Zébástian 0 Denunciar post Postado Maio 22, 2010 Galera não aguento mais usar o eBuddy Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:03:12, on 22/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\USB Video Camera\Monitor.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220 O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- End of file - 4829 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 23, 2010 Bom Dia! Zébástian <!> O log não apresenta entradas ruíns ou suspeitas. <!> Ps: Caso utilize Proxy,para acessar a Internet,você poderá ter seu MSN bloqueado. <!> Desabilite-o no Firefox ou IE8,segundo estas instruções! 0000000000000000000000 <@> Abra o Firefox. <@> Vá em Ferramentas -> Opções -> Avançado -> Rede -> Configurar Conexão. <@> Clique em "Sem Proxy". <@> Abra o IE8. <@> Vá em Ferramentas -> Opções da Internet -> Conexões -> Configurações da LAN. <@> Desmarque: "Usar Servidor Proxy" 0000000000000000000000 <@> Baixe: < Malwarebytes' Anti-Malware > <@> Link - 2: < > <@> Ps: Salve ou imprima estas instruções: - Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas. - Clique,à seguir,em Concluir. - Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas. - Ao final da atualização,com o programa aberto, marque: Verificação Rápida - Clique no botão Verificar. - Começará então o exame. -> Aguarde,pois pode demorar! - Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório. - Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover". - Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório. - Ps: O log será armazenado,automáticamente,pela ferramenta. - Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa. <@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez! <@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar. 0000000000000000000000 <!> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta. <!> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 23, 2010 Log do MBAM Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4133 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 23/5/2010 16:24:16 mbam-log-2010-05-23 (16-24-16).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 114718 Tempo decorrido: 5 minuto(s), 11 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) Log do Hijack Logfile of Trend Micro HijackThis v2.0.4Scan saved at 16:28:55, on 23/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\USB Video Camera\Monitor.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD1D250-6714-434E-A849-EAC932D3B318}: NameServer = 200.204.0.10,200.204.0.138 O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- End of file - 6273 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 23, 2010 Boa Noite! Zébástian MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) <!> Seu navegador está desatualizado. ( IE6 ) <!> Baixe e instale o IE8. 00000000000000000000000 ooooooooooooooooooooooo <@> Baixe: < MSNCleaner > <@> Clique no botão “Analisar”. <@> Terminando,poste o relatório. 00000000000000000000000 ooooooooooooooooooooooo <@> Faça um escaneamento,online,em: < Eset Nod32 > <@> Ps: Utilize o navegador Internet Explorer. <@> Marque a caixa: "SIM,aceito as condições de uso" --> Iniciar. <@> Marque a caixa: "YES, I accept the Terms of Use" --> Start. <@> Desmarque a caixa "Remove found threats". <@> Aceite a instalação do ActiveX --> Dê início ao scan. <@> Concluindo,poste os relatórios: C:\Program Files\EsetOnlineScanner\log.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 24, 2010 Infelizmente eu não consegui passar o scanner do Eset porque, há 1 hora aproximadamente antes de eu postar este, parou acessar algumas páginas e a do Eset foi uma das que não consigo acessar. A página do baixaki é uma outra que eu não consigo também. Caso sirva, o log do hijack está aqui. Vlw por enquanto. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:48:36, on 23/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\USB Video Camera\Monitor.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- End of file - 6130 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 24, 2010 Bom Dia! Zébástian <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível: <@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na janela: "Contrato de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download. <!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Para finalizar remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 25, 2010 ComboFix 10-05-21.06 - Administrador 25/05/2010 2:15.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.446.252 [GMT -3:00] Executando de: c:\documents and settings\Administrador\desktop\Combofix.exe Comandos utilizados :: /killall AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))) . 2010-05-24 01:11 . 2010-05-24 01:11 -------- d-sh--w- c:\documents and settings\Administrador\IECompatCache 2010-05-24 01:10 . 2010-05-24 01:10 -------- d-sh--w- c:\documents and settings\Administrador\PrivacIE 2010-05-24 01:08 . 2010-05-24 01:08 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-05-24 01:07 . 2010-05-24 01:07 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache 2010-05-24 01:05 . 2010-05-24 01:05 -------- d-----w- c:\windows\ie8updates 2010-05-24 01:03 . 2010-05-24 01:04 -------- dc-h--w- c:\windows\ie8 2010-05-24 01:01 . 2010-02-25 06:17 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-24 01:01 . 2010-02-25 06:17 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-05-24 01:01 . 2010-02-25 06:17 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-05-24 01:01 . 2010-02-25 06:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-05-24 01:01 . 2010-02-25 06:17 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-24 01:00 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll 2010-05-24 00:45 . 2010-05-24 00:45 2165 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\rsi.hotmail.com 2010-05-24 00:45 . 2010-05-24 00:45 167936 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\UOL\lib\fotoblog-1.0.0.3.dll 2010-05-24 00:45 . 2010-05-24 00:45 2153 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\contacts.msn.com 2010-05-24 00:45 . 2010-05-24 00:45 2095 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\UOL\UIM\Profiles\zecnv@hotmail.com\.purple\certificates\x509\tls_peers\login.live.com 2010-05-24 00:43 . 2010-05-24 00:43 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\UOL 2010-05-24 00:42 . 2010-05-24 00:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\UOL 2010-05-24 00:42 . 2010-05-24 01:50 -------- d-----w- c:\arquivos de programas\UOL 2010-05-24 00:35 . 2010-05-24 00:37 -------- d-----w- C:\MSNCleaner 2010-05-23 19:16 . 2010-05-23 19:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes 2010-05-23 19:15 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-05-23 19:15 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-23 19:15 . 2010-05-23 19:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-05-22 21:31 . 2010-05-22 21:31 -------- d-----w- c:\arquivos de programas\IVT Corporation 2010-05-22 16:36 . 2010-05-22 16:36 388096 ----a-r- c:\documents and settings\Administrador\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-05-22 16:36 . 2010-05-22 16:36 -------- d-----w- c:\arquivos de programas\Trend Micro 2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Babylon 2010-05-22 16:12 . 2010-05-22 16:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Babylon 2010-05-21 07:43 . 2008-05-09 10:55 90112 -c----w- c:\windows\system32\dllcache\wshext.dll 2010-05-21 07:43 . 2008-05-09 10:55 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll 2010-05-21 07:43 . 2008-05-09 10:55 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll 2010-05-21 07:43 . 2008-05-09 08:45 135168 -c----w- c:\windows\system32\dllcache\cscript.exe 2010-05-21 07:43 . 2008-05-08 11:24 155648 -c----w- c:\windows\system32\dllcache\wscript.exe 2010-05-21 07:37 . 2008-04-21 21:15 216064 -c----w- c:\windows\system32\dllcache\wordpad.exe 2010-05-21 07:31 . 2010-02-17 17:07 2194176 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-05-21 07:31 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2010-05-21 07:31 . 2009-03-06 14:20 286208 -c----w- c:\windows\system32\dllcache\pdh.dll 2010-05-21 07:31 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe 2010-05-21 07:31 . 2009-02-09 10:53 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2010-05-21 07:31 . 2009-02-09 10:53 683520 -c----w- c:\windows\system32\dllcache\advapi32.dll 2010-05-21 07:31 . 2009-02-09 10:53 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2010-05-21 07:31 . 2009-02-09 10:53 730624 -c----w- c:\windows\system32\dllcache\ntdll.dll 2010-05-21 07:31 . 2009-02-09 10:53 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2010-05-21 07:31 . 2010-02-16 19:07 2150400 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-05-21 07:31 . 2010-02-16 19:07 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-05-21 07:13 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys 2010-05-21 07:13 . 2008-06-14 17:34 272384 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-05-21 07:02 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-05-21 07:02 . 2009-11-21 15:58 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-05-21 07:02 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2010-05-21 07:02 . 2009-10-15 16:32 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2010-05-21 07:02 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2010-05-21 07:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-05-21 07:01 . 2008-05-01 14:36 331776 -c----w- c:\windows\system32\dllcache\msadce.dll 2010-05-21 06:48 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2010-05-21 06:19 . 2008-10-15 16:36 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2010-05-21 06:19 . 2009-07-31 04:33 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll 2010-05-21 06:08 . 2009-03-08 07:33 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll 2010-05-21 06:06 . 2010-05-24 01:05 -------- d--h--w- c:\windows\$hf_mig$ 2010-05-21 05:48 . 2010-05-24 15:29 -------- d-----w- c:\documents and settings\Administrador\Tracing 2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Microsoft 2010-05-21 05:10 . 2010-05-21 05:10 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive 2010-05-21 05:02 . 2010-05-21 05:02 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Windows Live 2010-05-19 03:47 . 2010-05-19 03:47 -------- d-----w- c:\arquivos de programas\USB Video Camera 2010-05-19 03:46 . 2005-01-14 16:47 180224 ----a-w- c:\windows\system\StillDrv.dll 2010-05-19 03:46 . 2006-06-30 13:40 775936 ----a-w- c:\windows\system32\drivers\BisonCam.sys 2010-05-19 03:46 . 2006-03-30 03:05 90112 ----a-w- c:\windows\system\BisonVfw.dll 2010-05-19 03:46 . 2006-03-30 03:05 126976 ----a-w- c:\windows\system\BisonCam.dll 2010-05-19 03:46 . 2006-03-02 17:41 77942 ----a-w- c:\windows\system32\BisonRem.dll 2010-05-19 03:23 . 2010-05-22 04:55 -------- d-----w- c:\windows\BisonCam 2010-05-17 02:31 . 2010-05-17 02:33 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\CyberLink 2010-05-17 02:18 . 2010-05-17 02:32 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CyberLink 2010-05-17 02:18 . 2010-05-17 02:18 -------- d-----w- c:\arquivos de programas\Arquivos comuns\CyberLink 2010-05-17 02:15 . 2010-05-17 02:35 53319 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe 2010-05-17 02:15 . 2010-05-17 02:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Temp 2010-05-16 19:14 . 2010-05-16 19:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\pdf995 2010-05-16 19:06 . 2010-05-16 19:20 59 ----a-w- c:\windows\wpd99.drv 2010-05-16 19:06 . 2010-05-16 19:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\pdf995 2010-05-16 19:06 . 2010-05-16 19:06 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2010-05-16 19:06 . 2010-05-16 19:06 249856 ----a-w- c:\windows\system32\pdfmona.dll 2010-05-16 19:06 . 2010-05-16 19:19 -------- d-----w- c:\arquivos de programas\pdf995 2010-05-16 17:56 . 2010-05-16 17:57 -------- d-----w- c:\arquivos de programas\WinXMedia 2010-05-16 03:37 . 2010-05-16 03:37 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Ahead 2010-05-16 03:37 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll 2010-05-15 19:34 . 2010-05-23 21:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Autodesk 2010-05-15 19:34 . 2010-05-23 20:45 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Autodesk 2010-05-15 19:05 . 2008-07-10 14:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll 2010-05-15 19:04 . 2005-05-26 18:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-05-15 19:03 . 2010-05-15 19:03 -------- d-----w- c:\windows\Logs 2010-05-08 14:49 . 2010-05-08 14:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\MapInfo 2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet 2010-05-08 14:48 . 2010-05-08 14:48 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared 2010-05-05 09:14 . 2010-05-05 09:14 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Corel 2010-05-05 09:06 . 2010-05-05 09:06 -------- d--h--w- c:\windows\PIF 2010-05-02 16:42 . 2010-05-02 16:42 737280 ----a-w- c:\windows\iun6002.exe 2010-05-01 20:28 . 2008-04-13 22:20 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll 2010-05-01 20:28 . 2008-04-13 22:20 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll 2010-05-01 20:28 . 2008-04-13 14:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys 2010-05-01 20:28 . 2008-04-13 14:36 43008 ------w- c:\windows\system32\drivers\amdagp.sys 2010-05-01 20:28 . 2008-04-13 14:36 42752 ------w- c:\windows\system32\drivers\alim1541.sys 2010-05-01 20:28 . 2008-04-13 14:36 42368 ------w- c:\windows\system32\drivers\agp440.sys 2010-05-01 20:28 . 2008-04-13 12:34 56623 ------w- c:\windows\system32\drivers\ati1btxx.sys 2010-05-01 20:28 . 2008-04-13 12:34 11615 ------w- c:\windows\system32\drivers\ati1mdxx.sys 2010-04-28 17:01 . 2010-04-28 17:01 -------- d-sh--w- c:\documents and settings\Administrador\UserData 2010-04-25 22:32 . 2010-04-25 22:32 -------- d-----w- c:\windows\system32\wbem\Repository 2010-04-25 22:31 . 2010-05-15 17:28 -------- d-----w- c:\arquivos de programas\EasyPrediction 2010-04-25 22:31 . 2010-04-25 22:32 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2 2010-04-25 22:31 . 2010-05-24 01:08 -------- d-----w- c:\windows\system32\LogFiles 2010-04-25 22:30 . 2010-05-19 02:39 -------- dc----w- c:\windows\system32\DRVSTORE . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-24 15:34 . 2001-10-28 12:07 82790 ----a-w- c:\windows\system32\perfc016.dat 2010-05-24 15:34 . 2001-10-28 12:07 477654 ----a-w- c:\windows\system32\perfh016.dat 2010-05-24 15:27 . 2010-04-21 21:03 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\uTorrent 2010-05-21 05:10 . 2010-04-22 06:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WindowsLiveInstaller 2010-05-21 05:10 . 2010-04-22 06:21 -------- d-----w- c:\arquivos de programas\Windows Live 2010-05-19 03:47 . 2010-04-22 03:48 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-05-19 01:48 . 2010-04-22 06:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\WLInstaller 2010-05-17 02:15 . 2010-04-22 13:19 505128 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-17 02:15 . 2010-04-22 13:19 353576 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-16 19:21 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield 2010-05-03 06:02 . 2010-04-21 22:19 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-04-22 17:13 . 2010-04-22 17:13 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000003000003i\imut.exe 2010-04-22 17:11 . 2010-04-22 17:11 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\4000006b00002i\imutgui.exe 2010-04-22 13:23 . 2010-04-22 13:22 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Media Player Classic 2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\MSBuild 2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2010-04-22 05:59 . 2010-04-22 05:59 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2010-04-22 05:49 . 2010-04-21 21:35 -------- d-----w- c:\arquivos de programas\MSECache 2010-04-22 05:35 . 2010-04-22 05:30 -------- d-----w- c:\arquivos de programas\VDownloader 1.13 2010-04-22 03:56 . 2010-04-22 03:56 7680 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\400000a600003i\FNPLicensingService.exe 2010-04-22 03:56 . 2010-04-22 03:56 658432 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall\MapInfo Professional 9.0\%ProgramFilesDir%\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 2010-04-22 03:56 . 2010-04-21 21:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Thinstall 2010-04-22 03:52 . 2010-04-22 03:52 -------- d-----w- c:\arquivos de programas\Motorola 2010-04-22 03:46 . 2010-04-22 03:46 -------- d-----w- c:\arquivos de programas\VIAudioi 2010-04-22 03:43 . 2010-04-22 03:43 -------- d-----w- c:\arquivos de programas\VIA 2010-04-22 02:57 . 2010-04-22 02:57 -------- d-----w- c:\arquivos de programas\Microsoft.NET 2010-04-21 23:16 . 2010-04-21 23:16 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Avira 2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Avira 2010-04-21 23:04 . 2010-04-21 23:04 -------- d-----w- c:\arquivos de programas\Avira 2010-04-21 21:03 . 2010-04-21 21:03 0 ----a-w- c:\windows\nsreg.dat 2010-04-21 19:31 . 2010-04-21 18:43 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2010-04-21 19:02 . 2006-07-19 06:18 180480 ----a-w- c:\windows\system32\drivers\RTL8187.sys 2010-04-21 19:02 . 2006-10-25 06:36 42240 ----a-w- c:\windows\system32\drivers\ESD7SK.sys 2010-04-21 19:02 . 2006-10-25 06:36 62208 ----a-w- c:\windows\system32\drivers\EMS7SK.sys 2010-04-21 18:44 . 2010-04-21 18:44 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Serviços on-line 2010-04-21 18:42 . 2010-04-21 18:42 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Serviços 2010-04-21 18:41 . 2010-04-21 18:41 21844 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-17 01:12 . 2010-04-17 01:12 48464 ----a-w- c:\windows\system32\sirenacm.dll 2010-03-17 14:35 . 2010-04-21 21:20 309248 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll 2010-03-01 12:05 . 2010-04-21 23:04 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-02-25 06:17 . 2004-08-04 03:45 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2004-08-04 02:15 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2003-09-24 15:33 . 2010-04-12 23:37 356352 ----a-w- c:\arquivos de programas\putty.exe . ((((((((((((((((((((((((((((( SnapShot_2010-05-24_01.30.01 ))))))))))))))))))))))))))))))))))))))))) . - 2001-10-28 12:07 . 2010-05-24 01:11 69446 c:\windows\system32\perfc009.dat + 2001-10-28 12:07 . 2010-05-24 15:34 69446 c:\windows\system32\perfc009.dat + 2001-10-28 12:07 . 2010-05-24 15:34 435258 c:\windows\system32\perfh009.dat - 2001-10-28 12:07 . 2010-05-24 01:11 435258 c:\windows\system32\perfh009.dat . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2010-04-21 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2010-04-21 53248] "Adobe Reader Speed Launcher"="d:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "avgnt"="c:\arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792] "SMSERIAL"="c:\arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe" [2010-04-21 630784] "BtTray"="c:\arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" [2008-11-01 281600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "d:\\Arquivos de programas\\DreaMule\\emule.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10976:TCP"= 10976:TCP:Dreamule TCP "10986:UDP"= 10986:UDP:Dreamule UDP "443:TCP"= 443:TCP:MSN TCP "443:UDP"= 443:UDP:MSN UDP R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [31/7/2008 20:45 20616] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\arquivos de programas\Avira\AntiVir Desktop\sched.exe [21/4/2010 20:04 135336] R2 BsMobileCS;BsMobileCS;c:\arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe [1/11/2008 09:29 143467] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2/7/2008 14:58 26248] S3 Ca2001v;CA2001 WebCam Driver;c:\windows\system32\Drivers\Ca2001v.sys --> c:\windows\system32\Drivers\Ca2001v.sys [?] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [19/7/2006 03:18 180480] S3 SR9USB;SR9600 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\sr9usb.sys [21/4/2010 14:51 12544] . . ------- Scan Suplementar ------- . IE: E&xportar para o Microsoft Excel - d:\arquiv~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Enviar por Bluetooth - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm IE: Enviar por mensagem(&M)... - c:\arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm TCP: {D2740C35-F54D-4D6F-ABC1-BB5C420707A5} = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - plugin: c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - plugin: d:\arquivos de programas\Adobe\Reader 9.0\Reader\browser\nppdf32.dll FF - plugin: d:\arquivos de programas\Mozilla Firefox\plugins\npOGAPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); d:\arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); d:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); d:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-25 02:22 Windows 5.1.2600 Service Pack 3 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-1214440339-1957994488-725345543-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,1c,b5,13,ff,22,3a,45,bb,7c,5e,\ . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(620) c:\windows\system32\CLBCATQ.DLL - - - - - - - > 'explorer.exe'(3992) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\BsMobileSDK.dll c:\windows\system32\BsLangInDepRes.dll c:\windows\system32\Bs2Res.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Avira\AntiVir Desktop\avguard.exe c:\arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe c:\arquivos de programas\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\VTTimer.exe c:\arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe c:\arquivos de programas\USB Video Camera\Monitor.exe . ************************************************************************** . Tempo para conclusão: 2010-05-25 02:25:33 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-05-25 05:25 ComboFix2.txt 2010-05-24 01:31 ComboFix3.txt 2010-05-22 17:01 Pré-execução: 2.968.276.992 bytes disponíveis Pós execução: 2.954.067.968 bytes disponíveis - - End Of File - - B584F54CD2EE31BA1E288845EFD6885C Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:26:26, on 25/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\USB Video Camera\Monitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- End of file - 6126 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 26, 2010 Bom Dia! Zébástian <@> Baixe: < OTL > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Clique duplo em: < > <@> Ps: Sigamos,agora,com sua configuração! <!> 1 - Em "Saída",deixe marcado o botão "Resumida". <!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit! <!> 3 - Processos: Usar SafeList <-- Marque! <!> 4 - Módulos: Usar SafeList <-- Marque! <!> 5 - Serviços: Usar SafeList <-- Marque! <!> 6 - Drivers: Usar SafeList <-- Marque! <!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque! <!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque! <!> 9 - Verificação de Arquivos: <!> Data de Criação >> Escolha: 14 dias <!> Marque: Usar WhiteList para Nomes de Companhias <!> Marque: Ignorar Arquivos Microsoft <!> 10 - Arquivos Criados Desde: <!> Marque: Data de Criação <!> 11 - Arquivos Modificados Desde: <!> Marque: Data de Criação <!> Marque as caixas: [] Verificar Lop [] Verificar Purity <@> Ps: Sugiro que imprima estas orientações,para posterior leitura. netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5 <@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções <@> Clique em: Verificar --> Aguarde! <@> Concluindo,poste: <!> <1> OTL.txt <-- <!> <2> Extra.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 27, 2010 - OTL.txt OTL logfile created on: 26/5/2010 22:56:51 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Unable to calculate disk information. G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEBASTIAN-NOTE Current User Name: Administrador Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe PRC - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe PRC - [2010/04/21 16:01:35 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2010/04/21 16:01:32 | 000,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe PRC - [2010/03/24 15:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe PRC - [2008/11/01 09:56:06 | 000,281,600 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe PRC - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe PRC - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe PRC - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe PRC - [2008/04/13 19:21:00 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/10/16 18:32:18 | 000,249,856 | ---- | M] () -- C:\Arquivos de programas\USB Video Camera\Monitor.exe ========== Modules (SafeList) ========== MOD - [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe MOD - [2008/04/13 19:19:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010/05/08 11:48:50 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/04/21 20:10:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008/11/01 09:30:26 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS) SRV - [2008/11/01 09:29:10 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS) SRV - [2008/07/09 20:51:20 | 000,775,168 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2010/04/21 16:02:08 | 000,180,480 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2010/04/21 16:02:03 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR) DRV - [2010/04/21 16:02:03 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR) DRV - [2010/04/21 16:01:35 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial) DRV - [2010/04/21 16:01:24 | 000,634,880 | ---- | M] (S3 Graphics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\S3gIGPm.sys -- (S3GIGP) DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/02/08 17:04:24 | 000,012,544 | ---- | M] (SUPERAL Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sr9usb.sys -- (SR9USB) DRV - [2008/10/22 12:32:54 | 000,039,432 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus) DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs) DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2006/06/30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006/06/20 14:12:34 | 000,134,656 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (HdAudAddService) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 6A A0 BE E1 FA CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://go.microsoft.com/fwlink/?LinkId=69157" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3 FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=IEFM1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: d:\Arquivos de programas\Mozilla Firefox\components [2010/04/23 21:16:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: d:\Arquivos de programas\Mozilla Firefox\plugins [2010/05/11 16:57:23 | 000,000,000 | ---D | M] [2010/04/21 18:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions [2010/05/25 02:06:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions [2010/04/21 18:20:09 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2010/05/15 00:00:09 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2010/05/02 00:26:55 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/04/21 18:20:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/05/21 02:48:01 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mm06c0qz.default\searchplugins\bing.xml O1 HOSTS File: ([2010/05/25 02:22:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [btTray] C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe () O4 - HKLM..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xportar para o Microsoft Excel - D:\Arquivos de programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm () O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm () O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.171.222.97 200.204.0.10 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Minha página inicial atual) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/21 15:44:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008/07/30 16:26:06 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/21 15:43:55 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0A8C991C-F1C9-86E9-504C-4F74AA80C2F5} - Outlook Express ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Processamento de gráficos vetoriais (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2AE47EDE-AEF1-9067-D3A8-10FA2887E20E} - Outlook Express ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java ActiveX: {3ACAEF4B-B2AD-02C7-6DCA-84F1B252B6BA} - DirectAnimation ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {515C3651-A74F-55E9-05B2-AAC79F82B93E} - NetShow ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5E4CEC43-5D84-9519-82DD-D2AA50BDEF2B} - DirectAnimation ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7247241E-10D4-8835-2B3F-D214FFD4EA92} - Microsoft Windows Media Player 6.4 ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {876F401D-3DF9-5000-BB41-C4CBCEC8B6A9} - NetShow ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CA4E4270-6972-05F7-1A3A-0EE0297C5300} - Personalização do navegador ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas ActiveX: {CCF65B59-2836-A1F6-10AA-24C656D786E8} - DirectAnimation ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) ========== Files/Folders - Created Within 14 Days ========== [2010/05/26 22:53:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe [2010/05/25 06:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/05/25 02:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010/05/24 02:08:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrador\Recent [2010/05/23 22:11:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IECompatCache [2010/05/23 22:10:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\PrivacIE [2010/05/23 22:07:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrador\IETldCache [2010/05/23 22:05:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/05/23 22:04:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2010/05/23 22:03:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/05/23 21:43:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\UOL [2010/05/23 21:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\UOL [2010/05/23 21:42:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\UOL [2010/05/23 21:36:56 | 000,184,320 | ---- | C] (InfoSpyware - ForoSpyware) -- C:\Documents and Settings\Administrador\Desktop\MSNCleaner.exe [2010/05/23 21:35:27 | 000,000,000 | ---D | C] -- C:\MSNCleaner [2010/05/23 18:05:33 | 000,000,000 | ---D | C] -- C:\Config.Msi [2010/05/23 16:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes [2010/05/23 16:15:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/05/23 16:15:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/05/23 16:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes [2010/05/23 16:15:14 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware [2010/05/22 18:48:53 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Bluetooth [2010/05/22 18:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\bluesoleil [2010/05/22 18:31:48 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\IVT Corporation [2010/05/22 13:55:57 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/05/22 13:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/05/22 13:50:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/05/22 13:50:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/05/22 13:50:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/05/22 13:50:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/05/22 13:49:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/05/22 13:36:51 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Trend Micro [2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Babylon [2010/05/22 13:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon [2010/05/21 03:06:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall [2010/05/21 03:06:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$ [2010/05/21 03:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution [2010/05/21 02:48:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Tracing [2010/05/21 02:10:52 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Microsoft [2010/05/21 02:10:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documentos\microsoft [2010/05/21 02:10:31 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Windows Live SkyDrive [2010/05/21 02:02:39 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\Windows Live [2010/05/19 00:47:33 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\USB Video Camera [2010/05/19 00:46:39 | 000,775,936 | ---- | C] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\drivers\BisonCam.sys [2010/05/19 00:46:39 | 000,077,942 | ---- | C] (Bison Inc.) -- C:\WINDOWS\System32\BisonRem.dll [2010/05/19 00:23:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\BisonCam [2010/05/18 22:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517 [2010/05/16 23:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Cyberlink [2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- D:\Meus Documentos\CyberLink [2010/05/16 23:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\CyberLink [2010/05/16 23:18:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\CyberLink [2010/05/16 23:18:20 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\CyberLink [2010/05/16 23:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Temp [2010/05/16 16:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\pdf995 [2010/05/16 16:06:28 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/05/16 16:06:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\pdf995 [2010/05/16 16:06:25 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\pdf995 [2010/05/16 14:56:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\WinXMedia [2010/05/16 00:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Ahead [2010/05/15 16:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Autodesk [2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Autodesk [2010/05/15 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Autodesk [2010/05/15 16:13:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ [2010/05/15 16:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs [2010/05/14 01:07:05 | 000,000,000 | ---D | C] -- D:\Meus Documentos\Elektro [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/05/26 22:51:50 | 000,477,654 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat [2010/05/26 22:51:50 | 000,435,258 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/05/26 22:51:50 | 000,082,790 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat [2010/05/26 22:51:50 | 000,069,446 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/05/26 22:51:49 | 001,077,902 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/05/26 22:50:31 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe [2010/05/26 22:47:34 | 000,001,030 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini [2010/05/26 22:47:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/26 22:47:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/26 22:39:34 | 002,883,584 | ---- | M] () -- C:\Documents and Settings\Administrador\ntuser.dat [2010/05/26 22:39:34 | 000,000,210 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini [2010/05/26 06:22:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/05/26 03:26:14 | 000,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/05/25 02:26:11 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk [2010/05/25 02:22:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/05/25 02:22:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/05/24 04:01:53 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010/05/24 03:46:06 | 000,005,982 | ---- | M] () -- C:\WINDOWS\System32\LOCALSERVICE.INI [2010/05/23 22:07:13 | 000,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/05/23 19:04:37 | 061,705,798 | ---- | M] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4 [2010/05/23 17:55:35 | 000,072,616 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [2010/05/23 16:15:23 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/22 23:59:48 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI [2010/05/22 23:51:51 | 000,000,106 | ---- | M] () -- C:\WINDOWS\System32\LOCALDEVICE.INI [2010/05/22 18:52:26 | 000,000,378 | ---- | M] () -- C:\WINDOWS\System32\SHORTCUT.INI [2010/05/22 18:34:57 | 000,000,032 | ---- | M] () -- C:\WINDOWS\0 [2010/05/22 18:34:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\BSPRINT.INI [2010/05/22 18:31:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\0 [2010/05/22 16:54:37 | 006,943,688 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db [2010/05/22 13:56:00 | 000,000,326 | RHS- | M] () -- C:\boot.ini [2010/05/22 13:46:54 | 003,693,801 | R--- | M] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe [2010/05/19 23:22:11 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/19 00:47:36 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk [2010/05/19 00:28:12 | 000,000,669 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/18 23:30:46 | 000,000,847 | ---- | M] () -- D:\Meus Documentos\My Sharing Folders.lnk [2010/05/18 01:53:02 | 000,000,406 | ---- | M] () -- D:\Meus Documentos\Minhas Pastas de Compartilhamento.lnk [2010/05/16 22:36:50 | 000,169,414 | ---- | M] () -- D:\Meus Documentos\10promo-csbrazucas.jpg [2010/05/16 16:20:30 | 000,005,778 | ---- | M] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf [2010/05/16 16:20:28 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv [2010/05/16 16:14:51 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini [2010/05/16 16:06:28 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll [2010/05/16 16:06:28 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/05/16 14:47:46 | 000,000,036 | -H-- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/05/26 06:21:48 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010/05/23 19:01:55 | 061,705,798 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\Rainbow Gummy Bear English Long.mp4 [2010/05/23 16:15:23 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/05/22 18:52:26 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI [2010/05/22 18:49:41 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI [2010/05/22 18:48:52 | 000,005,982 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI [2010/05/22 18:48:34 | 000,000,106 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI [2010/05/22 18:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI [2010/05/22 18:31:38 | 000,000,032 | ---- | C] () -- C:\WINDOWS\0 [2010/05/22 18:31:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\0 [2010/05/22 13:56:00 | 000,000,256 | ---- | C] () -- C:\Boot.bak [2010/05/22 13:55:58 | 000,261,856 | ---- | C] () -- C:\cmldr [2010/05/22 13:50:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/05/22 13:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/05/22 13:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/05/22 13:50:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/05/22 13:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/05/22 13:46:28 | 003,693,801 | R--- | C] () -- C:\Documents and Settings\Administrador\Desktop\ComboFix.exe [2010/05/22 13:36:51 | 000,002,519 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\HiJackThis.lnk [2010/05/19 00:47:42 | 000,003,210 | ---- | C] () -- C:\WINDOWS\DEXT2001.ini [2010/05/19 00:47:36 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Monitor.lnk [2010/05/19 00:46:40 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System\StillDrv.dll [2010/05/19 00:46:40 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M2000Twn.ini [2010/05/19 00:46:40 | 000,013,448 | ---- | C] () -- C:\WINDOWS\M2000Twn.src [2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20H0220.csr [2010/05/19 00:46:40 | 000,002,264 | ---- | C] () -- C:\WINDOWS\System\S20F0220.csr [2010/05/19 00:46:39 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System\BisonCam.dll [2010/05/19 00:46:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System\BisonVfw.dll [2010/05/18 22:45:40 | 000,000,847 | ---- | C] () -- D:\Meus Documentos\My Sharing Folders.lnk [2010/05/18 22:43:38 | 020,237,571 | ---- | C] () -- C:\Documents and Settings\Administrador\Desktop\MSN 8.5.1235.0517.rar [2010/05/16 22:36:50 | 000,169,414 | ---- | C] () -- D:\Meus Documentos\10promo-csbrazucas.jpg [2010/05/16 16:20:28 | 000,005,778 | ---- | C] () -- D:\Meus Documentos\HVAC - Heating Ventilation Air Conditioning.pdf [2010/05/16 16:14:51 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2010/05/16 16:06:28 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2010/05/16 16:06:28 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2010/05/16 14:47:46 | 000,000,036 | -H-- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\swk.ini [2010/04/22 10:20:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010/04/21 23:58:19 | 000,000,421 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/11/01 09:56:10 | 000,001,030 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini [2008/11/01 09:32:58 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll [2008/11/01 09:32:36 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll [2008/11/01 09:32:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll [2008/11/01 09:32:00 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll [2008/11/01 09:29:20 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll [2008/11/01 09:29:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll [2008/11/01 09:27:52 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll [2008/10/22 15:30:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll [2008/03/07 13:54:22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll [2007/09/27 14:48:10 | 000,014,100 | ---- | C] () -- C:\WINDOWS\twspmm.ini [2006/11/14 22:45:26 | 002,706,432 | ---- | C] () -- C:\WINDOWS\System32\s3gcil_inv.dll [2000/10/25 18:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004/08/04 00:45:22 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ERDNT\cache\eventlog.dll [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:20:28 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004/08/04 00:45:26 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ERDNT\cache\scecli.dll [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:20:42 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\sfcfiles.dll /s /md5 > [2004/08/04 00:45:28 | 001,548,288 | ---- | M] (Microsoft Corporation) MD5=1DD4FC7EEE3A45257528A34FDF7BC689 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll [2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll [2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll [2008/04/13 19:20:42 | 001,571,840 | ---- | M] (Microsoft Corporation) MD5=698F9583D1EB213B09F12DD5826A46E2 -- C:\WINDOWS\system32\sfcfiles.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004/08/04 00:45:26 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ERDNT\cache\netlogon.dll [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:20:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < End of report > - Extras.txt OTL Extras logfile created on: 26/5/2010 22:56:51 - Run 1 OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Administrador\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy 446,00 Mb Total Physical Memory | 224,00 Mb Available Physical Memory | 50,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): C:\pagefile.sys 672 1344 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas Drive C: | 9,77 Gb Total Space | 2,65 Gb Free Space | 27,08% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 0,96 Gb Free Space | 4,89% Space Free | Partition Type: NTFS Drive E: | 45,22 Gb Total Space | 13,97 Gb Free Space | 30,90% Space Free | Partition Type: NTFS Unable to calculate disk information. G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SEBASTIAN-NOTE Current User Name: Administrador Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- d:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Arquivos de programas\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "10976:TCP" = 10976:TCP:*:Enabled:Dreamule TCP "10986:UDP" = 10986:UDP:*:Enabled:Dreamule UDP "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 "443:TCP" = 443:TCP:*:Enabled:MSN TCP "443:UDP" = 443:UDP:*:Enabled:MSN UDP ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Arquivos de programas\MSN Messenger\msncall.exe" = C:\Arquivos de programas\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Arquivos de programas\uTorrent\uTorrent.exe" = D:\Arquivos de programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "D:\Arquivos de programas\DreaMule\emule.exe" = D:\Arquivos de programas\DreaMule\emule.exe:*:Enabled:Dreamule -- (http://www.dreamule.org) "C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11 "{0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2}" = Windows Live Essentials "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C9416-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam "{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live "{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01) "{590035D9-BFA0-406A-A7F0-479C72C0DDB2}" = Windows Live Call "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{81770338-86AE-4669-8390-DAD2A8E83E33}" = Bluesoleil 6.4.237.0 "{90110416-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edição 2003 "{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007 "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9ADC3E4F-34DA-48CD-8727-BB26D90257BD}" = Windows Live Messenger "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX "{BCF2CEFB-E23D-42EF-A5FA-F9ED2A085821}_is1" = CoolSMS 2.06 beta "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "aTube Catcher" = aTube Catcher "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DreaMule_is1" = DreaMule 3.2 "ie8" = Windows Internet Explorer 8 "InstallShield_{F11D6791-FBE8-4817-B5D4-D3191DDDCDC8}" = USB Video Camera "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Pdf995" = Pdf995 "ShockwaveFlash" = Macromedia Flash Player 8 "SMSERIAL" = Motorola SM56 Data Fax Modem "uTorrent" = µTorrent "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22/5/2010 04:08:06 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20 Description = Error - 22/5/2010 12:08:05 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20 Description = Error - 23/5/2010 15:32:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002 Description = Aplicativo com falha msmsgs.exe, versão 4.7.0.3001, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 23/5/2010 16:45:01 | Computer Name = SEBASTIAN-NOTE | Source = MsiInstaller | ID = 11904 Description = Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx failed to register. HRESULT -2147220473. Contact your support personnel. Error - 24/5/2010 09:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20 Description = Error - 24/5/2010 10:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20 Description = Error - 24/5/2010 11:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Google Update | ID = 20 Description = Error - 25/5/2010 01:14:27 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002 Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 25/5/2010 01:14:28 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002 Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. Error - 26/5/2010 21:31:38 | Computer Name = SEBASTIAN-NOTE | Source = Application Hang | ID = 1002 Description = Aplicativo com falha chrome.exe, versão 0.0.0.0, módulo com falha hungapp, versão 0.0.0.0, endereço com falha 0x00000000. [ System Events ] Error - 12/5/2010 18:45:56 | Computer Name = SEBASTIAN-NOTE | Source = NetBT | ID = 4307 Description = Falha na inicialização porque o transporte não abriu os Endereços iniciais. Error - 15/5/2010 22:37:27 | Computer Name = SEBASTIAN-NOTE | Source = ipnathlp | ID = 32003 Description = O conversor de endereços de rede (NAT) não pôde solicitar uma operação de módulo de conversão do modo do núcleo. Isso pode indicar uma configuração errada, recursos insuficientes ou erro interno. Os dados são o código de erro. < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 27, 2010 Boa Tarde! Zébástian <@> Execute o OTL.exe. <@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções :filesc:\windows\iun6002.exe :otl [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] :commands [resethosts] [purity] [emptyflash] [emptytemp] [Reboot] <@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar! <@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 28, 2010 Log do OTL All processes killed ========== FILES ========== c:\windows\iun6002.exe moved successfully. ========== OTL ========== C:\WINDOWS\002872_.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrador ->Flash cache emptied: 1663 bytes User: All Users User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrador ->Temp folder emptied: 2901937 bytes ->Temporary Internet Files folder emptied: 8069000 bytes ->FireFox cache emptied: 76334422 bytes ->Google Chrome cache emptied: 228163773 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 301,00 mb OTL by OldTimer - Version 3.2.5.0 log created on 05272010_232709 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Log do Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:48:17, on 27/5/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\USB Video Camera\Monitor.exe C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [sMSERIAL] C:\Arquivos de programas\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [btTray] "C:\Arquivos de programas\IVT Corporation\BlueSoleil\BtTray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Monitor.lnk = C:\Arquivos de programas\USB Video Camera\Monitor.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://D:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enviar por Bluetooth - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm O8 - Extra context menu item: Enviar por mensagem(&M)... - C:\Arquivos de programas\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D2740C35-F54D-4D6F-ABC1-BB5C420707A5}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe O23 - Service: BlueSoleilCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BlueSoleilCS.exe O23 - Service: BsHelpCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsHelpCS.exe O23 - Service: BsMobileCS - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BsMobileCS.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- End of file - 6255 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 28, 2010 Bom Dia! Zébástian <@> Desinstale,caso queira,o Malwarebytes. <@> Dê um duplo-clique no arquivo em destaque: <!> C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe <-- <@> Reinicie o computador,após a conclusão! 00000000000000000000 oooooooooooooooooooo <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. < > <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <@> Ou,vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\combofix" /uninstall <@> Clique OK. 00000000000000000000 oooooooooooooooooooo <@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! 00000000000000000000 oooooooooooooooooooo <!> Seus logs estão limpos! :) <!> Seu MSN,ainda está com problemas? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 28, 2010 Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa. Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página. Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers.. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 29, 2010 Agora o MSN está funfando tranquilo mas, como eu disse no post #5, tem alguns sites que eu ñ consigo acessar nem no IE8 nem no FF e no Chrome, ele demoooooooooora mas acessa. Ultimamente eu estava postando no FF e antes de postar este, eu limpei o cache do mesmo e após isto, não consegui acessar nem esta página. Outras páginas que eu não consigo acessar são: login do 4shared.com, rapidshare, login do google (incluindo orkut, mail etc). Estas e outras não consigo nos 2 browsers.. /////////////\\\\\\\\\\\\\\ Opa! Zébastian <!> Ps: Verifique se os problemas,com os navegadores,ocorreram ao instalar o BlueSoleil. <!> Se for o caso,pode desinstalar! 00000000000000000 ooooooooooooooooo <@> Baixe: < TuneUp Utilities 2010 > <@> Para baixar,digite o seu E-Mail e clique em Start download. <@> Salve o executável,TU2010TrialEN.exe,em Arquivos de Programas. <@> O programa é Trial! Mas...haverá tempo,para a otimização do computador. <@> Procure desfragmentar o Disco e Registro. <@> Otimize a navegação! 00000000000000000 <!> Seus logs estão limpos! <!> Análise encerrada! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Zébástian 0 Denunciar post Postado Maio 30, 2010 Meu, valew mesmo... Meu problema era mesmo o BlueSoleil... Agora ta rodando bem... E quanto ao TuneUp melhorou bem o desempenho do pc... Tópico encerrado c/ muito agradecimento...rs Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
