lBlink 0 Denunciar post Postado Abril 25, 2010 Olá Boa noite, A alguns dias estou com um problema aqui em casa, e ja tentei de tudo e não resolveu, não sei mais o que fazer. Alguns sites que entro frequentemente entro simplismente não abrem, ou abrem uma ou 2 páginas e logo depois da a mensagem de falha no carregamento, sites como www.ikariam.com.br, www.mercadolivre.com.br creio que a unica opção seja algum malware que o antivírus não conseguiu identificar. Lembrando que consigo logar com minhas contas normalmente em outros computadores, somente em casa onde mais preciso que não =/ Ja entrei em contato com meu provedor de internet e ele diz que se amaioria dos sites estão abrindo e a velocidade de conexão esta normal o problema não é com eles >< Segue o log do Hijackthis: C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe C:\Users\Blink\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.13.229.214:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor\OscarEditor.exe" Minimum O4 - HKCU\..\Run: [HDDtemp4] C:\Program Files (x86)\BinarySense\HDDTemp4\\hddtemp4 /minimized O4 - HKCU\..\Run: [Appget2] C:\Program Files (x86)\Appget\Appget.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: HDD & SSD access service - BinarySense Ltd. - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10187 bytes Agradeço a ajuda desde ja. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 26, 2010 Bom dia IBlink.... Já verificou nas opções da internet o bloqueio de cookies está desativado? *Baixe o MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Compartilhar este post Link para o post Compartilhar em outros sites
lBlink 0 Denunciar post Postado Abril 28, 2010 Bom dia IBlink.... Já verificou nas opções da internet o bloqueio de cookies está desativado? *Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-malware e salve-o no desktop *Instale o programa *Se alguma atualização existir,o download será automático. Aguarde... *O programa será aberto automaticamente. *Na aba [Verificação], selecione a opção [Verificação completa] *Clique em [Verificar] e selecione as unidades a serem examinadas *Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados] *Clique em [Remover Selecionados] *Um relatório (mbam-log-ano-mês-data.txt) será apresentado. *Cole-o na sua próxima resposta Eu não uso o internet explorer, não sei ver esse bloqueio de Cookies pq não achei a opção no firefox. Porém no internet explorer o nivel ta como médio, porem ja colokei como baixo, e ja coloquei os sites que não entram nas exceções mas continuou a mesma. Segue o log do Malwarebytes: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Versão da Base de Dados: 4041 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 28/04/2010 03:41:54 mbam-log-2010-04-28 (03-41-54).txt Tipo de Verificação: Verificação Completa (B:\|C:\|) Objetos escaneados: 423462 Tempo decorrido: 1 hora(s), 7 minuto(s), 18 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 4 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Program Files (x86)\CyberScript32\msnmirc\dll\nHTMLn.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Blink\Desktop\Nova pasta (2)\CRAQUEADOR\GERADOR DE SERIAL\Keygen 1.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. C:\Users\Blink\Desktop\Nova pasta (2)\CRAQUEADOR\GERADOR DE SERIAL\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. ---- Agradeço a atençao. Perdão pelo Double post, mas não consigo editar o post anterior: Executei tb algumas ações que geralmente são necessárias, e postarei o log aki. Conteúdo do hosts: # Copyright © 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost ---------------------- Tentei rodar o RSIT mas ele deu o seguinte erro quando chega na parte Listing services and drivers: segue o logue do RSIT gerado: Logfile of random's system information tool 1.06 (written by random/random) Run by Blink at 2010-04-28 04:53:44 Microsoft Windows 7 Ultimate System drive C: has 63 GB (41%) free of 152 GB Total RAM: 4094 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:53:48, on 28/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Blink\Desktop\RSIT.exe C:\Users\Blink\Downloads\Blink.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.13.229.214:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: setup_9.0.0.722_14.01.2010_15-35.lnk = Blink\Desktop\Foxx\setup_9.0.0.722_14.01.2010_15-35\startup.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9722 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-10-20 68112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}] FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-10-20 268816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-12-11 98304] "ATICustomerCare"=C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [2009-06-14 307200] "Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] "AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340456] "AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712] "Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "Adobe_ID0ENQBO"=C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840] C:\Users\Blink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup setup_9.0.0.722_14.01.2010_15-35.lnk - C:\Users\Blink\Desktop\Foxx\setup_9.0.0.722_14.01.2010_15-35\startup.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "LogonHoursAction"=2 "DontDisplayLogonHoursWarnings"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"= "NoActiveDesktopChanges"= "ForceActiveDesktopOn"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\application\Setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0669ae4f-1cf3-11df-84ce-806e6f6e6963}] shell\AutoRun\command - E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2836ceb3-44a1-11df-abe2-001fd0e4c12f}] shell\AutoRun\command - D:\application\Setup.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-04-28 04:49:09 ----D---- C:\rsit 2010-04-27 09:19:38 ----D---- C:\Users\Blink\AppData\Roaming\Malwarebytes 2010-04-27 09:19:29 ----D---- C:\ProgramData\Malwarebytes 2010-04-27 09:19:29 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-04-24 05:24:49 ----A---- C:\Windows\system32\mshtml.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\wininet.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\urlmon.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\mstime.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\ieframe.dll 2010-04-24 05:24:48 ----A---- C:\Windows\system32\iedkcs32.dll 2010-04-24 05:24:25 ----A---- C:\Windows\system32\psisdecd.dll 2010-04-24 05:24:25 ----A---- C:\Windows\system32\CPFilters.dll 2010-04-24 05:23:51 ----A---- C:\Windows\system32\wintrust.dll 2010-04-24 05:23:49 ----A---- C:\Windows\system32\tzres.dll 2010-04-24 05:23:22 ----A---- C:\Windows\system32\jscript.dll 2010-04-24 05:23:21 ----A---- C:\Windows\system32\vbscript.dll 2010-04-24 05:23:20 ----A---- C:\Windows\system32\setup16.exe 2010-04-24 05:23:20 ----A---- C:\Windows\system32\ntvdm64.dll 2010-04-24 05:23:19 ----A---- C:\Windows\system32\wow32.dll 2010-04-24 05:23:19 ----A---- C:\Windows\system32\user.exe 2010-04-24 05:23:19 ----A---- C:\Windows\system32\instnm.exe 2010-04-24 05:23:17 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-04-24 05:23:17 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-04-24 05:22:48 ----A---- C:\Windows\system32\cabview.dll 2010-04-24 02:11:24 ----D---- C:\ProgramData\FLEXnet 2010-04-24 00:57:36 ----D---- C:\Program Files (x86)\CCleaner 2010-04-23 16:53:50 ----D---- C:\Program Files (x86)\Electronic Arts 2010-04-23 16:53:49 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2010-04-23 16:53:48 ----A---- C:\Windows\system32\D3DX9_41.dll 2010-04-23 16:53:48 ----A---- C:\Windows\system32\d3dx10_41.dll 2010-04-23 16:53:47 ----A---- C:\Windows\system32\XAudio2_4.dll 2010-04-23 16:53:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-04-23 16:53:46 ----A---- C:\Windows\system32\xactengine3_4.dll 2010-04-23 16:53:46 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2010-04-23 16:53:45 ----A---- C:\Windows\system32\d3dx10_40.dll 2010-04-23 16:53:45 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2010-04-23 16:53:44 ----A---- C:\Windows\system32\D3DX9_40.dll 2010-04-23 16:53:43 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-04-23 16:53:43 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-04-23 16:53:43 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-04-23 16:53:42 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-04-23 16:53:41 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-04-23 16:53:41 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-04-23 16:53:40 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-04-23 16:53:39 ----A---- C:\Windows\system32\D3DX9_39.dll 2010-04-23 16:53:39 ----A---- C:\Windows\system32\d3dx10_39.dll 2010-04-23 16:53:39 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2010-04-23 16:53:38 ----A---- C:\Windows\system32\XAudio2_1.dll 2010-04-23 16:53:38 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2010-04-23 16:53:38 ----A---- C:\Windows\system32\xactengine3_1.dll 2010-04-23 16:53:38 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2010-04-23 16:53:36 ----A---- C:\Windows\system32\d3dx10_38.dll 2010-04-23 16:53:36 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2010-04-23 16:53:35 ----A---- C:\Windows\system32\XAudio2_0.dll 2010-04-23 16:53:35 ----A---- C:\Windows\system32\D3DX9_38.dll 2010-04-23 16:53:34 ----A---- C:\Windows\system32\xactengine3_0.dll 2010-04-23 16:53:34 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2010-04-23 16:53:34 ----A---- C:\Windows\system32\d3dx10_37.dll 2010-04-23 16:53:34 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2010-04-23 16:53:33 ----A---- C:\Windows\system32\xactengine2_10.dll 2010-04-23 16:53:33 ----A---- C:\Windows\system32\D3DX9_37.dll 2010-04-23 16:53:32 ----A---- C:\Windows\system32\d3dx9_36.dll 2010-04-23 16:53:32 ----A---- C:\Windows\system32\d3dx10_36.dll 2010-04-23 16:53:32 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2010-04-23 16:53:31 ----A---- C:\Windows\system32\xactengine2_9.dll 2010-04-23 16:53:31 ----A---- C:\Windows\system32\d3dx9_35.dll 2010-04-23 16:53:31 ----A---- C:\Windows\system32\d3dx10_35.dll 2010-04-23 16:53:31 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2010-04-23 16:53:30 ----A---- C:\Windows\system32\xactengine2_8.dll 2010-04-23 16:53:30 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2010-04-23 16:53:30 ----A---- C:\Windows\system32\d3dx10_34.dll 2010-04-23 16:53:29 ----A---- C:\Windows\system32\xinput1_3.dll 2010-04-23 16:53:29 ----A---- C:\Windows\system32\xactengine2_7.dll 2010-04-23 16:53:29 ----A---- C:\Windows\system32\d3dx9_34.dll 2010-04-23 16:53:29 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2010-04-23 16:53:28 ----A---- C:\Windows\system32\d3dx9_33.dll 2010-04-23 16:53:28 ----A---- C:\Windows\system32\d3dx10_33.dll 2010-04-23 16:53:28 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2010-04-23 16:53:27 ----A---- C:\Windows\system32\xactengine2_6.dll 2010-04-23 16:53:27 ----A---- C:\Windows\system32\xactengine2_5.dll 2010-04-23 16:53:27 ----A---- C:\Windows\system32\d3dx9_32.dll 2010-04-23 16:53:27 ----A---- C:\Windows\system32\d3dx10.dll 2010-04-23 16:53:26 ----A---- C:\Windows\system32\xactengine2_4.dll 2010-04-23 16:53:26 ----A---- C:\Windows\system32\x3daudio1_1.dll 2010-04-23 16:53:26 ----A---- C:\Windows\system32\d3dx9_31.dll 2010-04-23 16:53:25 ----A---- C:\Windows\system32\xinput1_2.dll 2010-04-23 16:53:25 ----A---- C:\Windows\system32\xactengine2_3.dll 2010-04-23 16:53:25 ----A---- C:\Windows\system32\xactengine2_2.dll 2010-04-23 16:53:24 ----A---- C:\Windows\system32\xinput1_1.dll 2010-04-23 16:53:23 ----A---- C:\Windows\system32\xactengine2_1.dll 2010-04-23 16:53:20 ----A---- C:\Windows\system32\d3dx9_30.dll 2010-04-23 16:53:19 ----A---- C:\Windows\system32\xactengine2_0.dll 2010-04-23 16:53:19 ----A---- C:\Windows\system32\x3daudio1_0.dll 2010-04-23 16:53:18 ----A---- C:\Windows\system32\d3dx9_29.dll 2010-04-23 16:53:18 ----A---- C:\Windows\system32\d3dx9_28.dll 2010-04-23 16:53:17 ----A---- C:\Windows\system32\d3dx9_27.dll 2010-04-23 16:53:17 ----A---- C:\Windows\system32\d3dx9_26.dll 2010-04-23 16:53:16 ----A---- C:\Windows\system32\d3dx9_25.dll 2010-04-23 16:53:15 ----A---- C:\Windows\system32\d3dx9_24.dll 2010-04-23 16:52:34 ----D---- C:\Arquivos de programas 2010-04-23 16:46:51 ----D---- C:\Windows\system32\AGEIA 2010-04-23 16:46:51 ----D---- C:\Program Files (x86)\AGEIA Technologies 2010-04-23 16:38:24 ----D---- C:\ProgramData\ALM 2010-04-23 16:31:21 ----D---- C:\Windows\system32\spool 2010-04-23 16:30:59 ----D---- C:\Program Files (x86)\Adobe Media Player 2010-04-23 16:27:11 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\traffic_analysis_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\ta_icon_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\logs 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\liquid_crystal_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\lc_history_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\images 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\icon_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\dialog 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\default_skin 2010-04-23 15:51:50 ----D---- C:\Program Files (x86)\css 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\whatsnew.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\speedsrv.dll 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\speedml_1337.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\speedml.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\spd.exe 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\settings.ini 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\readme.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\liesmich.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\license.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\install.ini 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\fileauth.txt 2010-04-23 15:51:50 ----A---- C:\Program Files (x86)\cfspdiml.txt 2010-04-23 15:51:49 ----A---- C:\Program Files (x86)\cfosspeed.exe 2010-04-12 00:58:23 ----D---- C:\Program Files (x86)\Common Files\SmartCom 2010-04-12 00:57:57 ----D---- C:\Program Files (x86)\Nokia 2010-04-11 19:58:11 ----D---- C:\Program Files (x86)\Lineage II - Gracia Final - Cópia 2010-04-08 01:55:49 ----D---- C:\Program Files (x86)\Teste servidor 2010-04-07 20:26:24 ----D---- C:\Users\Blink\AppData\Roaming\Nero 2010-04-07 20:22:44 ----D---- C:\Program Files (x86)\Nero 2010-04-07 20:22:33 ----D---- C:\ProgramData\Nero 2010-04-07 20:22:33 ----D---- C:\Program Files (x86)\Common Files\Nero 2010-04-07 19:52:13 ----D---- C:\Program Files (x86)\Lineage II - Gracia Final 2010-04-07 19:51:19 ----D---- C:\Users\Blink\AppData\Roaming\InstallShield 2010-04-06 20:56:28 ----D---- C:\Program Files (x86)\CyberScript32 2010-04-02 02:25:27 ----D---- C:\Program Files (x86)\sXe Injected 2010-03-31 20:14:39 ----D---- C:\ProgramData\GbPlugin ======List of files/folders modified in the last 1 months====== 2010-04-28 04:53:47 ----D---- C:\Windows\Temp 2010-04-28 04:49:15 ----D---- C:\Windows\Prefetch 2010-04-28 04:33:39 ----D---- C:\ProgramData\Kaspersky Lab 2010-04-28 04:18:09 ----SHD---- C:\System Volume Information 2010-04-28 03:41:54 ----RD---- C:\Program Files (x86) 2010-04-27 23:55:05 ----D---- C:\Program Files (x86)\Lineage II 2010-04-27 21:02:08 ----AD---- C:\ProgramData\TEMP 2010-04-27 20:25:06 ----D---- C:\Users\Blink\AppData\Roaming\teamspeak2 2010-04-27 09:19:30 ----D---- C:\Windows\system32\drivers 2010-04-27 09:19:29 ----HD---- C:\ProgramData 2010-04-26 09:21:52 ----D---- C:\Windows 2010-04-25 23:56:49 ----D---- C:\Users\Blink\AppData\Roaming\Adobe 2010-04-25 13:16:50 ----SHD---- C:\Windows\Installer 2010-04-25 13:16:50 ----D---- C:\Program Files (x86)\Common Files 2010-04-25 01:47:27 ----D---- C:\Windows\rescache 2010-04-24 15:28:57 ----RSD---- C:\Windows\assembly 2010-04-24 15:28:57 ----D---- C:\Windows\Microsoft.NET 2010-04-24 15:15:40 ----D---- C:\Windows\SysWOW64 2010-04-24 15:06:33 ----D---- C:\Windows\debug 2010-04-24 08:49:46 ----D---- C:\Windows\winsxs 2010-04-24 08:47:39 ----D---- C:\Windows\system32\pt-BR 2010-04-24 08:47:39 ----D---- C:\Windows\system32\en-US 2010-04-24 08:47:39 ----D---- C:\Windows\System32 2010-04-24 08:47:39 ----D---- C:\Windows\ehome 2010-04-24 08:47:39 ----D---- C:\Windows\AppPatch 2010-04-24 08:47:39 ----D---- C:\Program Files (x86)\Internet Explorer 2010-04-24 05:59:05 ----RSD---- C:\Windows\Fonts 2010-04-24 05:58:54 ----D---- C:\Program Files (x86)\Common Files\microsoft shared 2010-04-24 05:57:33 ----D---- C:\Program Files (x86)\Microsoft 2010-04-24 05:24:46 ----D---- C:\Windows\inf 2010-04-24 05:24:37 ----D---- C:\Program Files (x86)\Realtek 2010-04-24 05:24:14 ----D---- C:\Program Files (x86)\Driver Checker 2010-04-24 00:56:44 ----D---- C:\Windows\Panther 2010-04-24 00:56:44 ----D---- C:\Windows\Logs 2010-04-24 00:56:44 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-04-24 00:56:44 ----D---- C:\Program Files (x86)\csbot 2010-04-24 00:56:44 ----D---- C:\Program Files (x86)\Counter Strike 2010-04-24 00:56:43 ----D---- C:\Users\Blink\AppData\Roaming\uTorrent 2010-04-24 00:56:43 ----D---- C:\CS1.6 pod-Bot 2010-04-23 17:28:55 ----D---- C:\Program Files (x86)\Common Files\Adobe 2010-04-23 16:40:56 ----D---- C:\Program Files (x86)\Adobe 2010-04-23 16:39:58 ----RD---- C:\Program Files 2010-04-23 16:36:13 ----D---- C:\ProgramData\Adobe 2010-04-23 16:08:16 ----D---- C:\Program Files (x86)\Common Files\Steam 2010-04-22 11:17:18 ----SHD---- C:\$Recycle.Bin 2010-04-22 11:17:12 ----RD---- C:\Users 2010-04-21 17:49:32 ----SD---- C:\Users\Blink\AppData\Roaming\Microsoft 2010-04-14 13:06:54 ----A---- C:\Windows\ODBC.INI 2010-04-07 20:05:39 ----D---- C:\Temp 2010-04-07 19:52:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2010-04-06 20:44:52 ----D---- C:\Windows\Tasks 2010-04-06 20:44:51 ----D---- C:\Windows\AppCompat 2010-04-06 20:44:50 ----D---- C:\Windows\registration -------- Rodei o OTL com as seguintes cofigurações: URL=http://img401.imageshack.us/i/otlconfig.png/][/url] Segue o logue OTL.txt OTL logfile created on: 28/04/2010 05:06:02 - Run 1 OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Blink\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,63 Gb Total Space | 61,29 Gb Free Space | 41,23% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 95,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PCDOBLINK Current User Name: Blink Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Blink\Desktop\objectdock_freeware.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Blink\Desktop\objectdock_freeware.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (VSS) -- C:\Windows\Vss [2009/07/14 00:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/14 00:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed.sys (cFos Software GmbH) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (44699622) -- C:\Windows\SysNative\drivers\44699622.sys (Kaspersky Lab) DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab) DRV:64bit: - (setup_9.0.0.722_14.01.2010_15-35drv) -- C:\Windows\SysNative\drivers\4469962.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (44699621) -- C:\Windows\SysNative\drivers\44699621.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation) DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation) DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider) DRV - (CSC) -- C:\Windows\CSC [2010/02/18 22:07:08 | 000,000,000 | ---D | M] DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 22 57 AD F9 09 E3 CA 01 [binary data] IE - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 69.13.229.214:3128 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5 FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.10.4 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 3128 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/02 19:53:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/24 05:59:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/02/19 03:21:01 | 000,000,000 | ---D | M] [2010/02/19 01:10:20 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\mozilla\Extensions [2010/04/28 01:24:39 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\mozilla\Firefox\Profiles\7zz8uf32.default\extensions [2010/03/31 20:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Blink\AppData\Roaming\mozilla\Firefox\Profiles\7zz8uf32.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/03/06 00:13:18 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Blink\AppData\Roaming\mozilla\Firefox\Profiles\7zz8uf32.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/03/31 20:14:39 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\mozilla\Firefox\Profiles\7zz8uf32.default\extensions\staged-xpis [2010/04/28 01:24:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010/02/19 03:21:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru [2010/03/24 08:40:18 | 000,001,027 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml [2010/03/24 08:40:18 | 000,001,212 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml [2010/03/24 08:40:18 | 000,001,168 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml [2010/03/24 08:40:18 | 000,000,952 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Blink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.01.2010_15-35.lnk = C:\Users\Blink\Desktop\Foxx\setup_9.0.0.722_14.01.2010_15-35\startup.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-4110611875-1872137650-3498922685-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9:64bit: - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003/10/02 05:44:12 | 000,000,027 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{0669ae4f-1cf3-11df-84ce-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0669ae4f-1cf3-11df-84ce-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2003/10/31 18:08:46 | 002,990,313 | R--- | M] (Macromedia, Inc.) O33 - MountPoints2\{2836ceb3-44a1-11df-abe2-001fd0e4c12f}\Shell - "" = AutoRun O33 - MountPoints2\{2836ceb3-44a1-11df-abe2-001fd0e4c12f}\Shell\AutoRun\command - "" = D:\application\Setup.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\application\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: Dhcp - C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: ndiscap - C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Power - C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: RpcEptMapper - C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfPf - C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSDrv - C:\Windows\SysWOW64\wbem\mpsdrv.mof () SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOS - C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: Tcpip - C:\Windows\SysWOW64\wbem\tcpip.mof () SafeBootNet: TDI - Driver Group SafeBootNet: VDS - C:\Windows\SysWOW64\wbem\vds.mof () SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices Drivers32:64bit: aux - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - C:\Windows\SysNative\midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - C:\Windows\SysNative\imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\SysNative\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - C:\Windows\SysNative\msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - C:\Windows\SysNative\msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - C:\Windows\SysNative\msgsm32.acm (Microsoft Corporation) Drivers32:64bit: VIDC.FPS1 - C:\Windows\SysNative\frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - C:\Windows\SysNative\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - C:\Windows\SysNative\msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - C:\Windows\SysNative\msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yuy2 - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - C:\Windows\SysNative\tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - C:\Windows\SysNative\msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - C:\Windows\SysNative\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - C:\Windows\SysNative\msacm32.drv (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009/07/14 00:20:14 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010/04/28 04:59:11 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Blink\Desktop\objectdock_freeware.exe [2010/04/28 04:58:23 | 070,258,920 | ---- | C] ( ) -- C:\Users\Blink\Desktop\foxxx.exe [2010/04/28 04:49:09 | 000,000,000 | ---D | C] -- C:\rsit [2010/04/28 04:17:32 | 000,352,784 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\4469962.sys [2010/04/28 04:17:32 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\44699621.sys [2010/04/28 04:17:32 | 000,040,464 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\44699622.sys [2010/04/28 04:17:31 | 000,000,000 | ---D | C] -- C:\Users\Blink\Desktop\Foxx [2010/04/28 04:02:49 | 060,524,496 | ---- | C] ( ) -- C:\Users\Blink\Desktop\setup_9.0.0.722_14.01.2010_15-35.exe [2010/04/27 09:19:38 | 000,000,000 | ---D | C] -- C:\Users\Blink\AppData\Roaming\Malwarebytes [2010/04/27 09:19:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/04/27 09:19:29 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/04/27 09:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/04/27 09:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/04/25 15:27:12 | 000,000,000 | ---D | C] -- C:\Users\Blink\Desktop\Lucks [2010/04/24 05:32:00 | 000,000,000 | ---D | C] -- C:\Users\Blink\AppData\Local\Appget [2010/04/24 02:11:24 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2010/04/24 00:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010/04/23 16:53:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts [2010/04/23 16:52:34 | 000,000,000 | ---D | C] -- C:\Arquivos de programas [2010/04/23 16:46:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2010/04/23 16:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2010/04/23 16:39:58 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Adobe [2010/04/23 16:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2010/04/23 16:31:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2010/04/23 16:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2010/04/23 16:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2010/04/23 16:28:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/04/23 16:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2010/04/23 16:08:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2010/04/23 15:53:08 | 001,525,464 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed.sys [2010/04/23 15:51:50 | 001,525,464 | ---- | C] (cFos Software GmbH) -- C:\Program Files (x86)\cfosspeed.sys [2010/04/23 15:51:50 | 000,805,080 | ---- | C] (cFos Software GmbH) -- C:\Program Files (x86)\speedsrv.dll [2010/04/23 15:51:50 | 000,398,040 | ---- | C] (cFos Software GmbH) -- C:\Program Files (x86)\spd.exe [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\traffic_analysis_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ta_icon_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\logs [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\liquid_crystal_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lc_history_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\images [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\icon_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dialog [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\default_skin [2010/04/23 15:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\css [2010/04/23 15:51:49 | 001,163,480 | ---- | C] (cFos Software GmbH) -- C:\Program Files (x86)\cfosspeed.exe [2010/04/23 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Blink\Documents\CfossSpeed [2010/04/12 00:58:29 | 000,000,000 | ---D | C] -- C:\Users\Blink\AppData\Local\SmartCom [2010/04/12 00:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SmartCom [2010/04/12 00:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2010/04/11 19:58:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lineage II - Gracia Final - Cópia [2010/04/08 01:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teste servidor [2010/04/07 20:26:24 | 000,000,000 | ---D | C] -- C:\Users\Blink\AppData\Roaming\Nero [2010/04/07 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2010/04/07 20:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010/04/07 20:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2010/04/07 19:57:03 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys [2010/04/07 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lineage II - Gracia Final [2010/04/07 19:51:19 | 000,000,000 | ---D | C] -- C:\Users\Blink\AppData\Roaming\InstallShield [2010/04/06 20:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberScript32 [2010/04/02 02:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sXe Injected [2010/03/31 20:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin ========== Files - Modified Within 30 Days ========== [2010/04/28 05:09:10 | 001,835,008 | -HS- | M] () -- C:\Users\Blink\ntuser.dat [2010/04/28 05:04:14 | 000,087,393 | ---- | M] () -- C:\Users\Blink\Desktop\otlconfig.png [2010/04/28 04:59:12 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Blink\Desktop\objectdock_freeware.exe [2010/04/28 04:58:23 | 070,258,920 | ---- | M] ( ) -- C:\Users\Blink\Desktop\foxxx.exe [2010/04/28 04:53:10 | 000,031,074 | ---- | M] () -- C:\Users\Blink\Desktop\errorline1.png [2010/04/28 04:37:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/04/28 04:37:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/04/28 04:32:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/04/28 04:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/04/28 04:32:45 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2010/04/28 04:31:54 | 003,990,747 | -H-- | M] () -- C:\Users\Blink\AppData\Local\IconCache.db [2010/04/28 04:18:05 | 000,002,130 | ---- | M] () -- C:\Users\Blink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.01.2010_15-35.lnk [2010/04/28 04:17:02 | 060,524,496 | ---- | M] ( ) -- C:\Users\Blink\Desktop\setup_9.0.0.722_14.01.2010_15-35.exe [2010/04/28 04:04:23 | 000,781,909 | ---- | M] () -- C:\Users\Blink\Desktop\RSIT.exe [2010/04/27 09:19:33 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/24 08:49:13 | 002,899,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/04/24 07:34:27 | 000,066,456 | ---- | M] () -- C:\Users\Blink\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/24 01:05:40 | 000,002,156 | ---- | M] () -- C:\Users\Blink\Documents\Servidor TS.RDP [2010/04/24 01:05:30 | 000,002,076 | -H-- | M] () -- C:\Users\Blink\Documents\Default.rdp [2010/04/23 20:16:02 | 000,266,640 | ---- | M] () -- C:\Users\Blink\Desktop\PIC3655.tmp.jpg [2010/04/23 16:35:41 | 000,002,036 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk [2010/04/21 17:56:24 | 000,000,660 | RHS- | M] () -- C:\Users\Blink\ntuser.pol [2010/04/17 22:14:45 | 000,001,174 | ---- | M] () -- C:\NCally.bmp [2010/04/17 22:05:33 | 000,007,948 | ---- | M] () -- C:\NCally.jpg [2010/04/17 21:47:59 | 000,001,270 | ---- | M] () -- C:\NCclan.bmp [2010/04/14 13:06:54 | 000,000,418 | ---- | M] () -- C:\Windows\ODBC.INI [2010/04/12 03:05:26 | 000,001,270 | ---- | M] () -- C:\tag3.bmp [2010/04/12 03:04:28 | 000,001,318 | ---- | M] () -- C:\tag2.bmp [2010/04/12 03:02:01 | 000,001,318 | ---- | M] () -- C:\tag.bmp [2010/04/12 01:18:39 | 000,000,320 | ---- | M] () -- C:\Users\Blink\AppData\Local\FSCache.dat [2010/04/11 23:38:46 | 000,001,753 | ---- | M] () -- C:\Users\Blink\Desktop\BrThunder Gracia Final.lnk [2010/04/11 20:11:32 | 000,001,206 | ---- | M] () -- C:\Users\Public\Desktop\BrThunder.lnk [2010/04/06 20:56:31 | 000,001,002 | ---- | M] () -- C:\Users\Blink\Desktop\CyberScript.lnk [2010/04/06 16:19:41 | 000,524,288 | -HS- | M] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TMContainer00000000000000000002.regtrans-ms [2010/04/06 16:19:41 | 000,524,288 | -HS- | M] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TMContainer00000000000000000001.regtrans-ms [2010/04/06 16:19:41 | 000,065,536 | -HS- | M] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TM.blf [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010/04/28 05:04:14 | 000,087,393 | ---- | C] () -- C:\Users\Blink\Desktop\otlconfig.png [2010/04/28 04:53:10 | 000,031,074 | ---- | C] () -- C:\Users\Blink\Desktop\errorline1.png [2010/04/28 04:18:05 | 000,002,130 | ---- | C] () -- C:\Users\Blink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_14.01.2010_15-35.lnk [2010/04/28 04:03:45 | 000,781,909 | ---- | C] () -- C:\Users\Blink\Desktop\RSIT.exe [2010/04/27 09:19:33 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/04/24 01:05:40 | 000,002,156 | ---- | C] () -- C:\Users\Blink\Documents\Servidor TS.RDP [2010/04/24 01:01:10 | 000,002,076 | -H-- | C] () -- C:\Users\Blink\Documents\Default.rdp [2010/04/23 20:15:57 | 000,266,640 | ---- | C] () -- C:\Users\Blink\Desktop\PIC3655.tmp.jpg [2010/04/23 16:35:41 | 000,002,036 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro.lnk [2010/04/23 15:51:50 | 000,308,320 | ---- | C] () -- C:\Program Files (x86)\cfspdiml.txt [2010/04/23 15:51:50 | 000,270,795 | ---- | C] () -- C:\Program Files (x86)\speedml.txt [2010/04/23 15:51:50 | 000,167,660 | ---- | C] () -- C:\Program Files (x86)\progress_alpha.ani [2010/04/23 15:51:50 | 000,154,542 | ---- | C] () -- C:\Program Files (x86)\watermark.bmp [2010/04/23 15:51:50 | 000,082,436 | ---- | C] () -- C:\Program Files (x86)\whatsnew.txt [2010/04/23 15:51:50 | 000,065,644 | ---- | C] () -- C:\Program Files (x86)\progress.ani [2010/04/23 15:51:50 | 000,059,870 | ---- | C] () -- C:\Program Files (x86)\vista_de.bmp [2010/04/23 15:51:50 | 000,052,218 | ---- | C] () -- C:\Program Files (x86)\vista_en.bmp [2010/04/23 15:51:50 | 000,020,371 | ---- | C] () -- C:\Program Files (x86)\license.txt [2010/04/23 15:51:50 | 000,016,632 | ---- | C] () -- C:\Program Files (x86)\settings.ini [2010/04/23 15:51:50 | 000,009,658 | ---- | C] () -- C:\Program Files (x86)\header.bmp [2010/04/23 15:51:50 | 000,009,014 | ---- | C] () -- C:\Program Files (x86)\speed.cat [2010/04/23 15:51:50 | 000,004,286 | ---- | C] () -- C:\Program Files (x86)\speed_hta.ico [2010/04/23 15:51:50 | 000,002,465 | ---- | C] () -- C:\Program Files (x86)\install.ini [2010/04/23 15:51:50 | 000,001,708 | ---- | C] () -- C:\Program Files (x86)\speed_x64.inf [2010/04/23 15:51:50 | 000,001,669 | ---- | C] () -- C:\Program Files (x86)\speedml_1337.txt [2010/04/23 15:51:50 | 000,001,347 | ---- | C] () -- C:\Program Files (x86)\speed_m.inf [2010/04/23 15:51:50 | 000,001,150 | ---- | C] () -- C:\Program Files (x86)\fileauth.txt [2010/04/23 15:51:50 | 000,001,062 | ---- | C] () -- C:\Program Files (x86)\readme.txt [2010/04/23 15:51:50 | 000,001,030 | ---- | C] () -- C:\Program Files (x86)\liesmich.txt [2010/04/23 15:51:50 | 000,000,044 | ---- | C] () -- C:\Program Files (x86)\www_cFosSpeed.url [2010/04/21 17:52:12 | 000,000,660 | RHS- | C] () -- C:\Users\Blink\ntuser.pol [2010/04/17 22:14:44 | 000,001,174 | ---- | C] () -- C:\NCally.bmp [2010/04/17 22:09:36 | 000,007,948 | ---- | C] () -- C:\NCally.jpg [2010/04/17 22:09:36 | 000,001,270 | ---- | C] () -- C:\NCclan.bmp [2010/04/12 03:05:25 | 000,001,270 | ---- | C] () -- C:\tag3.bmp [2010/04/12 03:04:28 | 000,001,318 | ---- | C] () -- C:\tag2.bmp [2010/04/12 03:01:59 | 000,001,318 | ---- | C] () -- C:\tag.bmp [2010/04/12 02:51:25 | 000,001,174 | ---- | C] () -- C:\ally3.bmp [2010/04/12 01:18:39 | 000,000,320 | ---- | C] () -- C:\Users\Blink\AppData\Local\FSCache.dat [2010/04/11 23:38:46 | 000,001,753 | ---- | C] () -- C:\Users\Blink\Desktop\BrThunder Gracia Final.lnk [2010/04/07 19:57:03 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd [2010/04/06 20:56:31 | 000,001,002 | ---- | C] () -- C:\Users\Blink\Desktop\CyberScript.lnk [2010/04/06 16:19:41 | 000,524,288 | -HS- | C] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TMContainer00000000000000000002.regtrans-ms [2010/04/06 16:19:41 | 000,524,288 | -HS- | C] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TMContainer00000000000000000001.regtrans-ms [2010/04/06 16:19:41 | 000,065,536 | -HS- | C] () -- C:\Users\Blink\ntuser.dat{32f71801-41b0-11df-973d-001fd0e4c12f}.TM.blf [2010/03/27 19:36:17 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010/03/26 02:00:56 | 000,000,168 | ---- | C] () -- C:\Windows\tlcapps.ini [2010/02/19 00:33:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 18:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/19 20:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2009/06/19 20:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2010/02/19 02:04:50 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\TS3Client [2010/04/24 00:56:43 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\uTorrent [2010/03/09 20:53:25 | 000,000,000 | ---D | M] -- C:\Users\Blink\AppData\Roaming\WNR [2010/04/19 10:31:35 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 22:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/13 22:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 22:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/13 22:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/13 22:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 22:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2009/07/13 22:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/13 22:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/13 22:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/13 22:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 22:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/13 22:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/13 22:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 22:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > Dexei fazendo um Scan com o Kaspersky Virus removal, se der mais tarde vou tentar acessar aqui em casa para postar o resultado. Obrigado pela atençao. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 28, 2010 Já tentou desativar temporariamente o Kaspersky Internet Security para ver se consegue acessar os sites? Compartilhar este post Link para o post Compartilhar em outros sites
lBlink 0 Denunciar post Postado Abril 28, 2010 Já tentou desativar temporariamente o Kaspersky Internet Security para ver se consegue acessar os sites? Ja tentei desativar o antivírus, firewall, mas ainda nada, os sites aqui no trabalho acesso normal, so la em casa que da esse problema =/ Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 29, 2010 Conforme o log, você está usando um proxy: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.13.229.214:3128 Procure rever suas conexões de rede....pode ser ele o responsável pelo bloqueio do acesso para determinados sites. Seus logs não mostraram nada de relevante. Compartilhar este post Link para o post Compartilhar em outros sites
lBlink 0 Denunciar post Postado Abril 29, 2010 Conforme o log, você está usando um proxy: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.13.229.214:3128 Procure rever suas conexões de rede....pode ser ele o responsável pelo bloqueio do acesso para determinados sites. Seus logs não mostraram nada de relevante. =/ Estranho meu ip nem e esse Porem a um tempo usei um programa de proxy aqui, mas nem uso mais, verifiquei se tinha algo ativo dele e não encontrei, o programa era o Proxy Swither, porem o desinstalei, deletei, e continuda dando o mesmo problema. Não faço idéia de onde possa ter vindo esse ip proxy que apareceu ai >< Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 29, 2010 Fixe esta entrada com o hijack. Clique em [Do a system scan only], selecione-a e clique em [Fix checked] Compartilhar este post Link para o post Compartilhar em outros sites
lBlink 0 Denunciar post Postado Maio 1, 2010 Estranho, mas não tem mais essa entrada mais no log. E outra coisa estranha, ate onde vi agora so tem um site específico que da erro, as vezes abre so a pagina principal, dps da falha. O site eh www.ikariam.com.br Segue log do Hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:25:37, on 30/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Lineage II\system\l2.exe C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files (x86)\Lineage II\system\l2.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Blink\Downloads\Blink.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Adicionar ao Antifaixas - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Teclado virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files (x86)\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9933 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Maio 1, 2010 O PC está limpo, seu problema não tem relação com malwares. Compartilhar este post Link para o post Compartilhar em outros sites
Mário Monteiro 179 Denunciar post Postado Junho 1, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
