arquivos de programas\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Arquivos de programas\AVG\AVG9\avgupd.exe" = C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Arquivos de programas\AVG\AVG9\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6 "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17 "{2D793B70-C130-42D7-943B-43A67335570F}" = Windows Live Proteção para a Família "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport "{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6 "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1046-7B44-A81300000003}" = Adobe Reader 8.1.5 - Português "{AC76BA86-7AD7-1046-7B44-A81300000003}_814" = KB408682 "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply "{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch "{D61C5988-BC23-492D-8FD0-5AE822F4F235}" = Cine Turbo "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F14B8ECC-BDA0-4987-9201-D7B7DBE12070}" = Nero 7 Premium "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy "4shared.com Toolbar" = 4shared.com Toolbar "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Advanced SystemCare 3_is1" = Advanced SystemCare 3 "Ares" = Ares 2.1.1 "Aulete digital_is1" = Aulete digital "AVG9Uninstall" = AVG Free 9.0 "CCleaner" = CCleaner "Curso de violão ETM 5.0" = Curso de violão ETM 5.0 "DreaMule_is1" = DreaMule 3.2 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 dias restantes para sempre "FormatFactory" = FormatFactory 2.10 "Free Download Manager_is1" = Free Download Manager 3.0 "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 10.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0 "HPExtendedCapabilities" = HP Customer Participation Program 10.0 "ie8" = Windows Internet Explorer 8 "KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full) "LHTTSENG" = L&H TTS3000 British English "Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Megacubo_is1" = Megacubo 7.0.1 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "Pes Soccer Brasil 4.0_is1" = Versão 4.0 "RealPlayer 12.0" = RealPlayer "Shop for HP Supplies" = Shop for HP Supplies "sXe Injected" = sXe Injected "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1606980848-706699826-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/12/2009 23:00:57 | Computer Name = MEGA | Source = MsiInstaller | ID = 11316 Description = Product: Apple Software Update -- Error 1316. A network error occurred while attempting to read from the file: C:\WINDOWS\Installer\AppleSoftwareUpdate.msi Error - 14/12/2009 15:22:34 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha mbam.exe, versão 1.42.0.0, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078a90. Error - 14/12/2009 15:22:35 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078fa0. Error - 14/12/2009 15:22:35 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha scvhostdll.exe, versão 0.0.0.0, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078a90. Error - 14/12/2009 15:22:35 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078fa0. Error - 14/12/2009 15:22:35 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha rthdcpl.exe, versão 2.2.4.6, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078a90. Error - 14/12/2009 15:22:35 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha ctfmon.exe, versão 5.1.2600.5512, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x10078fa0. Error - 14/12/2009 15:22:39 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha explorer.exe, versão 6.0.2900.5512, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x05fe8fa0. Error - 14/12/2009 15:22:40 | Computer Name = MEGA | Source = Application Error | ID = 1000 Description = Aplicativo com falha , versão 0.0.0.0, módulo com falha unknown, versão 0.0.0.0, endereço com falha 0x00000000. Error - 14/12/2009 15:48:37 | Computer Name = MEGA | Source = PerfNet | ID = 2005 Description = Não foi possível ler dados de desempenho a partir do serviço do servidor. Nenhum dado de desempenho do servidor será retornado nesse exemplo. O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e a IOSB.Information é o DWORD 2. [ OSession Events ] Error - 25/10/2009 11:45:53 | Computer Name = MEGA | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 71 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 14/12/2009 17:24:54 | Computer Name = MEGA | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Eset Nod32 Boot se conecte. Error - 14/12/2009 17:24:54 | Computer Name = MEGA | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Eset Nod32 Boot devido ao seguinte erro: %%1053 Error - 14/12/2009 17:26:16 | Computer Name = MEGA | Source = Service Control Manager | ID = 7022 Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar. Error - 14/12/2009 17:44:38 | Computer Name = MEGA | Source = DCOM | ID = 10005 Description = Erro "%1058" no DCOM na tentativa de iniciar o serviço upnphost com argumentos "" para iniciar o servidor: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 14/12/2009 18:28:11 | Computer Name = MEGA | Source = sr | ID = 1 Description = O filtro da restauração do sistema encontrou o erro inesperado '0xC0000001' ao processar o arquivo '' no volume 'HarddiskVolume1'. O monitoramento do volume foi interrompido. Error - 14/12/2009 18:28:55 | Computer Name = MEGA | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Google Update Service (gupdate) se conecte. Error - 14/12/2009 18:28:55 | Computer Name = MEGA | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Google Update Service (gupdate) devido ao seguinte erro: %%1053 Error - 14/12/2009 18:28:55 | Computer Name = MEGA | Source = Service Control Manager | ID = 7009 Description = Tempo limite (30000 milissegundos) de espera para que o serviço Eset Nod32 Boot se conecte. Error - 14/12/2009 18:28:55 | Computer Name = MEGA | Source = Service Control Manager | ID = 7000 Description = Não foi possível iniciar o serviço Eset Nod32 Boot devido ao seguinte erro: %%1053 Error - 14/12/2009 18:30:17 | Computer Name = MEGA | Source = Service Control Manager | ID = 7022 Description = Serviço Serviço de Descoberta de dispositivos CUE HP suspenso ao iniciar. < End of report > Abrs e muito obrigado Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 15, 2009 Boa Noite! Tulyo <@> Execute o OTL.exe. <@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :OTLO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [KernelFaultCheck] File not found O33 - MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\Shell\AutoRun\command - "" = yudald.bat O33 - MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\Shell\open\Command - "" = yudald.bat O33 - MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\Shell\AutoRun\command - "" = ktly.exe O33 - MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\Shell\open\Command - "" = ktly.exe O33 - MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\Shell - "" = AutoRun O33 - MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\Shell\AutoRun\command - "" = G:\hwpcassistant.exe -- File not found O33 - MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\Shell - "" = AutoRun O33 - MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\Shell\AutoRun\command - "" = G:\hwpcassistant.exe -- File not found <@> Clique no botão Run Fix --> Aguarde a conclusão! <@> Reinicie o computador! <@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 15, 2009 Boa Noite Log OTL ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{039fab67-762e-11de-a3dd-00248c19e161}\ not found. File yudald.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{039fab67-762e-11de-a3dd-00248c19e161}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{039fab67-762e-11de-a3dd-00248c19e161}\ not found. File yudald.bat not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33480ce2-937c-11de-a443-00248c19e161}\ not found. File ktly.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33480ce2-937c-11de-a443-00248c19e161}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33480ce2-937c-11de-a443-00248c19e161}\ not found. File ktly.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423932b3-a093-11de-a46e-00248c19e161}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423932b3-a093-11de-a46e-00248c19e161}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423932b3-a093-11de-a46e-00248c19e161}\ not found. File G:\hwpcassistant.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423932b4-a093-11de-a46e-00248c19e161}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{423932b4-a093-11de-a46e-00248c19e161}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{423932b4-a093-11de-a46e-00248c19e161}\ not found. File G:\hwpcassistant.exe not found. OTL by OldTimer - Version 3.1.17.0 log created on 12142009_230521 Obrigado.. PS: O problema esta solucionado... Se for necessario maiores Recursos... estarei aki.... Muito Obrigado Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 15, 2009 Boa Noite! Tulyo Obrigado..PS: O problema esta solucionado... Se for necessario maiores Recursos... estarei aki.... Muito Obrigado <!> Apenas,remover a ferramenta OTL,e outras tools. °°°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°°° <@> Abra o OTL.exe --> Clique em --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! °°°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°°° <@> Baixe: < TFC > ( by Old Timer ) <!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html > <@> Salve-o no desktop! <@> Feche todos os programas! ( Internet,navegador,etc... ) <@> Execute TFC.exe,com um duplo-clique. <@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador <@> Clique em Start --> Aguarde! <@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot ) °°°°°°°°°°°°°°°°°°°°°°° °°°°°°°°°°°°°°°°°°°°°°° <@> Não havendo problemas,estabeleça um ponto limpo na Restauração do Sistema. <@> Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema. <@> Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok. <@> Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok. <@> Para maiores detalhes,leia o Tutorial: < Link > <@> Seus logs estão limpos! :natal_happy: <@> Bom trabalho! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Tulyo 0 Denunciar post Postado Dezembro 15, 2009 Putz.. Resolveu o meu problema e outros q eu nao dava bola....rsrs Muito obrigado msm DigRam e tbm a equipe ai toda... Parabens pelo trabalho e post resolvido!! Abrs e td d bom Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Dezembro 15, 2009 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
