Ir para conteúdo



Este tópico foi arquivado e está fechado para novas respostas.


[Resolvido!] Banner's

Recommended Posts


Como anexei a imagem... podem ver que tem um banner de propaganda nessa página aleatória (Orkut), me aconselharam a usar o programa "HiJackThis", mas não sei usálo corretamente, eu fiz a verificação... e gostaria de saber como remover esses banner's do meu navegador...


Segue o LOG do Scan do HiJack:


Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:09:04, on 06/04/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal


Running processes:




C:\Program Files\Alwil Software\Avast5\AvastUI.exe


C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Level Up! Games\Lunia\InfoReporter.exe

C:\Level Up! Games\Lunia\InfoReporter.exe

D:\Garena Universal Maphack v5.0\Garena Universal MH.exe


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} - C:\Windows\system32\tt-_8t9_v_B.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O13 - Gopher Prefix:

O15 - Trusted Zone:

O15 - Trusted Zone:

O15 - Trusted Zone:

O15 - Trusted Zone:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe



End of file - 5411 bytes



Gostaria de saber o que devo fazer para corrigir esse problema dos banner's... se de fato é o ideal usar o HiJack... ou como faço para corrigir isso...



Ahh ! e aquele modo protegido que aparece na Imagem: Ativado / desativado, o que seria ? algumas páginas fica aparecendo "Ativado" e outras "Desativado" isso é normal mesmo ? :huh:


Grato desde já por sua atenção. :)


Aguardando Resposta... :mellow:




Compartilhar este post

Link para o post
Compartilhar em outros sites

Boa Tarde! nando_xd


<@> Baixe: < telecharger_zhpdiag_tests.jpg > ( by Nicolas Coolman )

<@> Descompacte-o para Arquivos de programas.

<@> Na pasta ZHPDiag,busque o ícone Diagnostic Tool. <-- Ícone do pergaminho!

<@> Instale-a e faça a verificação clicando em "Lancer le diagnostic". <-- Ícone da lupa!

<@> Aguarde sua finalização!

<@> Clique no menu "Copier dans le presse-papier". <-- Ícone da máquina fotográfica!

<@> Abra o "Bloco de Notas" --> Cole o relatório. ( Ctrl + V )

<@> Poste: Rapport de ZHPDiag v1.25.1343 <-- Texto!



Compartilhar este post

Link para o post
Compartilhar em outros sites

Rapport de ZHPDiag v1.25.1347 par Nicolas Coolman

Run by User at 06/04/2010 11:36:09

Web site :


---\\ Web Browser

MSIE: Internet Explorer v8.0.7600.16385


---\\ System Information

Platform : Windows 7 Ultimate (6.1.7600)

Processor: x86 Family 15 Model 67 Stepping 3, AuthenticAMD

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3071 MB (67% free)

System drive C: has 19 GB (39%) free of 49 GB


---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 49 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 47 Go of 100 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

F:\ CD-ROM drive (Not Inserted)

G:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK



---\\ Processus lancés

[MD5.E43A851F7B12DE589424D6C656155CFC] - (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712]

[MD5.8112D0DACAE746290FC87B3A980FA719] - (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136]

[MD5.60E91D2BCC467842B478E8F3A5BF7C16] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328]

[MD5.E22AD1580972342A2A25B51B5EEEA1D1] - (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2757512]

[MD5.8784E77637323A535D26F566979EDC71] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe [762208]

[MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040]

[MD5.DEBF453A1DCF37AB8922AE7CD3FBCB74] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840]

[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480]



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=explorer.exe



---\\ Pages de recherche d'Internet Explorer (R1)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =



---\\ Internet Explorer URLSearchHook (R3)

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll



---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} . (.Headlight Software, Inc. - GetRight's IE & NS Click Monitoring. www.g.) -- C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll



---\\ Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] . (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe

O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe

O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Download with GetRight . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\GetRight\GRbrowse.htm



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)



---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () -

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r45.) -- C:\Windows\system32\Macromed\Flash\Flash10e.ocx



---\\ Logiciels installés (O42)

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..)

O42 - Logiciel: Adobe Anchor Service CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Bridge CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe CMaps CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe CSI CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Color - Photoshop Specific CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Color EU Extra Settings CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Color JA Extra Settings CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Color NA Recommended Settings CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Color Video Profiles CS CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Default Language CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Device Central CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Drive CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe ExtendScript Toolkit CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Extension Manager CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Linguistics CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Output Module - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe PDF Library Files CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Photoshop CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Photoshop CS4 Support - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Search for Help - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Service Manager Extension - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Type Support CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe Update Manager CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.)

O42 - Logiciel: Adobe XMP Panels CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: AdobeColorCommonSetCMYK - (.Adobe Systems Incorporated.)

O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.)

O42 - Logiciel: Arquivo do WinRAR - (.Pas de propriétaire.)

O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.)

O42 - Logiciel: Connect - (.Adobe Systems Incorporated.)

O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.)

O42 - Logiciel: DirectVobSub (remove only) - (.Pas de propriétaire.)

O42 - Logiciel: EA Download Manager UI - (.Electronic Arts.)

O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.)

O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.)

O42 - Logiciel: Garena 2010 - (.Garena Online Pte Ltd..)

O42 - Logiciel: Gerenciador de Downloads da EA - (.Electronic Arts, Inc..)

O42 - Logiciel: GetRight - (.Headlight Software, Inc..)

O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..)

O42 - Logiciel: LoudMo Contextual Ad Assistant - (.Pas de propriétaire.)

O42 - Logiciel: Lunia - (.Pas de propriétaire.)

O42 - Logiciel: MSVCRT - (.Microsoft.)

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.)

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.)

O42 - Logiciel: MV RegClean 5.0 - (.Pas de propriétaire.)

O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.)

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Office Professional Edição 2003 - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.)

O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..)

O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.)

O42 - Logiciel: Nero 8 - (.Nero AG.)

O42 - Logiciel: PDF Settings CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.)

O42 - Logiciel: Photoshop Camera Raw - (.Adobe Systems Incorporated.)

O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.)

O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.)

O42 - Logiciel: TeamSpeak 2 RC2 - (.Dominating Bytes Design.)

O42 - Logiciel: The Sims™ 3 - (.Electronic Arts.)

O42 - Logiciel: The Sims™ 3 Volta ao Mundo - (.Electronic Arts.)

O42 - Logiciel: USB Dual Vibration Joystick - (.GASIA.)

O42 - Logiciel: VCRedistSetup - (.Nero AG.)

O42 - Logiciel: VDownloader 1.12 - (.Enrique Puertas.)

O42 - Logiciel: Winamp - (.Nullsoft, Inc.)

O42 - Logiciel: Winamp: Detectar Aplicação - (.Nullsoft, Inc.)

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.)

O42 - Logiciel: Windows Live OneCare safety scanner - (.Microsoft Corporation.)

O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.)

O42 - Logiciel: kuler - (.Adobe Systems Incorporated.)

O42 - Logiciel: neroxml - (.Nero AG.)

O42 - Logiciel: µTorrent - (.Pas de propriétaire.)


---\\ HKCU & HKLM Software Keys

[HKCU\Software\ALWIL Software]






[HKCU\Software\Blizzard Entertainment]


[HKCU\Software\DVD Shrink]

[HKCU\Software\Electronic Arts]

[HKCU\Software\Foxit Software]





[HKCU\Software\IM Providers]




[HKCU\Software\NVIDIA Corporation]






[HKCU\Software\Safer Networking Limited]

[HKCU\Software\VB and VBA Program Settings]

[HKCU\Software\WinRAR SFX]



[HKLM\Software\ALWIL Software]


[HKLM\Software\ATI Technologies]



[HKLM\Software\America Online]







[HKLM\Software\Electronic Arts]

[HKLM\Software\Foxit Software]










[HKLM\Software\Level Up!]



[HKLM\Software\NVIDIA Corporation]







[HKLM\Software\Safer Networking Limited]


[HKLM\Software\Soeperman Enterprises Ltd.]







---\\ Contenu des dossiers Fichiers Communs (O43)

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files

O43 - CFD:Common File Directory ----D- C:\Program Files\DirectVobSub

O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Maker

O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink

O43 - CFD:Common File Directory ----D- C:\Program Files\Electronic Arts

O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software

O43 - CFD:Common File Directory ----D- C:\Program Files\Garena

O43 - CFD:Common File Directory ----D- C:\Program Files\GbPlugin

O43 - CFD:Common File Directory ----D- C:\Program Files\GetRight

O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer

O43 - CFD:Common File Directory ----D- C:\Program Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Marcos Velasco Security

O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE

O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET

O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild

O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0

O43 - CFD:Common File Directory ----D- C:\Program Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies

O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy

O43 - CFD:Common File Directory ----D- C:\Program Files\Teamspeak2_RC2

O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information

O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent

O43 - CFD:Common File Directory ----D- C:\Program Files\VDOWNLOADER

O43 - CFD:Common File Directory ----D- C:\Program Files\VID_0E8F&PID_0012

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp

O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Safety Center

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices

O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar

O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe AIR

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\eBay

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System

O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.9325E7160CAAD5C87709EC4A2618AE1D] - 06/04/2010 - 08:33:00 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14016]

O44 - LFC:[MD5.9325E7160CAAD5C87709EC4A2618AE1D] - 06/04/2010 - 08:33:00 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14016]

O44 - LFC:[MD5.69BB7541337F6B995268C0AE62C761DB] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1491932]

O44 - LFC:[MD5.4BAB810C8FC9E2AA406FD9F6FD4E4913] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [103370]

O44 - LFC:[MD5.45D7364AD19A34E0CA5E514C820D4A6D] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [606992]

O44 - LFC:[MD5.EBBA203672725C1DDE3688D3DE9E090B] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\prfc0416.dat [124724]

O44 - LFC:[MD5.B18621F32B4E25A8FEEC5A9EEBB70627] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\prfh0416.dat [654272]

O44 - LFC:[MD5.09F9164644235F1C132F1B4C6CA7A350] - 06/04/2010 - 08:27:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [26879]

O44 - LFC:[MD5.C159444487597BC90D4B2FA01D7453E9] - 06/04/2010 - 08:27:46 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.FFC275C82998842D86C30DB6470B3BDA] - 27/03/2010 - 03:11:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\C_B-SLemLmKu.exe [111513]

O44 - LFC:[MD5.4585780A8EB71D86DF64553B34BA8F79] - 22/03/2010 - 21:19:20 ---A- . (.Microsoft Corporation - Lernout & Hauspie Codecs.) -- C:\Windows\System32\lhacm.acm [34064]

O44 - LFC:[MD5.44BE46050DADC76A9BA1FC2D8F063EB0] - 22/03/2010 - 09:21:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\tt-_8t9_v_B.dll [1122304]

O44 - LFC:[MD5.775C9F6DC67871B3332DFFEB25AFBC47] - 16/03/2010 - 12:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [540164]

O44 - LFC:[MD5.96D82B7F493C5F30DFA05FF61B44B5A5] - 16/03/2010 - 11:40:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PatchLog.txt [12224]



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)

O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll



---\\ MountPoints2 Shell Key (MPSK) (O51)

O51 - MPSK:{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command. (.Electronic Arts - Autorun Application.) -- F:\Autorun.exe



---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . ( - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll

O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . ( - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . ( - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll



---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0



---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.6D7F09CD92A9FEF3A8EFCE66231FDD79] - 14/08/2008 - 06:57:42 ---A- . (.Adobe Systems, Inc. - Adobe Drive File System Driver.) -- C:\Windows\system32\drivers\adfs.sys

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys

O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys

O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys

O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 08:56:20 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys

O58 - SDL:[MD5.48F78E2A3C14C6650D520A5EEF014965] - 28/01/2010 - 18:54:05 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys

O58 - SDL:[MD5.233731BE626965722E6C686EB336C2ED] - 28/01/2010 - 18:54:27 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys

O58 - SDL:[MD5.EA9E4EF3F81E3EDDFACC9348AF2991D0] - 28/01/2010 - 18:54:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys

O58 - SDL:[MD5.78627992C6CAF344B318B16533B075E0] - 28/01/2010 - 18:57:34 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys

O58 - SDL:[MD5.B7DD2D1ACB6EF82FD7B8EEE947D1753B] - 28/01/2010 - 18:57:55 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys

O58 - SDL:[MD5.AACCCBA11D23B5AF02DD8B2EB3C4427C] - 18/02/2010 - 10:20:44 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\system32\drivers\gbpkm.sys

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys

O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys

O58 - SDL:[MD5.8B75F652726A2BA3197860F300514E3F] - 27/09/2009 - 22:12:22 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 191.07.) -- C:\Windows\system32\drivers\nvlddmkm.sys

O58 - SDL:[MD5.B5E37E31C053BC9950455A257526514B] - 13/07/2009 - 19:02:52 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvm62x32.sys

O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys

O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS



---\\ Alternate Data Stream File (ADS) (O62)

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\config\

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\FxsTmp\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\ias\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Msdtc\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\NetworkList\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Tasks\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wdi\

O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wfp\

O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst



---\\ Observateur d'évènement d'application (OEA) (O66)

O66 - EventLog: ID=10005 (MsiInstaller) - (.Pas de propriétaire - Pas de description.) -- C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD- (.not file.)



---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe




End of the scan (488 lines in 00mn 15s)

Compartilhar este post

Link para o post
Compartilhar em outros sites

Boa Tarde! nando_xd


<!> Leia: < Como funciona o modo protegido do Internet Explorer? >



<@> Abra a ferramenta "ZHPDiag".

<@> Clique no menu "ZHPFix" < PanelZHPFix.jpg > --> OK.

<@> Selecione a(s) linha(s) que está(ão) no Quote,marcando a(s) caixinha(s). ( Space )


O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.)

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O66 - EventLog: ID=10005 (MsiInstaller) - (.Pas de propriétaire - Pas de description.) -- C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD- (.not file.)

<@> Á seguir,clique em "Nettoyer" --> Aguarde!

<@> Ps: Selecione e copie,esta tela,para o Bloco de Notas.

<@> Poste seu conteúdo: Rapport de suppression .. <-- Texto!



<@> Faça um escaneamento,online,em:




<@> Ps: Utilize o navegador Internet Explorer.

<@> Clique em: < online_scanner_button.jpg >

<@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar.

<@> Marque a caixa: "YES, I accept the Terms of Use" --> Start.

<@> Aceite a instalação do ActiveX --> Dê início ao scan.

<@> Concluindo,poste o relatório: C:\Program Files\EsetOnlineScanner\log.txt



Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam, quando seleciono as linhas indicadas e clico em "Nettoyer" aparece a seguinte mensagem: "Erreur système. Code: 740.

A operação solicitada requer elevação."

E depois fica como se tivesse carregando... uma ampulhetinha sabe...


Isso é normal ? sigo para o próximo passo que tu indicou ? ou aconteceu de fato algum erro ? :ermm:

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam, quando seleciono as linhas indicadas e clico em "Nettoyer" aparece a seguinte mensagem: "Erreur système. Code: 740.

A operação solicitada requer elevação."

E depois fica como se tivesse carregando... uma ampulhetinha sabe...


Isso é normal ? sigo para o próximo passo que tu indicou ? ou aconteceu de fato algum erro ? :ermm:


Opa! nando_xd


<!> A operação foi executada,estando como Administrador? <-- Importante!

<!> Se for o caso,tente em Modo Seguro.



Compartilhar este post

Link para o post
Compartilhar em outros sites

Sim DigRam, foi executada a ação na conta do Administrador.


se persistir o erro, entro no windows com modo de segurança e tento executar... ?


seria isso ? :huh:



Sim! É isso mesmo.

Ps: Desabilite,também,o TeaTimer no Spybot.




Certo DigRam, como estava no Administrador mesmo... e não funcionou, reiniciei meu computador, entrei como modo de segurança e segue abaixo o LOG do ZHPDiag, que você pediu... após selecionar as linhas e clicar em "Nettoyer":



ZHPFix v1.12.3081 by Nicolas Coolman - Rapport de suppression du 06/04/2010 12:58:12

Fichier d'export Registre : D:\ZHPExportRegistry-06-04-2010-12-58-12.txt

Web site :



Processus mémoire :



Module mémoire :



Clé du Registre :

O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dll => Clé supprimée avec succès

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Clé supprimée avec succès

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) => Clé absente


Valeur du Registre :

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. => Valeur supprimée avec succès


Elément de données du Registre :



Dossier :



Fichier :

c:\windows\system32\tt-_8t9_v_b.dll => Fichier supprimé au reboot

c:\windows\installer\{f9fd80ce-0448-4d4f-8bcd- => Fichier absent


Logiciel :



Script Registre :



Autre :




Récapitulatif :

Processus mémoire : 0

Module mémoire : 0

Clé du Registre : 3

Valeur du Registre : 1

Elément de données du Registre : 0

Dossier : 0

Fichier : 2

Logiciel : 0

Autre : 0



End of the scan


Agora estou fazendo o 2º passo que tu falou... aquele escaneamento ON-LINE...


após acabar aqui o escaneamento tenho de postar novamente o resultado do mesmo né ?! :)






Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam, sigo as instruções passadas por ti para fazer a tal verificação ON-LINE, e quando abre uma nova janelinha para marcar a caixa "YES, I accept the Terms of Use" e clico em "START"


ele abre aquela janela com as opções "REPETIR" ou "CANCELAR" como se eu tivesse atualizado a página...

além do que demora um tempão para aparecer o comando ActiveX, e quando clico pra aceitar a instalação do ActiveX e dar início ao scan... ele atualiza a página e volta a estaca zero.


O que pode estar acontecendo ??


Obrigado por sua atenção.


Luiz =]

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam, sigo as instruções passadas por ti para fazer a tal verificação ON-LINE, e quando abre uma nova janelinha para marcar a caixa "YES, I accept the Terms of Use" e clico em "START"


ele abre aquela janela com as opções "REPETIR" ou "CANCELAR" como se eu tivesse atualizado a página...

além do que demora um tempão para aparecer o comando ActiveX, e quando clico pra aceitar a instalação do ActiveX e dar início ao scan... ele atualiza a página e volta a estaca zero.


O que pode estar acontecendo ??


Obrigado por sua atenção.


Luiz =]


Opa! nando_xd


<!> Desabilite a proteção residente,no Avast...e tente novamente.

<!> Ps: Utlize o navegador Internet Explorer.



Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam, desabilitei o Avast!, e sim, estou usando o Internet Explorer, e quando aparece a mensagem no topo da página para eu aceitar a instalação do ActiveX, eu clico, aceito a instalação e mesmo com o Avast! desabilitado ele atualiza a página... e continua voltando a estaca zero "/


O que mais poderia ser ? õ.Ô







Ah ! LoL


depois de 1000 tentativas agora funcionou :D



<!> Já era sem tempo! rsr..



Compartilhar este post

Link para o post
Compartilhar em outros sites

Depois que terminou o Scan no arquivo de texto "Log" na pasta "C:\Program Files\ESET\ESET Online Scanner" , ficou assim escrito:


ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK


Eu fiz o escaneamento e ficou só isso... está correto ou devo fazer o escaneamento novamente ? :huh:




A propósito agora notei que na pasta "C:\Program Files\ESET\ESET Online Scanner" , tinha um arquivo chamado "ESETSmartInstaller", instalo ele e faço o escaneamento pelo mesmo ? ou faço o escaneamento por aquela janelinha que abre quando eu clico em "ESET ONLINE SCANNER" ?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Depois que terminou o Scan no arquivo de texto "Log" na pasta "C:\Program Files\ESET\ESET Online Scanner" , ficou assim escrito:


ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK


Eu fiz o escaneamento e ficou só isso... está correto ou devo fazer o escaneamento novamente ? :huh:




A propósito agora notei que na pasta "C:\Program Files\ESET\ESET Online Scanner" , tinha um arquivo chamado "ESETSmartInstaller", instalo ele e faço o escaneamento pelo mesmo ? ou faço o escaneamento por aquela janelinha que abre quando eu clico em "ESET ONLINE SCANNER" ?


Opa! nando_xd


<!> Não! Faça por este: Kaspersky <--



<@> Acesse: < Kaspersky Online Scanner >

<@> Clique em Accept.

<@> Na janela "Segurança do Java",clique em Aceitar.

<@> Aguarde a atualização do banco de dados. ( Update em 100% )

<@> Ps: Desabilite seu antivírus ou firewall.

<@> Dê início ao scan,clicando em "My Computer",dentre outras opções.

<@> Ps: Para um escaneamento mais rápido,escolha: "Critical areas"

<@> Terminando,obtenha o relatório clicando em "View report".

<@> Poste-o na sua resposta.



Compartilhar este post

Link para o post
Compartilhar em outros sites

Você tinha me dito para fazer o escaneamento pelo ESET... então esqueço tudo ... e faço por esse Kaspersky e re-posto o resultado ? O que me aconselhas ? a fazer o escaneamento normal ou o que é mais rápido ?



<!> O normal,é mais completo,demandando várias horas de escaneamento. Fica,portanto,à seu critério sua utilização!



Compartilhar este post

Link para o post
Compartilhar em outros sites

Ok, obrigado Dig, vou fazer o escaneamento e volto a postar para que possamos resolver meu problema.


Obrigado desde já... por sua atenção e dedicar seu tempo a ajudar as pessoas.


Abração cara.


Obrigado, de verdade. ^_^


DigRam, como indicado... aqui seguem as SS's do resultado do escaneamento geral pelo Kaspersky:


Qual seria o próximo passo agora ? =x

Compartilhar este post

Link para o post
Compartilhar em outros sites

Boa Noite! nando_xd


<!> Ps: As detecções em Kaspersky,não foram críticas...mas terão que ser removidas.



<@> Baixe: < otlDesktopIcon.png > ( OldTimer Tools )

<@> Salve-o no desktop!




<@> Segundo a imagem,mude a opção em "Output" para "Minimal Output".

<@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

<@> Marque as caixas:


<!> [] LOP check e [] Purity check


<@> Clique em: < runscanbutton.png > --> Aguarde!

<@> Poste: OTL.txt <--



Compartilhar este post

Link para o post
Compartilhar em outros sites

Segue abaixo OTL.txt:



OTL logfile created on: 06/04/2010 22:57:15 - Run 1

OTL by OldTimer - Version Folder = C:\Downloads

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 18,49 Gb Free Space | 37,93% Space Free | Partition Type: NTFS

Drive D: | 99,90 Gb Total Space | 55,30 Gb Free Space | 55,36% Space Free | Partition Type: NTFS

Drive E: | 325,00 Mb Total Space | 72,97 Mb Free Space | 22,45% Space Free | Partition Type: NTFS

Drive F: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

Drive H: | 1,94 Gb Total Space | 1,38 Gb Free Space | 71,11% Space Free | Partition Type: FAT32

I: Drive not present or media not loaded


Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal


========== Processes (SafeList) ==========


PRC - C:\Downloads\OTL.exe (OldTimer Tools)

PRC - D:\utorrent.exe (BitTorrent, Inc.)

PRC - C:\PROGRA~1\GbPlugin\GbpSv.exe ( )

PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\GetRight\GETRIGHT.EXE (Headlight Software, Inc.)



========== Modules (SafeList) ==========


MOD - C:\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\\comctl32.dll (Microsoft Corporation)



========== Win32 Services (SafeList) ==========


SRV - (GbpSv) -- C:\PROGRA~1\GbPlugin\GbpSv.exe ( )

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) Instalador do ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)



========== Driver Services (SafeList) ==========


DRV - (GarenaPEngine) -- C:\Users\User\AppData\Local\Temp\JMBB693.tmp ()

DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========




IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2010/02/09 11:06:31 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts:

O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: ([www] * in Sites confiáveis)

O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: ([www14] * in Sites confiáveis)

O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: ([www2] * in Sites confiáveis)

O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: ([www] * in Sites confiáveis)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18)


O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2009/09/21 16:58:33 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\ [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========


[2010/04/06 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real

[2010/04/06 20:17:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/04/06 20:17:53 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/04/06 20:17:53 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/04/06 20:17:53 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/04/06 20:17:49 | 000,839,680 | ---- | C] ( -- C:\Windows\System32\lameACM.acm

[2010/04/06 20:17:49 | 000,217,088 | ---- | C] ( -- C:\Windows\System32\yv12vfw.dll

[2010/04/06 20:17:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/04/06 20:17:48 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2010/04/06 20:17:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2010/04/06 20:17:45 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll

[2010/04/06 20:17:45 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll

[2010/04/06 20:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/03/24 21:38:49 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads

[2010/03/24 21:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/03/24 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\uTorrent

[2010/03/24 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub

[2010/03/23 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2

[2010/03/22 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\teamspeak2

[2010/03/22 21:19:20 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm

[2010/03/08 11:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/03/02 13:50:49 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll


========== Files - Modified Within 30 Days ==========


[2010/04/06 22:59:37 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010/04/06 20:29:00 | 000,004,608 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/06 20:17:28 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/04/06 20:17:28 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/04/06 20:17:28 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/04/06 20:17:28 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/04/06 20:17:28 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/04/06 13:04:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/04/06 13:04:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/04/06 12:59:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/04/06 12:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/04/06 12:59:35 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/27 03:11:31 | 000,111,513 | ---- | M] () -- C:\Windows\System32\C_B-SLemLmKu.exe

[2010/03/22 21:19:20 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm

[2010/03/22 09:21:58 | 001,122,304 | ---- | M] () -- C:\Windows\System32\tt-_8t9_v_B.dll

[2010/03/14 15:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/03/14 15:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll

[2010/03/14 15:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll

[2010/03/14 15:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll

[2010/03/14 15:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll

[2010/03/14 15:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini


========== Files Created - No Company Name ==========


[2010/04/06 20:18:36 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/06 20:17:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/04/06 20:17:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/04/06 20:17:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/04/06 20:17:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010/04/06 20:17:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/04/06 20:17:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/04/06 20:17:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/04/06 20:17:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/03/27 03:11:31 | 000,111,513 | ---- | C] () -- C:\Windows\System32\C_B-SLemLmKu.exe

[2010/03/22 09:21:58 | 001,122,304 | ---- | C] () -- C:\Windows\System32\tt-_8t9_v_B.dll

[2010/02/04 07:22:42 | 000,001,240 | RHS- | C] () -- C:\Users\User\ntuser.pol

[2010/02/03 14:48:37 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/03 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010/02/03 12:58:14 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010/02/03 12:58:13 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1

[2010/02/03 12:58:13 | 000,000,000 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2

[2010/02/03 12:58:12 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT

[2009/07/24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys


========== LOP Check ==========


[2010/02/03 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit

[2010/04/06 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRight

[2010/04/06 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent

[2009/07/14 01:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT


========== Purity Check ==========




========== Alternate Data Streams ==========


@Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:D8655249_Bb.gbp

< End of report >





Compartilhar este post

Link para o post
Compartilhar em outros sites

Bom Dia! nando_xd


<@> Execute o OTL.exe.

<@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes )








O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found

O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found





<@> Clique no botão Run Fix --> Aguarde a conclusão!

<@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!



<@> Baixe: < a2ppf_banner.jpg > ( EmsiSoft )

<@> Salve-o em Arquivos de programas.

<@> Abra o programa e clique em: Atualizar agora --> Aguarde!

<@> Terminando,clique em: "Scan PC"

<@> Nas "Configurações da análise",deixe da seguinte forma:


Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\

Análise de arquivos: Ligado

Heurística: Desligado <-- Importante!

Análise de ADS: Ligado

<@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar".

<@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena".

<@> Salve e poste o relatório desta verificação. ( a2scan_xxyy10-xxxxxx.txt ) <--



Compartilhar este post

Link para o post
Compartilhar em outros sites

Após a verificação rápida segue abaixo o diagnóstico :


OTL logfile created on: 07/04/2010 09:13:39 - Run 1

OTL by OldTimer - Version Folder = D:\

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy


3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]


%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 48,73 Gb Total Space | 19,18 Gb Free Space | 39,35% Space Free | Partition Type: NTFS

Drive D: | 99,90 Gb Total Space | 55,23 Gb Free Space | 55,28% Space Free | Partition Type: NTFS

Drive E: | 325,00 Mb Total Space | 72,97 Mb Free Space | 22,45% Space Free | Partition Type: NTFS

Drive F: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded


Computer Name: USER-PC

Current User Name: User

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan


========== Processes (SafeList) ==========


PRC - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

PRC - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) -- C:\PROGRA~1\GbPlugin\GbpSv.exe

PRC - [2010/01/28 19:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/24 14:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe

PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe



========== Modules (SafeList) ==========


MOD - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe

MOD - [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 22:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\\comctl32.dll



========== Win32 Services (SafeList) ==========


SRV - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv)

SRV - [2010/02/03 14:56:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV)

SRV - [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)



========== Standard Registry (SafeList) ==========



========== Internet Explorer ==========



IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2010/02/09 11:06:31 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts:

O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm ()

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm ()

O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: ([www] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: ([www14] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: ([www2] * in Sites confiáveis)

O15 - HKCU\..Trusted Domains: ([www] * in Sites confiáveis)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Plug-in 1.6.0_18)


O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil)

O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2009/09/21 16:58:33 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\ [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 14 Days ==========


[2010/04/07 09:01:20 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/04/06 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real

[2010/04/06 20:17:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll

[2010/04/06 20:17:49 | 000,839,680 | ---- | C] ( -- C:\Windows\System32\lameACM.acm

[2010/04/06 20:17:49 | 000,217,088 | ---- | C] ( -- C:\Windows\System32\yv12vfw.dll

[2010/04/06 20:17:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm

[2010/04/06 20:17:48 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll

[2010/04/06 20:17:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll

[2010/04/06 20:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack

[2010/03/24 21:38:49 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads

[2010/03/24 21:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent

[2010/03/24 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\uTorrent

[2010/03/24 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub

[2010/03/02 13:50:49 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll


========== Files - Modified Within 14 Days ==========


[2010/04/07 09:15:20 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT

[2010/04/07 09:08:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/04/07 09:08:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/04/07 09:07:18 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/04/07 09:07:18 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/04/07 09:07:18 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/04/07 09:07:18 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/04/07 09:07:18 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/04/07 09:03:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/04/07 09:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/04/07 09:02:51 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/27 03:11:31 | 000,111,513 | ---- | M] () -- C:\Windows\System32\C_B-SLemLmKu.exe


========== Files Created - No Company Name ==========


[2010/04/06 20:17:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2010/04/06 20:17:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2010/04/06 20:17:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml

[2010/04/06 20:17:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2010/04/06 20:17:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/04/06 20:17:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/04/06 20:17:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2010/04/06 20:17:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2010/03/27 03:11:31 | 000,111,513 | ---- | C] () -- C:\Windows\System32\C_B-SLemLmKu.exe

[2010/03/22 09:21:58 | 001,122,304 | ---- | C] () -- C:\Windows\System32\tt-_8t9_v_B.dll

[2010/02/04 07:22:42 | 000,001,240 | RHS- | C] () -- C:\Users\User\ntuser.pol

[2010/02/03 14:48:37 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/02/03 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010/02/03 12:58:14 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010/02/03 12:58:13 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1

[2010/02/03 12:58:13 | 000,000,000 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2

[2010/02/03 12:58:12 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT

[2009/07/24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini

[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys


========== LOP Check ==========


[2010/02/03 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit

[2010/04/07 08:58:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRight

[2010/04/07 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent

[2009/07/14 01:53:46 | 000,021,444 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT


========== Purity Check ==========




========== Custom Scans ==========



< :files >


< C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini >


< C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe >


< C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 >


< C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 >


< :otl >


< O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found >


< O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found >


< O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found >

Invalid Switch: pagefile) - File not found


< O34 - HKLM BootExecute: (autocheck autochk *) - File not found >


< :Commands >


< [purity] >


< [emptytemp] >


< [Reboot] >


========== Alternate Data Streams ==========


@Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst

@Alternate Data Stream - 2 bytes -> C:\Windows\System32:D8655249_Bb.gbp


< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

Segue abaixo o relatório do a-squared :


a-squared Free - Versão 4.5

Última atualização 07/04/2010 10:59:27


Configurações da análise:


Scan type: deep

Objetos: Memória, Rastros, Cookies, C:\, D:\, E:\

Análise de arquivos: Ligado

Heurística: Desligado

Análise de ADS: Ligado


Início da análise: 07/04/2010 11:00:23


C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@casalemedia[2].txt detectado: Trace.TrackingCookie.casalemedia!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[2].txt detectado:!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[3].txt detectado:!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[1].txt detectado:!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[1].txt detectado:!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revenue[2].txt detectado: Trace.TrackingCookie.revenue!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[1].txt detectado: Trace.TrackingCookie.specificclick!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@statcounter[1].txt detectado: Trace.TrackingCookie.statcounter!A2

C:\Program Files\Common Files\eBay\eBayLauncher.exe detectado: Trojan.Win32.Click.Yabector!A2

C:\Windows\System32\tt-_8t9_v_B.dll detectado: Riskware.AdWare.Win32.EZula!IK

C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\Local\Temp\update_flash11.0.4b.exe detectado: Trojan.Win32.Vilsel!IK

C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 detectado: Trojan.Win32.Vilsel!IK

C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 detectado: Trojan.Win32.Vilsel!IK




Arquivos: 236890

Objetos: 573567

Cookies: 120

Processos: 42




Arquivos: 5

Objetos: 0

Cookies: 9

Processos: 0

Chaves do registro: 0


Fim da análise: 07/04/2010 11:53:23

Duração da análise: 0:53:00


C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\Local\Temp\update_flash11.0.4b.exe Em quarentena Trojan.Win32.Vilsel!IK

C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 Em quarentena Trojan.Win32.Vilsel!IK

C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 Em quarentena Trojan.Win32.Vilsel!IK

C:\Windows\System32\tt-_8t9_v_B.dll Em quarentena Riskware.AdWare.Win32.EZula!IK

C:\Program Files\Common Files\eBay\eBayLauncher.exe Em quarentena Trojan.Win32.Click.Yabector!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@statcounter[1].txt Em quarentena Trace.TrackingCookie.statcounter!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[1].txt Em quarentena Trace.TrackingCookie.specificclick!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revenue[2].txt Em quarentena Trace.TrackingCookie.revenue!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[1].txt Em quarentena!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\[2].txt Em quarentena!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2

C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@casalemedia[2].txt Em quarentena Trace.TrackingCookie.casalemedia!A2


Em quarentena


Arquivos: 5

Objetos: 0

Cookies: 12


Compartilhar este post

Link para o post
Compartilhar em outros sites


PS: tentei mover todos os objetos que apareceram, marquei todas as caixinhas e cliquei em mover para quarentena... mas ficaram 2 que dizem o seguinte quando tento enviar para quarentena: "C:\Users\User\AppData\Roaming\Microsoft\Windows cannot be deleted! Please remove the write protection"

E ficam ali, não vão para quarentena, continuam ali marcados no diagnóstico.



Compartilhar este post

Link para o post
Compartilhar em outros sites


Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.