VeLLkan 0 Denunciar post Postado Março 5, 2010 Olá pessoal!!! Estou tendo problemas com lentidão e as vezes desligamentos inesperados... ai vai o log; ABS!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:31:00, on 04/03/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\ZSSnp211.exe C:\Windows\Domino.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\HiJack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Minimem] C:\Program Files\Kerkia\Minimem\minimem.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000 O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EAB22D3E-1008-41AF-9945-B39EE093C700}: NameServer = 200.204.0.138 200.204.0.10 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7101 bytes Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 5, 2010 Baixe o Malwarebytes dê um destes locais abaixo: Link 1 Link 2 -- Salve o programa no seu Desktop (área de trabalho) • Dê um duplo clique no programa para executá-lo. • Atualize o programa Malwarebytes. • Escolha a Verificação Completa (Tenha paciência, é um pouco demorado) • Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta. • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log. • Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante). • O log do programa será aberto automaticamente para você. • Poste-o na sua próxima resposta juntamente com um novo log do hijackThis. Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente. • Baixe:OTL.exe • Salve-o no desktop! • Segundo a imagem, mude a opção em "Output" para "Minimal Output". • Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". • Marque as caixas: -- [] LOP check e [] Purity check • Clique em: e aguarde. • Poste: 1) OTL.txt <-- <3> 2) Extra.txt <-- Compartilhar este post Link para o post Compartilhar em outros sites
VeLLkan 0 Denunciar post Postado Março 6, 2010 Olá!!! Ai va os logs; ------------- Malwarebytes; ------------- Malwarebytes' Anti-Malware 1.44 Versão do banco de dados: 3828 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 06/03/2010 14:16:23 mbam-log-2010-03-06 (14-16-23).txt Tipo de Verificação: Completa (C:\|) Objetos verificados: 288370 Tempo decorrido: 1 hour(s), 15 minute(s), 51 second(s) Processos da Memória infectados: 0 Módulos de Memória Infectados: 0 Chaves do Registro infectadas: 27 Valores do Registro infectados: 0 Ítens do Registro infectados: 0 Pastas infectadas: 8 Arquivos infectados: 4 Processos da Memória infectados: (Nenhum ítem malicioso foi detectado) Módulos de Memória Infectados: (Nenhum ítem malicioso foi detectado) Chaves do Registro infectadas: HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valores do Registro infectados: (Nenhum ítem malicioso foi detectado) Ítens do Registro infectados: (Nenhum ítem malicioso foi detectado) Pastas infectadas: C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. Arquivos infectados: C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. ---- OTL; ---- OTL logfile created on: 06/03/2010 14:24:45 - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Diego\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 39,03 Gb Free Space | 26,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIEGO-PC Current User Name: Diego Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Diego\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Arquivos de Programas\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Windows\ZSSnp211.exe (ZSMCSNAP) PRC - C:\Arquivos de Programas\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) PRC - C:\Windows\Domino.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Diego\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Akamai) -- c:\Arquivos de Programas\Common Files\Akamai\rswin_3647.dll () SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) Instalador do ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\System32\drivers\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (Motousbnet) -- C:\Windows\System32\drivers\Motousbnet.sys (Motorola) DRV - (ZSMC30x) -- C:\Windows\System32\drivers\ZS211.sys (ZSMC.Corporation) DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola) DRV - (MotDev) -- C:\Windows\System32\drivers\motodrv.sys (Motorola Inc) DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola) DRV - (BTCFilterService) -- C:\Windows\System32\drivers\motfilt.sys (Motorola Inc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3764746257-285268694-3461411006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3764746257-285268694-3461411006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-3764746257-285268694-3461411006-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D F1 0E 8D A6 94 CA 01 [binary data] IE - HKU\S-1-5-21-3764746257-285268694-3461411006-1001\S-1-5-21-3764746257-285268694-3461411006-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "megaup" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.terra.com.br/portal/" FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..keyword.URL: "http://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/24 17:51:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/04 22:24:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/07 23:35:13 | 000,000,000 | ---D | M] [2009/11/07 23:15:49 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\mozilla\Extensions [2010/03/05 18:27:49 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\962ay56g.default\extensions [2009/11/21 19:58:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\962ay56g.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D} [2009/12/02 12:39:03 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\962ay56g.default\extensions\DTToolbar@toolbarnet.com [2009/11/11 10:42:47 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\962ay56g.default\extensions\idabarff@westbyte.com [2009/11/11 10:42:46 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\mozilla\Firefox\Profiles\962ay56g.default\extensions\idapluginff@westbyte.com [2009/12/02 12:39:01 | 000,002,055 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\Mozilla\FireFox\Profiles\962ay56g.default\searchplugins\daemon-search.xml [2010/03/05 18:27:49 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions [2009/11/07 23:35:36 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2009/12/08 21:12:32 | 000,064,000 | ---- | M] (Nullsoft) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npwachk.dll [2009/11/02 23:03:59 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml [2010/02/24 17:51:34 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2009/11/02 23:03:59 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2009/11/02 23:03:59 | 000,000,648 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Arquivos de Programas\Shareaza\RazaWebHook32.dll (Shareaza Development Team) O2 - BHO: (IE 4.x-6.x BHO for Internet Download Accelerator) - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\Arquivos de Programas\IDA\idaiehlp.dll (WestByte) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de Programas\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3764746257-285268694-3461411006-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Arquivos de Programas\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avp] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Domino] C:\Windows\Domino.exe () O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [uVS11 Preload] C:\Arquivos de Programas\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation) O4 - HKLM..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe (ZSMCSNAP) O4 - HKU\S-1-5-21-3764746257-285268694-3461411006-1001..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-3764746257-285268694-3461411006-1001..\Run: [Minimem] C:\Program Files\Kerkia\Minimem\minimem.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Download ALL with IDA - C:\Arquivos de Programas\IDA\idaieall.htm () O8 - Extra context menu item: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll (Shareaza Development Team) O8 - Extra context menu item: Download with IDA - C:\Arquivos de Programas\IDA\idaie.htm () O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Arquivos de Programas\IDA\ida.exe (WestByte) O9 - Extra 'Tools' menuitem : &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Arquivos de Programas\IDA\ida.exe (WestByte) O9 - Extra Button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Arquivos de Programas\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\Shell - "" = AutoRun O33 - MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\Shell\AutoRun\command - "" = E:\JPN-L4D.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/06 14:22:35 | 000,553,984 | ---- | C] (OldTimer Tools) -- C:\Users\Diego\Desktop\OTL.exe [2010/03/06 12:53:12 | 000,000,000 | ---D | C] -- C:\Users\Diego\AppData\Roaming\Malwarebytes [2010/03/06 12:53:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/03/06 12:53:08 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/03/06 12:53:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware [2010/03/06 12:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/03/06 12:50:11 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Diego\Desktop\mbam-setup.exe [2010/03/04 23:04:47 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\Nova pasta [2010/03/04 22:28:09 | 000,000,000 | ---D | C] -- C:\HiJack [2010/03/01 13:51:57 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Motorola Shared [2010/03/01 13:48:11 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Motorola [2010/02/25 03:30:37 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2010/02/25 03:27:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat [2010/02/25 02:10:53 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010/02/25 02:10:52 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010/02/24 20:50:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2010/02/24 20:49:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2010/02/24 20:26:17 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2010/02/24 20:26:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll [2010/02/24 20:26:17 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll [2010/02/24 20:26:15 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010/02/24 20:26:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010/02/24 20:26:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/02/24 20:26:11 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2010/02/24 20:26:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/02/24 20:26:11 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/02/24 20:24:59 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll [2010/02/24 20:24:59 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll [2010/02/24 20:24:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe [2010/02/24 20:24:59 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe [2010/02/24 20:24:59 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe [2010/02/24 20:24:59 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe [2010/02/24 20:24:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll [2010/02/24 20:24:59 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll [2010/02/06 22:32:49 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\neo geo 2 [2010/02/06 22:22:37 | 000,000,000 | ---D | C] -- C:\Users\Diego\Desktop\neo geo [2009/11/17 11:44:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Diego\AppData\Roaming\pcouffin.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/03/06 14:29:14 | 004,194,304 | -HS- | M] () -- C:\Users\Diego\NTUSER.DAT [2010/03/06 14:22:38 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\Diego\Desktop\OTL.exe [2010/03/06 14:20:43 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 14:20:43 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/03/06 14:17:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/03/06 14:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/03/06 14:17:43 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys [2010/03/06 12:53:11 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/06 12:50:36 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Diego\Desktop\mbam-setup.exe [2010/03/05 20:03:58 | 004,099,881 | -H-- | M] () -- C:\Users\Diego\AppData\Local\IconCache.db [2010/03/04 23:51:12 | 000,215,128 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2010/03/04 17:08:00 | 000,138,384 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010/03/04 13:33:41 | 000,704,355 | ---- | M] () -- C:\Users\Diego\Desktop\wetland-1440-900-5013.jpg [2010/03/04 13:33:34 | 000,085,651 | ---- | M] () -- C:\Users\Diego\Desktop\sophia-bush-black-dress-1440-900-5015.jpg [2010/03/04 13:33:16 | 000,325,522 | ---- | M] () -- C:\Users\Diego\Desktop\hills-1440-900-5019.jpg [2010/03/04 01:28:57 | 000,003,360 | ---- | M] () -- C:\bootsqm.dat [2010/03/01 22:22:19 | 000,000,232 | ---- | M] () -- C:\Windows\reimage.ini [2010/03/01 18:08:13 | 001,520,232 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/03/01 18:08:13 | 000,663,766 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/03/01 18:08:13 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/03/01 18:08:13 | 000,129,764 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/03/01 18:08:13 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/03/01 17:37:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01005.Wdf [2010/03/01 17:37:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01005.Wdf [2010/03/01 17:37:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2010/03/01 13:48:14 | 000,002,585 | ---- | M] () -- C:\Users\Public\Desktop\RSD Lite.lnk [2010/02/28 13:27:03 | 009,803,682 | ---- | M] () -- C:\Users\Diego\Desktop\Vivo por Ella Andrea Bocelli & Sandy.mp3 [2010/02/27 20:14:52 | 006,661,465 | ---- | M] () -- C:\Users\Diego\Desktop\Inesquecível - Laura Pausini e Sandy.mp3 [2010/02/27 14:48:40 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/02/23 03:01:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010/02/18 14:01:25 | 000,001,044 | ---- | M] () -- C:\Users\Diego\AppData\Roaming\vso_ts_preview.xml [2010/02/10 13:56:44 | 000,000,752 | ---- | M] () -- C:\Windows\win.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/03/06 12:53:11 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/04 13:33:41 | 000,704,355 | ---- | C] () -- C:\Users\Diego\Desktop\wetland-1440-900-5013.jpg [2010/03/04 13:33:33 | 000,085,651 | ---- | C] () -- C:\Users\Diego\Desktop\sophia-bush-black-dress-1440-900-5015.jpg [2010/03/04 13:33:15 | 000,325,522 | ---- | C] () -- C:\Users\Diego\Desktop\hills-1440-900-5019.jpg [2010/03/04 01:28:57 | 000,003,360 | ---- | C] () -- C:\bootsqm.dat [2010/03/01 22:22:19 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini [2010/03/01 17:37:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Motousbnet_01005.Wdf [2010/03/01 17:37:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motfilt_01005.Wdf [2010/03/01 17:37:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01005.Wdf [2010/03/01 13:48:14 | 000,002,585 | ---- | C] () -- C:\Users\Public\Desktop\RSD Lite.lnk [2010/02/28 13:26:44 | 009,803,682 | ---- | C] () -- C:\Users\Diego\Desktop\Vivo por Ella Andrea Bocelli & Sandy.mp3 [2010/02/27 20:14:39 | 006,661,465 | ---- | C] () -- C:\Users\Diego\Desktop\Inesquecível - Laura Pausini e Sandy.mp3 [2010/02/27 14:48:40 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010/01/09 15:15:04 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2010/01/09 15:15:04 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2010/01/09 15:15:04 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2010/01/09 15:15:04 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2010/01/09 15:15:04 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2010/01/09 15:15:04 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2009/11/17 11:45:22 | 000,001,044 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\vso_ts_preview.xml [2009/11/17 11:45:07 | 000,000,034 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\pcouffin.log [2009/11/17 11:44:20 | 000,087,608 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\inst.exe [2009/11/17 11:44:20 | 000,007,887 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\pcouffin.cat [2009/11/17 11:44:20 | 000,001,144 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\pcouffin.inf [2009/11/16 12:08:07 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/11/15 21:31:22 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2009/11/08 16:08:28 | 000,000,093 | ---- | C] () -- C:\Users\Diego\AppData\Local\fusioncache.dat [2009/11/08 14:47:53 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini [2009/11/08 01:48:55 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009/11/08 01:48:55 | 000,022,328 | ---- | C] () -- C:\Users\Diego\AppData\Roaming\PnkBstrK.sys [2009/11/06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/01/01 09:11:06 | 000,002,045 | -H-- | C] () -- C:\ProgramData\whlb32g.dll [2002/03/16 21:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000079.DLL ========== LOP Check ========== [2010/02/07 22:13:42 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\AIMP [2009/12/26 10:15:08 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\AnvSoft [2009/12/04 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\DAEMON Tools Lite [2009/11/15 21:39:30 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\DAEMON Tools Pro [2009/12/05 01:13:16 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\fltk.org [2009/11/12 01:40:28 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Internet Download Accelerator [2009/12/04 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\KoshyJohn.com [2010/01/08 11:43:38 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Krento [2009/11/21 19:58:15 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\MegauploadToolbar [2010/01/01 13:19:08 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\minimem [2009/12/31 15:01:46 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Photo DVD Slideshow [2009/11/17 12:06:13 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Shareaza [2010/01/09 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Ulead Systems [2009/11/16 13:58:30 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\uTorrent [2009/12/13 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\VitySoft [2010/02/18 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Diego\AppData\Roaming\Vso [2010/02/06 17:54:12 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:A31FAD21 @Alternate Data Stream - 16 bytes -> C:\Users\Diego\Downloads:Shareaza.GUID < End of report > ------- Extras; ------- OTL Extras logfile created on: 06/03/2010 14:24:45 - Run 1 OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Diego\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 73,00% Memory free 6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 39,03 Gb Free Space | 26,19% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DIEGO-PC Current User Name: Diego Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3764746257-285268694-3461411006-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 "" = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis® "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2 "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0F55F69B-FB6C-5157-A5DC-B8AC58048A1A}" = ATI Catalyst Install Manager "{1C80931B-D271-A7E5-06D8-60C4D6DCCE69}" = Catalyst Control Center Graphics Previews Common "{1CA7ACD6-B21B-4240-AA05-4FC55F6E1046}" = Nero 8 "{1FCA1E50-EB4B-1722-1605-721CECC3B6D7}" = Catalyst Control Center Graphics Light "{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy "{20C42E1C-A610-A423-C59A-432EFDFA6D97}" = ccc-utility "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{23549DB2-183A-C2F1-F12A-4B20F386129A}" = CCC Help Greek "{267D1BAE-B645-CC3E-468B-1E94846CB003}" = CCC Help Portuguese "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17 "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{37F67C32-9414-4F67-B33A-056F1109724C}" = Minimem "{38E84C0B-74F8-2CD7-8401-9A9638676061}" = CCC Help Spanish "{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211) "{4511950B-88F9-302E-77F2-C953EF8045F8}" = Catalyst Control Center HydraVision Full "{49FDA7D8-B293-2E8B-19F3-0F10C110C4CC}" = CCC Help French "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV "{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1 "{5E1DE2DE-71B7-5C37-A8D2-949C143C863D}" = Catalyst Control Center Graphics Previews Vista "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193k "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5 "{AD0EE5BD-B8C0-9ACB-678A-C1AD9AC0BA60}" = ccc-core-static "{B2580E5E-F617-EAE5-04B2-0C49FAC1E24F}" = Catalyst Control Center Graphics Full Existing "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{BF24E54D-77C1-CDF8-054C-133FBB71EE90}" = Catalyst Control Center Graphics Full New "{C07A746C-E1A1-C0C3-A30C-EFB5ECE184C3}" = Catalyst Control Center Core Implementation "{C2C60D9F-0D6E-188C-1ADE-9DC3BF6ADA93}" = CCC Help Hungarian "{C2F9FF21-946D-8907-A45B-DF1414F43316}" = Catalyst Control Center Localization All "{C461FA1F-AEC4-451B-B6DF-59F75543B80A}" = RSDLite "{C849A1C0-B8CB-1BB0-62BB-362C2851FD0F}" = CCC Help German "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CF2C9A13-51A0-5640-0F57-76EC9A404D89}" = CCC Help Italian "{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}" = Motorola Driver Installation 3.5.0 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{F6F8D4EB-19B5-F561-B3FA-39467F65943F}" = CCC Help English "{F937EBB7-E475-DE6C-6CE7-46BDF5B12A4B}" = CCC Help Polish "{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AIMP2" = AIMP2 "Akamai" = Akamai NetSession Interface "Allied Intent Xtended" = Allied Intent Xtended 2.0 "Any Video Converter_is1" = Any Video Converter 3.0.1 "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Cool RingTone Maker_is1" = Cool RingTone Maker 1.1.7 "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DFX for Winamp" = DFX for Winamp "ENTERPRISE" = Microsoft Office Enterprise 2007 "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00 "Fotosizer" = Fotosizer 1.27 "Free Studio_is1" = Free Studio version 4.2 "GameSpy Arcade" = GameSpy Arcade "HijackThis" = HijackThis 2.0.2 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11 "InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010 "Internet Download Accelerator_is1" = Internet Download Accelerator version 5.7 "Krento_is1" = Kreno 1.0 "Left 4 Dead *REPACKED* [Team JPN]_is1" = Left 4 Dead "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter "Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8) "PakkISO_is1" = PakkISO 0.4 "Photo DVD Slideshow Professional" = Photo DVD Slideshow Pro 8.07 "Photo-Brush_is1" = Photo-Brush 5.2 "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 2.0.1 Lite "Shareaza_is1" = Shareaza 2.5.0.0 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3764746257-285268694-3461411006-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13/01/2010 19:15:21 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 8211 Description = Falha ao atualizar tokens de licença e chave do produto (Product Key) do Windows com 0xC004F050. Error - 13/01/2010 21:03:42 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3 ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c Erro Detalhado[?] Error - 13/01/2010 21:03:45 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3 ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c Erro Detalhado[?] Error - 13/01/2010 21:04:26 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F050 Pkey Parcial=3MBMV ACID=? Erro Detalhado[?] Error - 13/01/2010 21:04:26 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 8211 Description = Falha ao atualizar tokens de licença e chave do produto (Product Key) do Windows com 0xC004F050. Error - 13/01/2010 23:55:31 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3 ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c Erro Detalhado[?] Error - 13/01/2010 23:55:34 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F015 Pkey Parcial=Y8QH3 ACID=bfb30674-7c9a-4624-9309-9914cfd5b05c Erro Detalhado[?] Error - 13/01/2010 23:56:12 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 1017 Description = Falha na instalação do Comprovante da Compra. 0xC004F050 Pkey Parcial=3MBMV ACID=? Erro Detalhado[?] Error - 13/01/2010 23:56:12 | Computer Name = Diego-PC | Source = Software Protection Platform Service | ID = 8211 Description = Falha ao atualizar tokens de licença e chave do produto (Product Key) do Windows com 0xC004F050. Error - 14/01/2010 00:37:13 | Computer Name = Diego-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ Media Center Events ] Error - 22/02/2010 11:23:29 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 12:23:25 - Erro ao estabelecer conexão com a Internet. 12:23:25 - Não foi possível contatar o servidor.. Error - 23/02/2010 17:04:05 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:04:05 - Erro ao estabelecer conexão com a Internet. 18:04:05 - Não foi possível contatar o servidor.. Error - 23/02/2010 17:04:18 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:04:10 - Erro ao estabelecer conexão com a Internet. 18:04:10 - Não foi possível contatar o servidor.. Error - 24/02/2010 16:56:28 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 17:56:28 - Erro ao estabelecer conexão com a Internet. 17:56:28 - Não foi possível contatar o servidor.. Error - 24/02/2010 16:56:45 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 17:56:34 - Erro ao estabelecer conexão com a Internet. 17:56:34 - Não foi possível contatar o servidor.. Error - 25/02/2010 17:10:26 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:10:25 - Erro ao estabelecer conexão com a Internet. 18:10:26 - Não foi possível contatar o servidor.. Error - 25/02/2010 17:10:50 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:10:32 - Erro ao estabelecer conexão com a Internet. 18:10:32 - Não foi possível contatar o servidor.. Error - 03/03/2010 10:50:15 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 11:49:58 - Erro ao estabelecer conexão com a Internet. 11:49:58 - Não foi possível contatar o servidor.. Error - 05/03/2010 17:06:25 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:06:25 - Erro ao estabelecer conexão com a Internet. 18:06:25 - Não foi possível contatar o servidor.. Error - 05/03/2010 17:07:20 | Computer Name = Diego-PC | Source = MCUpdate | ID = 0 Description = 18:06:30 - Erro ao estabelecer conexão com a Internet. 18:06:30 - Não foi possível contatar o servidor.. [ System Events ] Error - 13/01/2010 23:51:54 | Computer Name = Diego-PC | Source = Service Control Manager | ID = 7023 Description = O serviço Publicação de Recursos de Descoberta de Função terminou com o erro: %%-2147014847 Error - 13/01/2010 23:54:09 | Computer Name = Diego-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 16/01/2010 10:18:16 | Computer Name = Diego-PC | Source = Service Control Manager | ID = 7023 Description = O serviço Publicação de Recursos de Descoberta de Função terminou com o erro: %%-2147014847 Error - 16/01/2010 18:20:35 | Computer Name = Diego-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 20:19:12 às ?16/?01/?2010 não era esperado. Error - 17/01/2010 14:43:39 | Computer Name = Diego-PC | Source = Service Control Manager | ID = 7023 Description = O serviço Publicação de Recursos de Descoberta de Função terminou com o erro: %%-2147014847 Error - 18/01/2010 23:56:39 | Computer Name = Diego-PC | Source = Service Control Manager | ID = 7023 Description = O serviço Publicação de Recursos de Descoberta de Função terminou com o erro: %%-2147014847 Error - 21/01/2010 10:56:50 | Computer Name = Diego-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 12:53:03 às ?21/?01/?2010 não era esperado. Error - 21/01/2010 18:03:50 | Computer Name = Diego-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 17:56:35 às ?21/?01/?2010 não era esperado. Error - 23/01/2010 16:55:17 | Computer Name = Diego-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 18:50:41 às ?23/?01/?2010 não era esperado. Error - 23/01/2010 16:57:00 | Computer Name = Diego-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 18:56:02 às ?23/?01/?2010 não era esperado. < End of report > -------------------- HiJackThis novamente; -------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:33:20, on 06/03/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\ZSSnp211.exe C:\Windows\Domino.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe C:\Windows\notepad.exe C:\HiJack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Minimem] C:\Program Files\Kerkia\Minimem\minimem.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000 O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EAB22D3E-1008-41AF-9945-B39EE093C700}: NameServer = 200.204.0.138 200.204.0.10 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 7249 bytes Bom... acho q ta tudo ai... espero resp. Abraçosss!!! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 6, 2010 • Execute o OTL.exe. • Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :FilesC:\Windows\System32\taskhost.exe C:\Windows\System32\sppsvc.exe :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-3764746257-285268694-3461411006-1001..\Run: [Minimem] C:\Program Files\Kerkia\Minimem\minimem.exe File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found O33 - MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\Shell - "" = AutoRun O33 - MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\Shell\AutoRun\command - "" = E:\JPN-L4D.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] :Commands [resethosts] [purity] [emptytemp] [Reboot] • Clique no botão Run Fix --> Aguarde a conclusão! • Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste! Compartilhar este post Link para o post Compartilhar em outros sites
VeLLkan 0 Denunciar post Postado Março 7, 2010 All processes killed ========== FILES ========== File move failed. C:\Windows\System32\taskhost.exe scheduled to be moved on reboot. File move failed. C:\Windows\System32\sppsvc.exe scheduled to be moved on reboot. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-3764746257-285268694-3461411006-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Minimem deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec481318-df58-11de-be56-0021970b5c53}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec481318-df58-11de-be56-0021970b5c53}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec481318-df58-11de-be56-0021970b5c53}\ not found. File E:\JPN-L4D.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. C:\Windows\msdownld.tmp folder deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrador User: All Users User: ASPNET User: Convidado User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Diego ->Temp folder emptied: 370592805 bytes ->Temporary Internet Files folder emptied: 56470065 bytes ->Java cache emptied: 37877392 bytes ->FireFox cache emptied: 57187747 bytes ->Flash cache emptied: 48723 bytes User: HomeGroupUser$ User: Public User: Todos os Usuários User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 5830114 bytes RecycleBin emptied: 4998826 bytes Total Files Cleaned = 508,00 mb OTL by OldTimer - Version 3.1.34.0 log created on 03072010_133954 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\taskhost.exe scheduled to be moved on reboot. File move failed. C:\Windows\System32\sppsvc.exe scheduled to be moved on reboot. File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot. File\Folder C:\Windows\temp\cchFE25.tmp not found! File\Folder C:\Windows\temp\cchFE26.tmp not found! Registry entries deleted on Reboot... Espero Resp. Abraçoss!!! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 8, 2010 Poste um novo log do hijacthis e nos diga como está o PC. Compartilhar este post Link para o post Compartilhar em outros sites
VeLLkan 0 Denunciar post Postado Março 9, 2010 Olá... o pc melhorou um pouco, mais ainda esta lento... eh estranho pq meu pc tem uma otima config; placa mãe A780GM-A BLACK SERIES, 4gb de memoria, hd 180gb, placa de video of board hd radeon 4870 512mb memoria GDDR5 etc... antes não estava lento, ficou depois. O problema do desligamento ainda continua... eu fui no sistema e desabilitei para não reiniciar mais sozinho se haver falha no sistema, soh para ver q tipo de erro a tela azul vai mostrar, lah diz q pode ser de hardware instalado recentimente ou software recente tbm (acho q esse problema pode ser resolvido com uma boa limpeza na maquina) Ai vai o novo log do hijackthis; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:01:25, on 09/03/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\ZSSnp211.exe C:\Windows\Domino.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\SearchFilterHost.exe C:\HiJack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - c:\program files\shareaza\razawebhook32.dll O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ZSSnp211] C:\Windows\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [uVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm O8 - Extra context menu item: Download with &Shareaza - res://c:\program files\shareaza\razawebhook32.dll/3000 O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe O9 - Extra button: Verificação de U&RLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 6737 bytes ABRAÇOSSS!!! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 9, 2010 Acesse este site: http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531 Clique em Siga as instruções de configuração do verificador conforme imagem abaixo. poste o log do scan aqui mesmo no tópico Compartilhar este post Link para o post Compartilhar em outros sites
VeLLkan 0 Denunciar post Postado Março 9, 2010 Oieee... não consegui passar a ferramenta... apareceu esse erro; Axo q pode ser a versão do meu kaspersky I.S. versão 10 para Win seven... Espero resp; ABS!!! Compartilhar este post Link para o post Compartilhar em outros sites
PedroN 1 Denunciar post Postado Março 9, 2010 É porque você essa versão acima que você relatou instalada no seu PC. • Faça um escaneamento,online,em: Eset Nod32 • Utilize o navegador Internet Explorer. • Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. • Marque a caixa: "YES, I accept the Terms of Use" --> Start. • Aceite a instalação do ActiveX e,ao terminar,salve e poste o relatório. ( C:\Arquivos de programas\EsetOnlineScanner\log ) Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Abril 10, 2010 Tópico Arquivado Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura. Compartilhar este post Link para o post Compartilhar em outros sites
