nando_xd 0 Denunciar post Postado Abril 6, 2010 Como anexei a imagem... podem ver que tem um banner de propaganda nessa página aleatória (Orkut), me aconselharam a usar o programa "HiJackThis", mas não sei usálo corretamente, eu fiz a verificação... e gostaria de saber como remover esses banner's do meu navegador... Segue o LOG do Scan do HiJack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:09:04, on 06/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\vVX1000.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Level Up! Games\Lunia\InfoReporter.exe C:\Level Up! Games\Lunia\InfoReporter.exe D:\Garena Universal Maphack v5.0\Garena Universal MH.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe D:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} - C:\Windows\system32\tt-_8t9_v_B.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 5411 bytes Gostaria de saber o que devo fazer para corrigir esse problema dos banner's... se de fato é o ideal usar o HiJack... ou como faço para corrigir isso... Ahh ! e aquele modo protegido que aparece na Imagem: Ativado / desativado, o que seria ? algumas páginas fica aparecendo "Ativado" e outras "Desativado" isso é normal mesmo ? :huh: Grato desde já por sua atenção. :) Aguardando Resposta... :mellow: Luiz. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Boa Tarde! nando_xd <@> Baixe: < > ( by Nicolas Coolman ) <@> Descompacte-o para Arquivos de programas. <@> Na pasta ZHPDiag,busque o ícone Diagnostic Tool. <-- Ícone do pergaminho! <@> Instale-a e faça a verificação clicando em "Lancer le diagnostic". <-- Ícone da lupa! <@> Aguarde sua finalização! <@> Clique no menu "Copier dans le presse-papier". <-- Ícone da máquina fotográfica! <@> Abra o "Bloco de Notas" --> Cole o relatório. ( Ctrl + V ) <@> Poste: Rapport de ZHPDiag v1.25.1343 <-- Texto! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 Rapport de ZHPDiag v1.25.1347 par Nicolas Coolman Run by User at 06/04/2010 11:36:09 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 ---\\ System Information Platform : Windows 7 Ultimate (6.1.7600) Processor: x86 Family 15 Model 67 Stepping 3, AuthenticAMD Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (67% free) System drive C: has 19 GB (39%) free of 49 GB ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 19 Go of 49 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 47 Go of 100 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) F:\ CD-ROM drive (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK ---\\ Processus lancés [MD5.E43A851F7B12DE589424D6C656155CFC] - (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712] [MD5.8112D0DACAE746290FC87B3A980FA719] - (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [153136] [MD5.60E91D2BCC467842B478E8F3A5BF7C16] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [1836328] [MD5.E22AD1580972342A2A25B51B5EEEA1D1] - (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [2757512] [MD5.8784E77637323A535D26F566979EDC71] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe [762208] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040] [MD5.DEBF453A1DCF37AB8922AE7CD3FBCB74] - (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3883840] [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=explorer.exe ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 ---\\ Internet Explorer URLSearchHook (R3) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navegador da Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} . (.Headlight Software, Inc. - GetRight's IE & NS Click Monitoring. www.g.) -- C:\Program Files\GetRight\xx2gr.dll O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - SBSD IE Protection.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [AdobeCS4ServiceManager] . (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe O4 - HKLM\..\Run: [avast5] . (.ALWIL Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Download with GetRight . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\GetRight\GRbrowse.htm ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r45.) -- C:\Windows\system32\Macromed\Flash\Flash10e.ocx ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) O42 - Logiciel: Adobe Anchor Service CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Bridge CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe CMaps CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe CSI CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Color - Photoshop Specific CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Color EU Extra Settings CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Color JA Extra Settings CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Color NA Recommended Settings CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Color Video Profiles CS CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Default Language CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Device Central CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Drive CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe ExtendScript Toolkit CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Extension Manager CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Fonts All - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Linguistics CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Media Player - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Output Module - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe PDF Library Files CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Photoshop CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Photoshop CS4 Support - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Search for Help - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Service Manager Extension - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Setup - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Type Support CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe Update Manager CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe WinSoft Linguistics Plugin - (.Adobe Systems Incorporated.) O42 - Logiciel: Adobe XMP Panels CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: AdobeColorCommonSetCMYK - (.Adobe Systems Incorporated.) O42 - Logiciel: AdobeColorCommonSetRGB - (.Adobe Systems Incorporated.) O42 - Logiciel: Arquivo do WinRAR - (.Pas de propriétaire.) O42 - Logiciel: Assistente de Conexão do Windows Live - (.Microsoft Corporation.) O42 - Logiciel: Connect - (.Adobe Systems Incorporated.) O42 - Logiciel: DVD Shrink 3.2 - (.DVD Shrink.) O42 - Logiciel: DirectVobSub (remove only) - (.Pas de propriétaire.) O42 - Logiciel: EA Download Manager UI - (.Electronic Arts.) O42 - Logiciel: Ferramenta de Carregamento do Windows Live - (.Microsoft Corporation.) O42 - Logiciel: Foxit Reader - (.Pas de propriétaire.) O42 - Logiciel: Garena 2010 - (.Garena Online Pte Ltd..) O42 - Logiciel: Gerenciador de Downloads da EA - (.Electronic Arts, Inc..) O42 - Logiciel: GetRight - (.Headlight Software, Inc..) O42 - Logiciel: Java 6 Update 18 - (.Sun Microsystems, Inc..) O42 - Logiciel: LoudMo Contextual Ad Assistant - (.Pas de propriétaire.) O42 - Logiciel: Lunia - (.Pas de propriétaire.) O42 - Logiciel: MSVCRT - (.Microsoft.) O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) O42 - Logiciel: MV RegClean 5.0 - (.Pas de propriétaire.) O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) O42 - Logiciel: Microsoft Corporation - (.Microsoft Corporation.) O42 - Logiciel: Microsoft Office Professional Edição 2003 - (.Microsoft Corporation.) O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) O42 - Logiciel: Microsoft WSE 3.0 Runtime - (.Microsoft Corp..) O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) O42 - Logiciel: Nero 8 - (.Nero AG.) O42 - Logiciel: PDF Settings CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) O42 - Logiciel: Photoshop Camera Raw - (.Adobe Systems Incorporated.) O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) O42 - Logiciel: Suite Shared Configuration CS4 - (.Adobe Systems Incorporated.) O42 - Logiciel: TeamSpeak 2 RC2 - (.Dominating Bytes Design.) O42 - Logiciel: The Sims™ 3 - (.Electronic Arts.) O42 - Logiciel: The Sims™ 3 Volta ao Mundo - (.Electronic Arts.) O42 - Logiciel: USB Dual Vibration Joystick - (.GASIA.) O42 - Logiciel: VCRedistSetup - (.Nero AG.) O42 - Logiciel: VDownloader 1.12 - (.Enrique Puertas.) O42 - Logiciel: Winamp - (.Nullsoft, Inc.) O42 - Logiciel: Winamp: Detectar Aplicação - (.Nullsoft, Inc.) O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) O42 - Logiciel: Windows Live OneCare safety scanner - (.Microsoft Corporation.) O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) O42 - Logiciel: kuler - (.Adobe Systems Incorporated.) O42 - Logiciel: neroxml - (.Nero AG.) O42 - Logiciel: µTorrent - (.Pas de propriétaire.) ---\\ HKCU & HKLM Software Keys [HKCU\Software\ALWIL Software] [HKCU\Software\Adobe] [HKCU\Software\Ahead] [HKCU\Software\AppDataLow] [HKCU\Software\Battle.net] [HKCU\Software\BitTorrent] [HKCU\Software\Blizzard Entertainment] [HKCU\Software\Classes] [HKCU\Software\DVD Shrink] [HKCU\Software\Electronic Arts] [HKCU\Software\Foxit Software] [HKCU\Software\Gabest] [HKCU\Software\GbPlugin] [HKCU\Software\Google] [HKCU\Software\Headlight] [HKCU\Software\IM Providers] [HKCU\Software\JavaSoft] [HKCU\Software\Licenses] [HKCU\Software\Macromedia] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Nero] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\Patchou] [HKCU\Software\Policies] [HKCU\Software\Safer Networking Limited] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKLM\Software\ALWIL Software] [HKLM\Software\ASUS] [HKLM\Software\ATI Technologies] [HKLM\Software\Adobe] [HKLM\Software\Ahead] [HKLM\Software\America Online] [HKLM\Software\Audible] [HKLM\Software\AutoHelpDesk] [HKLM\Software\CDDB] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\DirectShowFilters] [HKLM\Software\Electronic Arts] [HKLM\Software\Foxit Software] [HKLM\Software\GASIA] [HKLM\Software\Gabest] [HKLM\Software\Garena] [HKLM\Software\Google] [HKLM\Software\Headlight] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Level Up!] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\Nero] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\Patchou] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Safer Networking Limited] [HKLM\Software\Sims] [HKLM\Software\Soeperman Enterprises Ltd.] [HKLM\Software\Sonic] [HKLM\Software\TrendMicro] [HKLM\Software\VertigoGames] [HKLM\Software\Volatile] ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Adobe Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Alwil Software O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files O43 - CFD:Common File Directory ----D- C:\Program Files\DirectVobSub O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Maker O43 - CFD:Common File Directory ----D- C:\Program Files\DVD Shrink O43 - CFD:Common File Directory ----D- C:\Program Files\Electronic Arts O43 - CFD:Common File Directory ----D- C:\Program Files\Foxit Software O43 - CFD:Common File Directory ----D- C:\Program Files\Garena O43 - CFD:Common File Directory ----D- C:\Program Files\GbPlugin O43 - CFD:Common File Directory ----D- C:\Program Files\GetRight O43 - CFD:Common File Directory --H-D- C:\Program Files\InstallShield Installation Information O43 - CFD:Common File Directory ----D- C:\Program Files\Internet Explorer O43 - CFD:Common File Directory ----D- C:\Program Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Marcos Velasco Security O43 - CFD:Common File Directory ----D- C:\Program Files\Messenger Plus! Live O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Games O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Office O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Visual Studio O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft Works O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft WSE O43 - CFD:Common File Directory ----D- C:\Program Files\Microsoft.NET O43 - CFD:Common File Directory ----D- C:\Program Files\MSBuild O43 - CFD:Common File Directory ----D- C:\Program Files\MSXML 4.0 O43 - CFD:Common File Directory ----D- C:\Program Files\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\Reference Assemblies O43 - CFD:Common File Directory ----D- C:\Program Files\Spybot - Search & Destroy O43 - CFD:Common File Directory ----D- C:\Program Files\Teamspeak2_RC2 O43 - CFD:Common File Directory --H-D- C:\Program Files\Uninstall Information O43 - CFD:Common File Directory ----D- C:\Program Files\uTorrent O43 - CFD:Common File Directory ----D- C:\Program Files\VDOWNLOADER O43 - CFD:Common File Directory ----D- C:\Program Files\VID_0E8F&PID_0012 O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp O43 - CFD:Common File Directory ----D- C:\Program Files\Winamp Detect O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Defender O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Journal O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live Safety Center O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Live SkyDrive O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Mail O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Media Player O43 - CFD:Common File Directory ----D- C:\Program Files\Windows NT O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Photo Viewer O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Portable Devices O43 - CFD:Common File Directory ----D- C:\Program Files\Windows Sidebar O43 - CFD:Common File Directory ----D- C:\Program Files\WinRAR O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Adobe AIR O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\DESIGNER O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\eBay O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Java O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Macrovision Shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\microsoft shared O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Nero O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\PX Storage Engine O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Services O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\System O43 - CFD:Common File Directory ----D- C:\Program Files\Common Files\Windows Live ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.9325E7160CAAD5C87709EC4A2618AE1D] - 06/04/2010 - 08:33:00 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14016] O44 - LFC:[MD5.9325E7160CAAD5C87709EC4A2618AE1D] - 06/04/2010 - 08:33:00 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14016] O44 - LFC:[MD5.69BB7541337F6B995268C0AE62C761DB] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\PerfStringBackup.INI [1491932] O44 - LFC:[MD5.4BAB810C8FC9E2AA406FD9F6FD4E4913] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfc009.dat [103370] O44 - LFC:[MD5.45D7364AD19A34E0CA5E514C820D4A6D] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\perfh009.dat [606992] O44 - LFC:[MD5.EBBA203672725C1DDE3688D3DE9E090B] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\prfc0416.dat [124724] O44 - LFC:[MD5.B18621F32B4E25A8FEEC5A9EEBB70627] - 06/04/2010 - 08:32:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\prfh0416.dat [654272] O44 - LFC:[MD5.09F9164644235F1C132F1B4C6CA7A350] - 06/04/2010 - 08:27:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [26879] O44 - LFC:[MD5.C159444487597BC90D4B2FA01D7453E9] - 06/04/2010 - 08:27:46 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.FFC275C82998842D86C30DB6470B3BDA] - 27/03/2010 - 03:11:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\C_B-SLemLmKu.exe [111513] O44 - LFC:[MD5.4585780A8EB71D86DF64553B34BA8F79] - 22/03/2010 - 21:19:20 ---A- . (.Microsoft Corporation - Lernout & Hauspie Codecs.) -- C:\Windows\System32\lhacm.acm [34064] O44 - LFC:[MD5.44BE46050DADC76A9BA1FC2D8F063EB0] - 22/03/2010 - 09:21:58 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\tt-_8t9_v_B.dll [1122304] O44 - LFC:[MD5.775C9F6DC67871B3332DFFEB25AFBC47] - 16/03/2010 - 12:22:07 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [540164] O44 - LFC:[MD5.96D82B7F493C5F30DFA05FF61B44B5A5] - 16/03/2010 - 11:40:18 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\PatchLog.txt [12224] ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command. (.Electronic Arts - Autorun Application.) -- F:\Autorun.exe ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\system32\vp6vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.6D7F09CD92A9FEF3A8EFCE66231FDD79] - 14/08/2008 - 06:57:42 ---A- . (.Adobe Systems, Inc. - Adobe Drive File System Driver.) -- C:\Windows\system32\drivers\adfs.sys O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 13/07/2009 - 22:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 13/07/2009 - 22:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys O58 - SDL:[MD5.2101A86C25C154F8314B24EF49D7FBC2] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 13/07/2009 - 22:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys O58 - SDL:[MD5.B81C2B5616F6420A9941EA093A92B150] - 13/07/2009 - 22:26:15 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 08:56:20 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys O58 - SDL:[MD5.48F78E2A3C14C6650D520A5EEF014965] - 28/01/2010 - 18:54:05 ---A- . (.ALWIL Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys O58 - SDL:[MD5.233731BE626965722E6C686EB336C2ED] - 28/01/2010 - 18:54:27 ---A- . (.ALWIL Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys O58 - SDL:[MD5.EA9E4EF3F81E3EDDFACC9348AF2991D0] - 28/01/2010 - 18:54:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys O58 - SDL:[MD5.78627992C6CAF344B318B16533B075E0] - 28/01/2010 - 18:57:34 ---A- . (.ALWIL Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys O58 - SDL:[MD5.B7DD2D1ACB6EF82FD7B8EEE947D1753B] - 28/01/2010 - 18:57:55 ---A- . (.ALWIL Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 19:02:49 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60x.sys O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 19:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 13/07/2009 - 21:57:25 ---A- . (.Brother Industries Ltd. - Brother Serial I/F Driver (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 19:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 19:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 13/07/2009 - 22:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 13/07/2009 - 22:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 19:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys O58 - SDL:[MD5.AACCCBA11D23B5AF02DD8B2EB3C4427C] - 18/02/2010 - 10:20:44 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\system32\drivers\gbpkm.sys O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 13/07/2009 - 22:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys O58 - SDL:[MD5.934AF4D7C5F457B9F0743F4299B77B67] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 13/07/2009 - 22:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 13/07/2009 - 22:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 13/07/2009 - 22:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 13/07/2009 - 22:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys O58 - SDL:[MD5.8B75F652726A2BA3197860F300514E3F] - 27/09/2009 - 22:12:22 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 191.07.) -- C:\Windows\system32\drivers\nvlddmkm.sys O58 - SDL:[MD5.B5E37E31C053BC9950455A257526514B] - 13/07/2009 - 19:02:52 ---A- . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvm62x32.sys O58 - SDL:[MD5.3F3D04B1D08D43C16EA7963954EC768D] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys O58 - SDL:[MD5.C99F251A5DE63C6F129CF71933ACED0F] - 13/07/2009 - 22:20:44 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 13/07/2009 - 22:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 17:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 13/07/2009 - 22:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 13/07/2009 - 22:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 13/07/2009 - 22:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\ANSI.SYS O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\country.sys O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\HIMEM.SYS O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEY01.SYS O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\KEYBOARD.SYS O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS.SYS O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS404.SYS O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS411.SYS O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS412.SYS O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTDOS804.SYS O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO.SYS O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO404.SYS O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO411.SYS O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO412.SYS O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\NTIO804.SYS ---\\ Alternate Data Stream File (ADS) (O62) O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\config\ O62 - ADS:Alternate Data Stream File - C:\Windows\System32\drivers\:GbpKmAp.lst O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\FxsTmp\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\ias\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Msdtc\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\NetworkList\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Tasks\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wdi\ O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wfp\ O62 - ADS:Alternate Data Stream File - C:\Windows\System32\Drivers\:GbpKmAp.lst ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=10005 (MsiInstaller) - (.Pas de propriétaire - Pas de description.) -- C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD- (.not file.) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Iniciador do snap-in de 'Visualizar eventos'.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\Windows\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe End of the scan (488 lines in 00mn 15s) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Boa Tarde! nando_xd <!> Leia: < Como funciona o modo protegido do Internet Explorer? > 00000000000000000000 00000000000000000000 <@> Abra a ferramenta "ZHPDiag". <@> Clique no menu "ZHPFix" < > --> OK. <@> Selecione a(s) linha(s) que está(ão) no Quote,marcando a(s) caixinha(s). ( Space ) O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O66 - EventLog: ID=10005 (MsiInstaller) - (.Pas de propriétaire - Pas de description.) -- C:\Windows\Installer\{F9FD80CE-0448-4D4F-8BCD- (.not file.) <@> Á seguir,clique em "Nettoyer" --> Aguarde! <@> Ps: Selecione e copie,esta tela,para o Bloco de Notas. <@> Poste seu conteúdo: Rapport de suppression .. <-- Texto! 00000000000000000000 00000000000000000000 <@> Faça um escaneamento,online,em: '>http://www.eset.com/onlinescan/index.php"] <@> Ps: Utilize o navegador Internet Explorer. <@> Clique em: < > <@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. <@> Marque a caixa: "YES, I accept the Terms of Use" --> Start. <@> Aceite a instalação do ActiveX --> Dê início ao scan. <@> Concluindo,poste o relatório: C:\Program Files\EsetOnlineScanner\log.txt Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 DigRam, quando seleciono as linhas indicadas e clico em "Nettoyer" aparece a seguinte mensagem: "Erreur système. Code: 740. A operação solicitada requer elevação." E depois fica como se tivesse carregando... uma ampulhetinha sabe... Isso é normal ? sigo para o próximo passo que tu indicou ? ou aconteceu de fato algum erro ? :ermm: Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 DigRam, quando seleciono as linhas indicadas e clico em "Nettoyer" aparece a seguinte mensagem: "Erreur système. Code: 740. A operação solicitada requer elevação." E depois fica como se tivesse carregando... uma ampulhetinha sabe... Isso é normal ? sigo para o próximo passo que tu indicou ? ou aconteceu de fato algum erro ? :ermm: ////////////\\\\\\\\\\\\\ Opa! nando_xd <!> A operação foi executada,estando como Administrador? <-- Importante! <!> Se for o caso,tente em Modo Seguro. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 Sim DigRam, foi executada a ação na conta do Administrador. se persistir o erro, entro no windows com modo de segurança e tento executar... ? seria isso ? :huh: 0000000000000000 Sim! É isso mesmo. Ps: Desabilite,também,o TeaTimer no Spybot. 0000000000000000 DigRam Certo DigRam, como estava no Administrador mesmo... e não funcionou, reiniciei meu computador, entrei como modo de segurança e segue abaixo o LOG do ZHPDiag, que você pediu... após selecionar as linhas e clicar em "Nettoyer": ZHPFix v1.12.3081 by Nicolas Coolman - Rapport de suppression du 06/04/2010 12:58:12 Fichier d'export Registre : D:\ZHPExportRegistry-06-04-2010-12-58-12.txt Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Processus mémoire : (Néant) Module mémoire : (Néant) Clé du Registre : O2 - BHO: everyflv - {3832b8d1-b76a-373b-48f2-908cf91506bf} . (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\tt-_8t9_v_B.dll => Clé supprimée avec succès O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Clé supprimée avec succès O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} . (.not file.) - (.not file.) => Clé absente Valeur du Registre : O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. => Valeur supprimée avec succès Elément de données du Registre : (Néant) Dossier : (Néant) Fichier : c:\windows\system32\tt-_8t9_v_b.dll => Fichier supprimé au reboot c:\windows\installer\{f9fd80ce-0448-4d4f-8bcd- => Fichier absent Logiciel : (Néant) Script Registre : (Néant) Autre : (Néant) Récapitulatif : Processus mémoire : 0 Module mémoire : 0 Clé du Registre : 3 Valeur du Registre : 1 Elément de données du Registre : 0 Dossier : 0 Fichier : 2 Logiciel : 0 Autre : 0 End of the scan Agora estou fazendo o 2º passo que tu falou... aquele escaneamento ON-LINE... após acabar aqui o escaneamento tenho de postar novamente o resultado do mesmo né ?! :) 000000000000000 Sim! 000000000000000 DigRam Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 DigRam, sigo as instruções passadas por ti para fazer a tal verificação ON-LINE, e quando abre uma nova janelinha para marcar a caixa "YES, I accept the Terms of Use" e clico em "START" ele abre aquela janela com as opções "REPETIR" ou "CANCELAR" como se eu tivesse atualizado a página... além do que demora um tempão para aparecer o comando ActiveX, e quando clico pra aceitar a instalação do ActiveX e dar início ao scan... ele atualiza a página e volta a estaca zero. O que pode estar acontecendo ?? Obrigado por sua atenção. Luiz =] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 DigRam, sigo as instruções passadas por ti para fazer a tal verificação ON-LINE, e quando abre uma nova janelinha para marcar a caixa "YES, I accept the Terms of Use" e clico em "START" ele abre aquela janela com as opções "REPETIR" ou "CANCELAR" como se eu tivesse atualizado a página... além do que demora um tempão para aparecer o comando ActiveX, e quando clico pra aceitar a instalação do ActiveX e dar início ao scan... ele atualiza a página e volta a estaca zero. O que pode estar acontecendo ?? Obrigado por sua atenção. Luiz =] /////////////\\\\\\\\\\\\\ Opa! nando_xd <!> Desabilite a proteção residente,no Avast...e tente novamente. <!> Ps: Utlize o navegador Internet Explorer. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 DigRam, desabilitei o Avast!, e sim, estou usando o Internet Explorer, e quando aparece a mensagem no topo da página para eu aceitar a instalação do ActiveX, eu clico, aceito a instalação e mesmo com o Avast! desabilitado ele atualiza a página... e continua voltando a estaca zero "/ O que mais poderia ser ? õ.Ô Obrigado. ___________________________________________________________________________________ Ah ! LoL depois de 1000 tentativas agora funcionou :D 0000000000000000000 <!> Já era sem tempo! rsr.. 0000000000000000000 DigRam Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 Depois que terminou o Scan no arquivo de texto "Log" na pasta "C:\Program Files\ESET\ESET Online Scanner" , ficou assim escrito: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Eu fiz o escaneamento e ficou só isso... está correto ou devo fazer o escaneamento novamente ? :huh: ____________________________________________________________________________________________ A propósito agora notei que na pasta "C:\Program Files\ESET\ESET Online Scanner" , tinha um arquivo chamado "ESETSmartInstaller", instalo ele e faço o escaneamento pelo mesmo ? ou faço o escaneamento por aquela janelinha que abre quando eu clico em "ESET ONLINE SCANNER" ? Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 6, 2010 Depois que terminou o Scan no arquivo de texto "Log" na pasta "C:\Program Files\ESET\ESET Online Scanner" , ficou assim escrito: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK Eu fiz o escaneamento e ficou só isso... está correto ou devo fazer o escaneamento novamente ? :huh: ____________________________________________________________________________________________ A propósito agora notei que na pasta "C:\Program Files\ESET\ESET Online Scanner" , tinha um arquivo chamado "ESETSmartInstaller", instalo ele e faço o escaneamento pelo mesmo ? ou faço o escaneamento por aquela janelinha que abre quando eu clico em "ESET ONLINE SCANNER" ? /////////////\\\\\\\\\\\\\ Opa! nando_xd <!> Não! Faça por este: Kaspersky <-- 000000000000000000000 000000000000000000000 <@> Acesse: < Kaspersky Online Scanner > <@> Clique em Accept. <@> Na janela "Segurança do Java",clique em Aceitar. <@> Aguarde a atualização do banco de dados. ( Update em 100% ) <@> Ps: Desabilite seu antivírus ou firewall. <@> Dê início ao scan,clicando em "My Computer",dentre outras opções. <@> Ps: Para um escaneamento mais rápido,escolha: "Critical areas" <@> Terminando,obtenha o relatório clicando em "View report". <@> Poste-o na sua resposta. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 Você tinha me dito para fazer o escaneamento pelo ESET... então esqueço tudo ... e faço por esse Kaspersky e re-posto o resultado ? O que me aconselhas ? a fazer o escaneamento normal ou o que é mais rápido ? 0000000000000000 <!> O normal,é mais completo,demandando várias horas de escaneamento. Fica,portanto,à seu critério sua utilização! 0000000000000000 DigRam Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 6, 2010 Ok, obrigado Dig, vou fazer o escaneamento e volto a postar para que possamos resolver meu problema. Obrigado desde já... por sua atenção e dedicar seu tempo a ajudar as pessoas. Abração cara. Obrigado, de verdade. ^_^ DigRam, como indicado... aqui seguem as SS's do resultado do escaneamento geral pelo Kaspersky: Qual seria o próximo passo agora ? =x Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2010 Boa Noite! nando_xd <!> Ps: As detecções em Kaspersky,não foram críticas...mas terão que ser removidas. 000000000000000000 000000000000000000 <@> Baixe: < > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Segundo a imagem,mude a opção em "Output" para "Minimal Output". <@> Duplo-clique em OTL.exe --> Marque a opção "Scan All Users". <@> Marque as caixas: <!> [] LOP check e [] Purity check <@> Clique em: < > --> Aguarde! <@> Poste: OTL.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 7, 2010 Segue abaixo OTL.txt: OTL logfile created on: 06/04/2010 22:57:15 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = C:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 18,49 Gb Free Space | 37,93% Space Free | Partition Type: NTFS Drive D: | 99,90 Gb Total Space | 55,30 Gb Free Space | 55,36% Space Free | Partition Type: NTFS Drive E: | 325,00 Mb Total Space | 72,97 Mb Free Space | 22,45% Space Free | Partition Type: NTFS Drive F: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded Drive H: | 1,94 Gb Total Space | 1,38 Gb Free Space | 71,11% Space Free | Partition Type: FAT32 I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - D:\utorrent.exe (BitTorrent, Inc.) PRC - C:\PROGRA~1\GbPlugin\GbpSv.exe ( ) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - c:\program files\windows defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\GetRight\GETRIGHT.EXE (Headlight Software, Inc.) ========== Modules (SafeList) ========== MOD - C:\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GbpSv) -- C:\PROGRA~1\GbPlugin\GbpSv.exe ( ) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) Instalador do ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV - (GarenaPEngine) -- C:\Users\User\AppData\Local\Temp\JMBB693.tmp () DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/02/09 11:06:31 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm () O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009/09/21 16:58:33 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/04/06 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real [2010/04/06 20:17:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/04/06 20:17:53 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2010/04/06 20:17:53 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2010/04/06 20:17:53 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2010/04/06 20:17:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2010/04/06 20:17:49 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010/04/06 20:17:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2010/04/06 20:17:48 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll [2010/04/06 20:17:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll [2010/04/06 20:17:45 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp71.dll [2010/04/06 20:17:45 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr71.dll [2010/04/06 20:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010/03/24 21:38:49 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads [2010/03/24 21:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2010/03/24 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\uTorrent [2010/03/24 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2010/03/23 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak2_RC2 [2010/03/22 21:19:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\teamspeak2 [2010/03/22 21:19:20 | 000,034,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm [2010/03/08 11:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/03/02 13:50:49 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll ========== Files - Modified Within 30 Days ========== [2010/04/06 22:59:37 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT [2010/04/06 20:29:00 | 000,004,608 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/06 20:17:28 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/04/06 20:17:28 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/04/06 20:17:28 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/04/06 20:17:28 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/04/06 20:17:28 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/04/06 13:04:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/04/06 13:04:53 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/04/06 12:59:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/04/06 12:59:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/04/06 12:59:35 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2010/03/27 03:11:31 | 000,111,513 | ---- | M] () -- C:\Windows\System32\C_B-SLemLmKu.exe [2010/03/22 21:19:20 | 000,034,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lhacm.acm [2010/03/22 09:21:58 | 001,122,304 | ---- | M] () -- C:\Windows\System32\tt-_8t9_v_B.dll [2010/03/14 15:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/03/14 15:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll [2010/03/14 15:00:00 | 000,085,504 | ---- | M] () -- C:\Windows\System32\ff_vfw.dll [2010/03/14 15:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll [2010/03/14 15:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll [2010/03/14 15:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini ========== Files Created - No Company Name ========== [2010/04/06 20:18:36 | 000,004,608 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/06 20:17:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/04/06 20:17:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/04/06 20:17:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2010/04/06 20:17:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010/04/06 20:17:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/04/06 20:17:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/04/06 20:17:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/04/06 20:17:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010/03/27 03:11:31 | 000,111,513 | ---- | C] () -- C:\Windows\System32\C_B-SLemLmKu.exe [2010/03/22 09:21:58 | 001,122,304 | ---- | C] () -- C:\Windows\System32\tt-_8t9_v_B.dll [2010/02/04 07:22:42 | 000,001,240 | RHS- | C] () -- C:\Users\User\ntuser.pol [2010/02/03 14:48:37 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010/02/03 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini [2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/02/03 12:58:14 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/02/03 12:58:13 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1 [2010/02/03 12:58:13 | 000,000,000 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2 [2010/02/03 12:58:12 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT [2009/07/24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2010/02/03 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit [2010/04/06 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRight [2010/04/06 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent [2009/07/14 01:53:46 | 000,021,196 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:D8655249_Bb.gbp < End of report > ^_^ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Abril 7, 2010 Bom Dia! nando_xd <@> Execute o OTL.exe. <@> Copie estas informações que estão no Quote,para o campo clipboard da ferramenta. ( Custom Scans/Fixes ) :filesC:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 :otl O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found :Commands [purity] [emptytemp] [Reboot] <@> Clique no botão Run Fix --> Aguarde a conclusão! <@> Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste! 00000000000000000000000 00000000000000000000000 <@> Baixe: < > ( ...by EmsiSoft ) <@> Salve-o em Arquivos de programas. <@> Abra o programa e clique em: Atualizar agora --> Aguarde! <@> Terminando,clique em: "Scan PC" <@> Nas "Configurações da análise",deixe da seguinte forma: Scan type: deepObjetos: Memória, Rastros, Cookies, C:\, D:\ Análise de arquivos: Ligado Heurística: Desligado <-- Importante! Análise de ADS: Ligado <@> Escolha a opção: "A fundo" --> Clique,à seguir,em "Analisar". <@> Terminando,marque as caixinhas dos ítens encontrados e clique em "Enviar marcados à Quarentena". <@> Salve e poste o relatório desta verificação. ( a2scan_xxyy10-xxxxxx.txt ) <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 7, 2010 Após a verificação rápida segue abaixo o diagnóstico : OTL logfile created on: 07/04/2010 09:13:39 - Run 1 OTL by OldTimer - Version 3.2.1.0 Folder = D:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,73 Gb Total Space | 19,18 Gb Free Space | 39,35% Space Free | Partition Type: NTFS Drive D: | 99,90 Gb Total Space | 55,23 Gb Free Space | 55,28% Space Free | Partition Type: NTFS Drive E: | 325,00 Mb Total Space | 72,97 Mb Free Space | 22,45% Space Free | Partition Type: NTFS Drive F: | 5,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-PC Current User Name: User Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe PRC - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) -- C:\PROGRA~1\GbPlugin\GbpSv.exe PRC - [2010/01/28 19:09:31 | 002,757,512 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/24 14:05:24 | 000,762,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2010/04/07 09:05:14 | 000,561,664 | ---- | M] (OldTimer Tools) -- D:\OTL.exe MOD - [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009/07/13 22:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010/02/18 10:20:12 | 000,054,048 | ---- | M] ( ) [unknown | Running] -- C:\PROGRA~1\GbPlugin\GbpSv.exe -- (GbpSv) SRV - [2010/02/03 14:56:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010/01/28 19:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV) SRV - [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/02/09 11:06:31 | 000,000,856 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (IE to GetRight Helper) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm () O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm () O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Sites confiáveis) O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Sites confiáveis) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Program Files\GbPlugin\gbieh.dll (Banco do Brasil) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll (Banco do Brasil) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2009/09/21 16:58:33 | 000,000,049 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{01d68b2b-10db-11df-9bc1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009/10/14 05:23:09 | 000,054,544 | R--- | M] (Electronic Arts) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 14 Days ========== [2010/04/07 09:01:20 | 000,000,000 | ---D | C] -- C:\_OTL [2010/04/06 22:51:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Real [2010/04/06 20:17:53 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/04/06 20:17:49 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\Windows\System32\lameACM.acm [2010/04/06 20:17:49 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010/04/06 20:17:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\System32\ac3acm.acm [2010/04/06 20:17:48 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll [2010/04/06 20:17:48 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll [2010/04/06 20:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack [2010/03/24 21:38:49 | 000,000,000 | R--D | C] -- C:\Users\User\Downloads [2010/03/24 21:36:23 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2010/03/24 21:33:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\uTorrent [2010/03/24 21:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\DirectVobSub [2010/03/02 13:50:49 | 001,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll ========== Files - Modified Within 14 Days ========== [2010/04/07 09:15:20 | 002,621,440 | -HS- | M] () -- C:\Users\User\NTUSER.DAT [2010/04/07 09:08:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/04/07 09:08:09 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/04/07 09:07:18 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/04/07 09:07:18 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/04/07 09:07:18 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/04/07 09:07:18 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/04/07 09:07:18 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/04/07 09:03:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/04/07 09:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/04/07 09:02:51 | 2415,370,240 | -HS- | M] () -- C:\hiberfil.sys [2010/03/27 03:11:31 | 000,111,513 | ---- | M] () -- C:\Windows\System32\C_B-SLemLmKu.exe ========== Files Created - No Company Name ========== [2010/04/06 20:17:52 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010/04/06 20:17:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/04/06 20:17:49 | 000,000,414 | ---- | C] () -- C:\Windows\System32\lame_acm.xml [2010/04/06 20:17:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2010/04/06 20:17:48 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010/04/06 20:17:48 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010/04/06 20:17:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010/04/06 20:17:46 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010/03/27 03:11:31 | 000,111,513 | ---- | C] () -- C:\Windows\System32\C_B-SLemLmKu.exe [2010/03/22 09:21:58 | 001,122,304 | ---- | C] () -- C:\Windows\System32\tt-_8t9_v_B.dll [2010/02/04 07:22:42 | 000,001,240 | RHS- | C] () -- C:\Users\User\ntuser.pol [2010/02/03 14:48:37 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010/02/03 12:58:15 | 000,000,020 | -HS- | C] () -- C:\Users\User\ntuser.ini [2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/02/03 12:58:14 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/02/03 12:58:14 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/02/03 12:58:13 | 000,262,144 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG1 [2010/02/03 12:58:13 | 000,000,000 | -HS- | C] () -- C:\Users\User\ntuser.dat.LOG2 [2010/02/03 12:58:12 | 002,621,440 | -HS- | C] () -- C:\Users\User\NTUSER.DAT [2009/07/24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2010/02/03 15:04:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit [2010/04/07 08:58:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRight [2010/04/07 09:01:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent [2009/07/14 01:53:46 | 000,021,444 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < :files > < C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini > < C:\Users\User\AppData\Local\Temp\update_flash11.0.4b.exe > < C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 > < C:\Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 > < :otl > < O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found > < O4 - HKU\S-1-5-21-2689009215-47470672-3141352987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found > < O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found > Invalid Switch: pagefile) - File not found < O34 - HKLM BootExecute: (autocheck autochk *) - File not found > < :Commands > < [purity] > < [emptytemp] > < [Reboot] > ========== Alternate Data Streams ========== @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\Windows\System32:D8655249_Bb.gbp < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 7, 2010 Segue abaixo o relatório do a-squared : a-squared Free - Versão 4.5 Última atualização 07/04/2010 10:59:27 Configurações da análise: Scan type: deep Objetos: Memória, Rastros, Cookies, C:\, D:\, E:\ Análise de arquivos: Ligado Heurística: Desligado Análise de ADS: Ligado Início da análise: 07/04/2010 11:00:23 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@casalemedia[2].txt detectado: Trace.TrackingCookie.casalemedia!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt detectado: Trace.TrackingCookie.doubleclick!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@google.com[2].txt detectado: Trace.TrackingCookie.google.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@google.com[3].txt detectado: Trace.TrackingCookie.google.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ig.com[1].txt detectado: Trace.TrackingCookie.ig.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@realmedia.com[1].txt detectado: Trace.TrackingCookie.realmedia.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revenue[2].txt detectado: Trace.TrackingCookie.revenue!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[1].txt detectado: Trace.TrackingCookie.specificclick!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@statcounter[1].txt detectado: Trace.TrackingCookie.statcounter!A2 C:\Program Files\Common Files\eBay\eBayLauncher.exe detectado: Trojan.Win32.Click.Yabector!A2 C:\Windows\System32\tt-_8t9_v_B.dll detectado: Riskware.AdWare.Win32.EZula!IK C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\Local\Temp\update_flash11.0.4b.exe detectado: Trojan.Win32.Vilsel!IK C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 detectado: Trojan.Win32.Vilsel!IK C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 detectado: Trojan.Win32.Vilsel!IK Analisado Arquivos: 236890 Objetos: 573567 Cookies: 120 Processos: 42 Encontrado Arquivos: 5 Objetos: 0 Cookies: 9 Processos: 0 Chaves do registro: 0 Fim da análise: 07/04/2010 11:53:23 Duração da análise: 0:53:00 C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\Local\Temp\update_flash11.0.4b.exe Em quarentena Trojan.Win32.Vilsel!IK C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-11c7e785 Em quarentena Trojan.Win32.Vilsel!IK C:\_OTL\MovedFiles\04072010_090120\C_Users\User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ef55d27-55e52651 Em quarentena Trojan.Win32.Vilsel!IK C:\Windows\System32\tt-_8t9_v_B.dll Em quarentena Riskware.AdWare.Win32.EZula!IK C:\Program Files\Common Files\eBay\eBayLauncher.exe Em quarentena Trojan.Win32.Click.Yabector!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@statcounter[1].txt Em quarentena Trace.TrackingCookie.statcounter!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@specificclick[1].txt Em quarentena Trace.TrackingCookie.specificclick!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@revenue[2].txt Em quarentena Trace.TrackingCookie.revenue!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@ig.com[1].txt Em quarentena Trace.TrackingCookie.ig.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@google.com[2].txt Em quarentena Trace.TrackingCookie.google.com!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@doubleclick[1].txt Em quarentena Trace.TrackingCookie.doubleclick!A2 C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\user@casalemedia[2].txt Em quarentena Trace.TrackingCookie.casalemedia!A2 Em quarentena Arquivos: 5 Objetos: 0 Cookies: 12 Compartilhar este post Link para o post Compartilhar em outros sites
nando_xd 0 Denunciar post Postado Abril 7, 2010 PS: tentei mover todos os objetos que apareceram, marquei todas as caixinhas e cliquei em mover para quarentena... mas ficaram 2 que dizem o seguinte quando tento enviar para quarentena: "C:\Users\User\AppData\Roaming\Microsoft\Windows cannot be deleted! Please remove the write protection" E ficam ali, não vão para quarentena, continuam ali marcados no diagnóstico. :huh: Compartilhar este post Link para o post Compartilhar em outros sites
