Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Joao Bezerra

[Resolvido!] Analise de Log

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Joao Bezerra    0

Joao Bezerra
Postado

Não estou conseguindo abrir o internet explorer nem o google chrome....penso que ha algum elemento malicioso no meu computador, ajudem me por favor...o que devo fazer, deixo aqui o meu log para que me possam ajudar:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:07:16, on 09-06-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Intel\Wireless\Bin\EvtEng.exe

C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

C:\Programas\AVG\AVG9\avgchsvx.exe

C:\Programas\AVG\AVG9\avgrsx.exe

C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

C:\Programas\AVG\AVG9\avgwdsvc.exe

C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

C:\Programas\AVG\AVG9\avgnsx.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programas\Intel\Wireless\Bin\EOUWiz.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\igfxext.exe

C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe

C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\regedit.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\system32\msiexec.exe

C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

 

--

End of file - 12696 bytes

 

 

Obrigado

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Baixe o Malwarebytes dê um destes locais abaixo:

Link 1

Link 2

 

-- Salve o programa no seu Desktop (área de trabalho)

 

• Dê um duplo clique no programa para executá-lo.

• Atualize o programa Malwarebytes.

• Escolha a Verificação Completa (Tenha paciência, é um pouco demorado)

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

• Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.

• Lembrando que, se algo for detectado, clique no botão remover para remoção. (Importante).

• O log do programa será aberto automaticamente para você.

• Poste-o na sua próxima resposta juntamente com um novo log do hijackThis.

Ps:. Em computadores muitos infectados, a ferramenta a informa uma opção informando que o computador deve ser reiniciado, por favor. Faça-o imediatamente.

 

• Baixe:OTL.exe

• Salve-o no desktop!

 

OTLI-scan.png

 

• Segundo a imagem, mude a opção em "Output" para "Minimal Output".

• Duplo-clique em OTL.exe --> Marque a opção "Scan All Users".

• Marque as caixas:

 

-- [] LOP check e [] Purity check

 

• Clique em: runscanbutton.png e aguarde.

• Poste:

 

1) OTL.txt <-- <3>

2) Extra.txt <--

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da base de dados: 4183

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

09-06-2010 20:39:03

mbam-log-2010-06-09 (20-39-03).txt

 

Tipo de pesquisa: Completa (C:\|D:\|E:\|)

Objectos verificados: 272022

Tempo decorrido: 1 hora(s), 16 minuto(s), 9 segundo(s)

 

Processos de memória infectados: 0

módulos de Memória infectados: 0

Chaves do Registo Infectadas: 2

Valores do Registo infectados: 0

Itens de dados do Registo Infectados: 0

Pastas Infectadas: 0

Ficheiros Infectados: 3

 

Processos de memória infectados:

(Nenhum item malicioso detectado)

 

módulos de Memória infectados:

(Nenhum item malicioso detectado)

 

Chaves do Registo Infectadas:

HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\V71IQL7HI7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

 

Valores do Registo infectados:

(Nenhum item malicioso detectado)

 

Itens de dados do Registo Infectados:

(Nenhum item malicioso detectado)

 

Pastas Infectadas:

(Nenhum item malicioso detectado)

 

Ficheiros Infectados:

C:\CryptLoad_1.1.6\ocr\netload.in\asmCaptcha\test.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\CryptLoad_1.1.6\router\FRITZ!Box\nc.exe (PUP.KeyLogger) -> Quarantined and deleted successfully.

C:\WINDOWS\Ifetaa.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.

 

__________________________________________________________________________________________________________________________________________

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:40:13, on 09-06-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Intel\Wireless\Bin\EvtEng.exe

C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

C:\Programas\AVG\AVG9\avgchsvx.exe

C:\Programas\AVG\AVG9\avgrsx.exe

C:\Programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

C:\Programas\AVG\AVG9\avgwdsvc.exe

C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

C:\Programas\AVG\AVG9\avgnsx.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programas\Intel\Wireless\Bin\EOUWiz.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\WINDOWS\system32\igfxext.exe

C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe

C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\Programas\Windows Live\Contacts\wlcomm.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe

C:\Programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe

C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [PC-Checkup] "C:\PC-Checkup\PCCheckUp.exe" -mini

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

 

--

End of file - 13030 bytes

 

____________________________________________________________________________________________________

 

 

OTL logfile created on: 09-06-2010 20:40:48 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\João Bezerra\Ambiente de trabalho

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas

Drive C: | 48,94 Gb Total Space | 5,66 Gb Free Space | 11,56% Space Free | Partition Type: NTFS

Drive D: | 48,15 Gb Total Space | 6,35 Gb Free Space | 13,19% Space Free | Partition Type: NTFS

Drive E: | 14,69 Gb Total Space | 7,11 Gb Free Space | 48,39% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: 9116B118D86A470

Current User Name: João Bezerra

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe (OldTimer Tools)

PRC - C:\Programas\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe ()

PRC - C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe ()

PRC - C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Documents and Settings\João Bezerra\Definições locais\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Programas\Ficheiros comuns\eMail ID\Launcher.exe ()

PRC - C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe (BinarySense, Inc.)

PRC - C:\Programas\Launch Manager\LManager.exe (Dritek System Inc.)

PRC - C:\Programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

PRC - C:\Programas\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)

PRC - C:\Programas\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)

PRC - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Programas\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)

PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)

PRC - C:\Programas\ESRI\License\arcgis9x\ARCGIS.EXE ()

PRC - C:\Programas\ESRI\License\arcgis9x\lmgrd.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\atsec6.dll ()

MOD - C:\Programas\eMail ID\OEAddOn\OEldr_7.dll ()

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (wpasvc) -- File not found

SRV - (avg9wd) -- C:\Programas\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (IconixService) -- C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe ()

SRV - (Lavasoft Ad-Aware Service) -- C:\Programas\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (odserv) -- C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (HDDlife HDD Access service) -- C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe (BinarySense, Inc.)

SRV - (rcp_service) -- C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe (ReaSoft)

SRV - (LVSrvLauncher) -- C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (ose) -- C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Programas\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) Intel® -- C:\Programas\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) Intel® -- C:\Programas\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)

SRV - (ArcGIS License Manager) -- C:\Programas\ESRI\License\arcgis9x\lmgrd.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (NETw5x32) Controlador da placa Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)

DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)

DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)

DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)

DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)

DRV - (Sentinel) -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS (Rainbow Technologies, Inc.)

DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE8ENUS01/107

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Web Search"

FF - prefs.js..browser.search.order.1: "Web Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {1253D21B-263B-1843-275C-1726DA8B2A12}:3.90.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programas\AVG\AVG9\Firefox [2010-06-07 03:12:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programas\Mozilla Firefox\components [2010-04-16 18:20:16 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programas\Mozilla Firefox\plugins [2010-06-08 11:53:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Programas\Mozilla Thunderbird\components [2009-09-29 12:29:46 | 000,000,000 | ---D | M]

 

[2008-12-23 15:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Extensions

[2010-06-09 03:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions

[2009-07-27 18:10:27 | 000,000,000 | ---D | M] (Fast Video Download) -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

[2009-11-20 00:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\mozilla\Firefox\Profiles\sg82wdzy.default\extensions\firefox@tvunetworks.com

[2010-06-09 03:43:21 | 000,000,000 | ---D | M] -- C:\Programas\Mozilla Firefox\extensions

[2010-03-14 17:08:26 | 000,000,000 | ---D | M] (Iconix) -- C:\Programas\Mozilla Firefox\extensions\{1253D21B-263B-1843-275C-1726DA8B2A12}

[2010-06-08 11:53:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2008-09-04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npbittorrent.dll

[2010-06-08 11:52:28 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Mozilla Firefox\plugins\npdeployJava1.dll

[2010-03-14 17:08:22 | 000,195,928 | ---- | M] () -- C:\Programas\Mozilla Firefox\plugins\npIconixProxy36.dll

[2010-03-13 14:29:27 | 000,001,525 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010-03-13 14:29:27 | 000,001,529 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\priberam.xml

[2010-03-13 14:29:27 | 000,002,071 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\sapo.xml

[2009-12-09 10:46:54 | 000,000,832 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\WebSearch.xml

[2010-03-13 14:29:27 | 000,000,942 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\wikipedia-ptpt.xml

[2010-03-13 14:29:27 | 000,000,648 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

[2009-11-20 00:28:36 | 000,002,380 | ---- | M] () -- C:\Programas\Mozilla Firefox\searchplugins\zwunzi127.xml

 

O1 HOSTS File: ([2010-06-08 19:55:14 | 000,403,742 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 13964 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (IconixBHOClass Class) - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()

O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [EOUApp] C:\Programas\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)

O4 - HKLM..\Run: [iconixOEAddOn] C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe ()

O4 - HKLM..\Run: [intelZeroConfig] C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)

O4 - HKLM..\Run: [LManager] C:\Programas\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PC-Checkup] C:\PC-Checkup\PCCheckUp.exe (MicroSmarts LLC.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra 'Tools' menuitem : Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll ()

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} http://pt.powerchallenge.com/applet/PowerLoader.cab (PowerLoader Class)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab (WScanCtl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.113.164.58 212.113.164.51 212.113.164.50

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll (BinarySense, Inc.)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programas\Ficheiros comuns\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programas\Ficheiros comuns\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - logonui.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - WlNotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - wlnotify.dll (Microsoft Corporation)

O24 - Desktop Components:0 (A minha home page actual) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programas\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - msnsspc.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008-12-23 15:08:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\Shell\Auto\command - "" = AdobeR.exe e

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: javatupn - (C:\WINDOWS\system32\atsec6.dll) - C:\WINDOWS\system32\atsec6.dll ()

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010-06-09 20:39:17 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe

[2010-06-09 17:50:38 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\mbam-setup-1.46.exe

[2010-06-09 02:10:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010-06-09 02:06:34 | 000,000,000 | ---D | C] -- C:\Programas\Hijackthis

[2010-06-09 01:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2

[2010-06-09 01:37:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010-06-09 01:36:50 | 000,000,000 | ---D | C] -- C:\Programas\Bing Bar Installer

[2010-06-08 19:11:15 | 000,000,000 | ---D | C] -- C:\Programas\Thoosje

[2010-06-08 19:08:04 | 000,000,000 | ---D | C] -- C:\PC-Checkup

[2010-06-08 19:07:44 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll

[2010-06-08 19:07:43 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll

[2010-06-08 19:07:43 | 000,000,000 | ---D | C] -- C:\Programas\AML Products

[2010-06-08 18:50:08 | 000,000,000 | ---D | C] -- C:\Programas\Unlocker

[2010-06-08 11:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010-06-08 11:54:06 | 000,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Java

[2010-06-08 11:53:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010-06-08 11:53:19 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010-06-08 11:53:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010-06-08 11:53:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010-06-08 11:53:19 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010-06-08 11:37:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\João Bezerra\Recent

[2010-06-08 00:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\João Bezerra\Application Data\AF3F9D4DCC3A3BF7A5AA2FD913D1AA1B

[2010-06-01 19:20:01 | 000,000,000 | ---D | C] -- C:\Programas\K-Lite Codec Pack

[2010-05-30 16:22:28 | 000,000,000 | ---D | C] -- C:\Programas\bet-at-home.com Poker

[2010-05-28 01:58:43 | 000,000,000 | ---D | C] -- C:\BTNext

[2010-05-28 01:52:16 | 000,000,000 | ---D | C] -- C:\Programas\BTNext Evolution

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010-06-09 20:39:20 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\OTL.exe

[2010-06-09 19:52:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010-06-09 19:26:33 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010-06-09 18:41:37 | 060,860,587 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010-06-09 17:52:44 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk

[2010-06-09 17:51:34 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\mbam-setup-1.46.exe

[2010-06-09 17:43:57 | 013,107,200 | -H-- | M] () -- C:\Documents and Settings\João Bezerra\NTUSER.DAT

[2010-06-09 14:25:10 | 000,001,034 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010-06-09 12:12:37 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job

[2010-06-09 02:06:35 | 000,002,012 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\HiJackThis.lnk

[2010-06-09 01:43:14 | 000,097,112 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\GDIPFONTCACHEV1.DAT

[2010-06-09 01:42:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010-06-09 01:41:50 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010-06-09 01:41:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010-06-09 01:41:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010-06-09 01:40:35 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\João Bezerra\ntuser.ini

[2010-06-09 01:31:44 | 000,323,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010-06-09 01:29:48 | 012,931,872 | -H-- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\IconCache.db

[2010-06-08 19:55:14 | 000,403,742 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010-06-08 19:24:58 | 000,017,608 | ---- | M] () -- C:\cc_20081230_204348.reg

[2010-06-08 19:24:17 | 000,004,507 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010-06-08 19:23:55 | 000,486,748 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2010-06-08 19:23:55 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010-06-08 19:23:55 | 000,083,210 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2010-06-08 19:23:54 | 001,086,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010-06-08 19:23:54 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010-06-08 19:07:52 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe

[2010-06-08 18:55:26 | 000,000,284 | ---- | M] () -- C:\WINDOWS\reimage.ini

[2010-06-08 11:52:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010-06-08 11:52:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010-06-08 11:52:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010-06-08 11:52:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010-06-08 11:52:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010-06-08 00:01:20 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\opujnmbnymjuhppi.exe

[2010-06-07 23:53:36 | 000,046,592 | -H-- | M] () -- C:\WINDOWS\System32\atsec6.dll

[2010-06-07 20:59:57 | 000,122,922 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aposta.JPG

[2010-06-03 08:53:03 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2010-06-03 08:53:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2010-06-01 19:13:07 | 038,166,528 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\00076.MTS

[2010-06-01 11:21:07 | 000,098,221 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\PS1026_3,jpg.jpg

[2010-05-31 01:22:34 | 010,854,027 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\bt_up_by_RedFire.rar

[2010-05-31 01:13:45 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-05-28 01:52:18 | 000,001,568 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\BTNext Evolution.lnk

[2010-05-25 03:16:35 | 003,675,619 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Neutron Star Collision.mp3

[2010-05-20 03:07:43 | 687,147,180 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 10.5.2010.avi

[2010-05-20 02:12:30 | 774,643,800 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 3.05.2010.avi

[2010-05-19 14:42:36 | 658,829,098 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 26.04.2010.avi

[2010-05-19 12:31:35 | 664,475,026 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Programa 45 minutos 19.04.2010.avi

[2010-05-19 04:40:08 | 706,305,548 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45Minutos 17.5.2010.avi

[2010-05-19 04:31:14 | 000,049,424 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aae.jpg

[2010-05-14 00:09:08 | 000,099,647 | ---- | M] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\campw.png

[2010-05-12 18:58:55 | 000,001,887 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Google Earth.lnk

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010-06-09 02:06:35 | 000,002,012 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\HiJackThis.lnk

[2010-06-08 18:55:06 | 000,000,284 | ---- | C] () -- C:\WINDOWS\reimage.ini

[2010-06-08 12:11:30 | 000,004,507 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010-06-08 00:01:20 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\opujnmbnymjuhppi.exe

[2010-06-07 23:53:36 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\atsec6.dll

[2010-06-07 20:59:57 | 000,122,922 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aposta.JPG

[2010-06-01 19:20:04 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2010-06-01 19:08:01 | 038,166,528 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\00076.MTS

[2010-06-01 11:21:06 | 000,098,221 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\PS1026_3,jpg.jpg

[2010-05-31 01:21:55 | 010,854,027 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\bt_up_by_RedFire.rar

[2010-05-28 01:52:18 | 000,001,568 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\BTNext Evolution.lnk

[2010-05-24 02:02:14 | 003,675,619 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Neutron Star Collision.mp3

[2010-05-20 02:20:07 | 687,147,180 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 10.5.2010.avi

[2010-05-20 00:30:43 | 774,643,800 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 3.05.2010.avi

[2010-05-19 12:39:15 | 658,829,098 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45 minutos 26.04.2010.avi

[2010-05-19 11:40:57 | 664,475,026 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\Programa 45 minutos 19.04.2010.avi

[2010-05-19 04:31:14 | 000,049,424 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\aae.jpg

[2010-05-19 03:48:49 | 706,305,548 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\45Minutos 17.5.2010.avi

[2010-05-14 00:09:03 | 000,099,647 | ---- | C] () -- C:\Documents and Settings\João Bezerra\Ambiente de trabalho\campw.png

[2010-05-12 18:58:55 | 000,001,887 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Google Earth.lnk

[2009-12-15 01:17:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2009-11-25 02:53:47 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll

[2009-09-25 01:31:37 | 000,004,426 | ---- | C] () -- C:\WINDOWS\sb30.ini

[2009-06-29 22:33:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\DirectionsUI.INI

[2009-06-29 22:33:40 | 000,000,043 | ---- | C] () -- C:\WINDOWS\NetworkAnalystUI.INI

[2009-06-23 02:29:52 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009-06-22 19:18:45 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfmonnt.dll

[2009-06-22 19:18:26 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psconv.ini

[2009-06-17 22:46:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2009-06-16 16:09:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll

[2009-06-16 16:09:18 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll

[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll

[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll

[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll

[2009-06-16 16:09:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll

[2009-06-16 16:06:16 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll

[2009-06-16 16:06:16 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll

[2009-04-01 00:49:24 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll

[2009-04-01 00:49:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll

[2009-03-25 05:20:10 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini

[2009-03-12 15:49:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED92Euro.ini

[2009-03-04 22:56:16 | 000,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009-02-10 17:09:21 | 000,000,326 | ---- | C] () -- C:\WINDOWS\pdf2word.INI

[2009-01-28 22:51:27 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2009-01-28 22:51:27 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2008-12-29 19:12:14 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008-12-23 18:37:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2008-12-23 15:30:11 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll

[2008-12-23 15:08:37 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2008-05-26 23:23:02 | 000,016,742 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008-05-26 23:23:00 | 000,023,232 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008-05-26 23:22:58 | 000,015,892 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2006-05-16 07:25:43 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[1997-06-25 14:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

 

========== LOP Check ==========

 

[2009-04-02 04:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Application Data\eMail ID

[2009-07-15 01:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Admin Inter 1 Mags

[2010-04-30 04:01:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software

[2009-10-28 04:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2010-05-30 16:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boss Media

[2009-08-17 20:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CardPlayer

[2009-04-08 03:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eMail ID

[2009-03-12 15:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009-04-01 00:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI

[2009-01-19 17:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

[2010-06-09 01:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MessengerDiscovery 2

[2009-05-08 20:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS

[2009-05-08 20:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming

[2009-03-04 22:44:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments

[2009-03-25 04:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters

[2009-10-15 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive

[2010-06-09 01:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2009-03-04 22:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3689B77C-90FA-4663-91AB-5AB34383CD81}

[2009-04-01 19:24:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}

[2009-01-28 23:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\2K Sports

[2010-06-08 00:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\AF3F9D4DCC3A3BF7A5AA2FD913D1AA1B

[2009-01-12 01:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BinarySense

[2009-03-31 04:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BitDefender Deployment Tool

[2010-04-05 03:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\BitTorrent

[2009-04-01 02:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008-12-29 19:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\DAEMON Tools

[2008-12-23 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\DNA

[2010-01-24 14:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Dropbox

[2009-03-30 19:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\eMail ID

[2009-06-29 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\ESRI

[2009-12-03 03:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\gtk-2.0

[2009-04-08 17:39:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Image Zone Express

[2009-02-02 23:28:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\ImgBurn

[2009-09-29 03:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Inkscape

[2009-11-26 00:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\IObit

[2009-01-02 17:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Leadertech

[2010-06-09 01:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\MessengerDiscovery 2

[2010-05-29 18:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Microgaming

[2009-02-04 02:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Nvu

[2009-01-22 02:40:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\PowerChallenge

[2009-05-31 23:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Pro Cycling Manager 2007

[2010-05-02 17:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\RCP 5

[2009-04-01 19:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Safer Networking

[2010-01-02 15:17:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\SecondLife

[2009-10-30 21:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Sports Interactive

[2010-05-02 17:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Summitsoft

[2009-01-21 20:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\TeamViewer

[2010-06-08 18:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\TeraCopy

[2009-09-29 12:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Thunderbird

[2010-06-08 18:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Uniblue

[2009-04-07 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\VoipBuster

[2010-02-10 01:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\VoipStunt

[2009-07-01 03:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Web Page Maker

[2009-01-08 16:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Windows Desktop Search

[2009-01-08 16:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\João Bezerra\Application Data\Windows Search

[2010-06-09 19:26:33 | 000,000,474 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2010-06-09 12:12:37 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2BE9FEFC

< End of report >

 

_______________________________________________________________________________________________________________________--

 

 

OTL Extras logfile created on: 09-06-2010 20:40:48 - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\João Bezerra\Ambiente de trabalho

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free

5,00 Gb Paging File | 4,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas

Drive C: | 48,94 Gb Total Space | 5,66 Gb Free Space | 11,56% Space Free | Partition Type: NTFS

Drive D: | 48,15 Gb Total Space | 6,35 Gb Free Space | 13,19% Space Free | Partition Type: NTFS

Drive E: | 14,69 Gb Total Space | 7,11 Gb Free Space | 48,39% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: 9116B118D86A470

Current User Name: João Bezerra

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.js [@ = JSFile] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

jsfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programas\Mozilla Firefox\firefox.exe" = C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)

"C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\João Bezerra\Definições locais\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- File not found

"C:\Programas\Bit Torrent\BitTorrent.exe" = C:\Programas\Bit Torrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Consola de gestão da Microsoft -- (Microsoft Corporation)

"C:\Programas\Sports Interactive\Football Manager 2010\fm.exe" = C:\Programas\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)

"C:\Programas\TeamViewer\Version4\TeamViewer.exe" = C:\Programas\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Aplicação de controle remoto TeamViewer -- (TeamViewer GmbH)

"C:\Programas\SecondLife\SLVoice.exe" = C:\Programas\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()

"C:\Documents and Settings\João Bezerra\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\João Bezerra\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()

"C:\Programas\Poker Clock\PokerClock.exe" = C:\Programas\Poker Clock\PokerClock.exe:*:Enabled:PokerClock -- ()

"C:\Programas\Java\jre6\bin\java.exe" = C:\Programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Programas\8BallClub\GameDirector.exe" = C:\Programas\8BallClub\GameDirector.exe:*:Enabled:8BallClub Game -- ()

"C:\Programas\BTNext Evolution\BTNext.exe" = C:\Programas\BTNext Evolution\BTNext.exe:*:Enabled:BT Next -- ()

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{043FF26B-56EE-4BFC-93EA-5661C6051B65}" = AdtvSoft 1.1a

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar

"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView

"{0F79C1B2-36B2-4B62-8221-42721CF54638}" = Acer OrbiCam Application

"{1099EEAB-C4BC-4F66-980F-2269856A71CD}" = Native Instruments Traktor

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme

"{20B05668-C9F0-4469-AEF4-14DF41D6ACB6}" = Windows Live Messenger

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}" = Assistente de Início de Sessão do Windows Live

"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21

"{350C9816-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision

"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software

"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA

"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0

"{40F8FD5F-4701-48D6-A8FC-1F188007DF38}" = ArcGIS Desktop

"{418001D0-F48E-4910-966C-0DCCC996A87A}" = Windows Live Call

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{471F79CC-41F5-458F-B768-7F687F97B6EC}" = SPSS 15.0 para Windows

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant

"{50CEA963-2745-46A8-BE71-767F2B36FEF2}" = Windows Live Essentials

"{5DDE08CC-57E4-4CC9-879C-DD933A50FD65}" = Poker Clock 2.1

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{868F24EB-5CA7-4285-B39B-3617CF37462A}" = D2300_Help

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{90120000-0010-0816-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Portugal)) 12

"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007

"{90120000-0015-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007

"{90120000-0016-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007

"{90120000-0018-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007

"{90120000-0019-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007

"{90120000-001A-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007

"{90120000-001B-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007

"{90120000-001F-0816-0000-0000000FF1CE}_ENTERPRISE_{C312E1CD-EC19-4270-A072-F36F634DFF79}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007

"{90120000-0044-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007

"{90120000-006E-0816-0000-0000000FF1CE}_ENTERPRISE_{A8523DA4-5563-4F0E-BD9D-4E4CC3CF7239}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007

"{90120000-00A1-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007

"{90120000-00BA-0816-0000-0000000FF1CE}_ENTERPRISE_{C2EC91A8-CC39-45F7-9E46-62B85ADF9DF5}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz

"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.2 - Português

"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext

"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU

"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0

"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter

"{CC147B6B-B7EB-46AC-8649-A7DA3A76B0EC}" = BitDefender Deployment Tool

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D297A783-A680-4FDB-8882-913EBA36ABC5}" = D2300

"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software (ptb)

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{E81D9FF6-B45F-4DD4-9673-86B08AF6F705}" = HDDlife Pro 3.1

"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator

"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F02598C2-2A5F-4593-8F09-439F3317B2C8}" = Sentinel System Driver 5.42.1 (32-bit)

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2

"{F2B5A2A7-2DF9-4361-8BD5-362714528B51}" = NHL® 09

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi

"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FFFDEC7F-B24F-4C40-8639-7702671B8D67}_is1" = NS Virtual DJ 6.0 Full

"8BallClub" = 8BallClub Billiards

"AcerOrbiCamDrv" = Driver da Acer Camera

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"ArcGIS License Manager" = ArcGIS License Manager

"AVG9Uninstall" = AVG Free 9.0

"BA7C3E474BCC2DD6360ACAFC7E9C0F9C7E2B96EB" = Windows Driver Package - Intel (w39n51) net (04/04/2006 10.1.1.3)

"bet365poker" = Poker at bet365

"bet-at-home.com Poker" = bet-at-home.com Poker

"BetClic Poker" = BetClic Poker

"BlueVoda_Website_Builder_1.0" = BlueVoda Website Builder 10.2

"BTNext Evolution" = BTNext Evolution

"Cake Poker" = Cake Poker

"CamStudio" = CamStudio

"CCleaner" = CCleaner (remove only)

"ENTERPRISE" = Microsoft Office Enterprise 2007

"Everest Poker" = Everest Poker (Remove Only)

"F785D6B63FDA08F811F56F84F831B3E291B7129A" = Windows Driver Package - Intel (w29n51) net (04/05/2006 9.0.4.13)

"Football Manager 2010" = Football Manager 2010

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"Free PS Convert driver_is1" = Free PS Convert driver 8.15

"Free YouTube Download_is1" = Free YouTube Download 2.2

"Google Updater" = Google Updater

"HijackThis" = HijackThis 1.99.1

"HP Imaging Device Functions" = HP Imaging Device Functions 7.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0

"HPExtendedCapabilities" = HP Customer Participation Program 7.0

"ie8" = Windows Internet Explorer 8

"ImgBurn" = ImgBurn

"Inkscape" = Inkscape 0.46

"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6

"Interwetten Poker_is1" = Interwetten Poker

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.0 (Basic)

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mansion Poker" = MansionPoker

"McAfee Security Scan" = McAfee Security Scan

"Messenger Plus! Live" = Messenger Plus! Live

"MessengerDiscovery 2.1_is1" = MessengerDiscovery 2.1.79

"MessengerDiscovery_is1" = MessengerDiscovery 2.5.95

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)

"Native Instruments Traktor" = Native Instruments Traktor

"Nvu_is1" = Nvu 1.0

"opujnmbnymjuhppi" = Performance Platform Voguecash

"PartyPoker" = PartyPoker

"PC-Checkup" = PC-Checkup

"PKR" = PKR

"Poker 770" = Poker 770

"PokerStars" = PokerStars

"PowerDraw V30" = PowerDraw V30

"ProInst" = Software do Intel® PROSet/Wireless

"Python 2.1" = Python 2.1

"Python 2.1 combined Win32 extensions" = Python 2.1 combined Win32 extensions

"ReaConverter 5.5 Pro_is1" = ReaConverter 5.5 Pro

"RealPlayer 6.0" = RealPlayer

"Recuva" = Recuva (remove only)

"SecondLife" = SecondLife (remove only)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TeamViewer 4" = TeamViewer 4

"TeraCopy_is1" = TeraCopy 1.22

"Thoosje Windows XP Quick Optimizer" = Thoosje Windows XP Quick Optimizer

"Trend Micro eMail ID" = Trend Micro™ eMail ID

"unibetpoker (Poker)" = Unibet

"Uninstall_is1" = Uninstall 1.0.0.1

"Universal Document Converter_is1" = Universal Document Converter

"Unlocker" = Unlocker 1.8.9

"Veetle TV" = Veetle TV 0.9.17

"VeryPDF PDF2Word v2.0_is1" = VeryPDF PDF2Word v2.0

"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

"VoipStunt_is1" = VoipStunt

"Web Page Maker_is1" = Web Page Maker V3.12

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

"Dropbox" = Dropbox

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 08-06-2010 14:20:20 | Computer Name = 9116B118D86A470 | Source = Application Error | ID = 1000

Description = Aplicação em falha startup.exe, versão 4.0.0.0, módulo em falha unknown,

versão 0.0.0.0, endereço em falha 0x022e5690.

 

Error - 08-06-2010 20:32:02 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041

Description = Não é possível ao Windows consultar a entrada de registo DllName de

{7B849a69-220F-451E-B3FE-2CB811AF94AE}, pelo que não será carregada. O mais provável

é que esta situação tenha sido provocada por um registo com erros.

 

Error - 08-06-2010 20:32:02 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041

Description = Não é possível ao Windows consultar a entrada de registo DllName de

{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, pelo que não será carregada. O mais provável

é que esta situação tenha sido provocada por um registo com erros.

 

Error - 08-06-2010 20:32:07 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041

Description = Não é possível ao Windows consultar a entrada de registo DllName de

{7B849a69-220F-451E-B3FE-2CB811AF94AE}, pelo que não será carregada. O mais provável

é que esta situação tenha sido provocada por um registo com erros.

 

Error - 08-06-2010 20:32:07 | Computer Name = 9116B118D86A470 | Source = Userenv | ID = 1041

Description = Não é possível ao Windows consultar a entrada de registo DllName de

{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}, pelo que não será carregada. O mais provável

é que esta situação tenha sido provocada por um registo com erros.

 

Error - 08-06-2010 20:32:34 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3038

Description = O colector não consegue ler o registo DocIdMapFile. Contexto: Aplicação

, Catálogo SystemIndex Detalhes: O sistema não conseguiu localizar o ficheiro especificado.

(0x80070002)

 

Error - 08-06-2010 20:32:40 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3028

Description = Não foi possível inicializar o objecto do colector. Contexto: Aplicação

Windows, Catálogo SystemIndex Detalhes: Não é possível ler o valor do registo porque

a configuração é inválida. Recrie a configuração do índice de conteúdos removendo

o índice de conteúdos. (0x80040d03)

 

Error - 08-06-2010 20:32:40 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3058

Description = Não foi possível inicializar a aplicação. Contexto: Aplicação Windows

 

Detalhes:

Não

é possível ler o valor do registo porque a configuração é inválida. Recrie a configuração

do índice de conteúdos removendo o índice de conteúdos. (0x80040d03)

 

Error - 08-06-2010 20:40:17 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3083

Description = Não é possível carregar a rotina de tratamento de protocolos IEPH.HistoryHandler.

Descrição do erro: O sistema não conseguiu localizar o ficheiro especificado.

.

 

Error - 08-06-2010 20:40:17 | Computer Name = 9116B118D86A470 | Source = Windows Search Service | ID = 3083

Description = Não é possível carregar a rotina de tratamento de protocolos IEPH.RSSHandler.

Descrição do erro: MAPI: falha no início de sessão. .

 

[ OSession Events ]

Error - 17-06-2009 18:13:14 | Computer Name = 9116B118D86A470 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6

seconds with 0 seconds of active time. This session ended with a crash.

 

Error - 16-07-2009 10:31:25 | Computer Name = 9116B118D86A470 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 72

seconds with 0 seconds of active time. This session ended with a crash.

 

[ System Events ]

Error - 08-06-2010 7:03:09 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7026

Description = Falhou o carregamento dos seguintes controladores de início de arranque

ou de início do sistema: sptd

 

Error - 08-06-2010 7:34:44 | Computer Name = 9116B118D86A470 | Source = Dhcp | ID = 1001

Description = A rede não atribuiu um endereço ao computador (através do servidor

DHCP)

para a placa de rede com o endereço de rede 0019D2090D7B. Ocorreu o seguinte erro:

%%1223. O computador continuará a tentar obter um endereço por si só a partir do

servidor de endereços de rede (DHCP).

 

Error - 08-06-2010 13:30:23 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010

Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado

no DCOM dentro do tempo de espera requerido.

 

Error - 08-06-2010 13:30:53 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010

Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado

no DCOM dentro do tempo de espera requerido.

 

Error - 08-06-2010 14:23:21 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010

Description = O servidor {0002DF01-0000-0000-C000-000000000046} não foi registado

no DCOM dentro do tempo de espera requerido.

 

Error - 08-06-2010 20:30:21 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10010

Description = O servidor {C2BFE331-6739-4270-86C9-493D9A04CD38} não foi registado

no DCOM dentro do tempo de espera requerido.

 

Error - 08-06-2010 20:33:01 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7024

Description = O serviço Windows Search terminou com o erro específico do serviço

2147749155 (0x80040D23).

 

Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = DCOM | ID = 10005

Description = O DCOM obteve o erro "%1053" ao tentar iniciar o serviço WSearch com

os argumentos "" de forma a executar o servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

 

Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7009

Description = Tempo de espera esgotado (30000 milissegundos) a aguardar pela ligação

do serviço Windows Search.

 

Error - 08-06-2010 20:33:02 | Computer Name = 9116B118D86A470 | Source = Service Control Manager | ID = 7000

Description = O serviço Windows Search falhou o arranque devido ao seguinte erro:

%%1053

 

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

• Execute o OTL.exe.

• Copie estas informações que estão no Quote, para o campo clipboard da ferramenta. ( Custom Scans/Fixes )

 

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found

O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found

O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found

O33 - MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\Shell\Auto\command - "" = AdobeR.exe e

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp files -> C:\Documents and Settings\João Bezerra\Definições locais\Application Data\*.tmp -> ]

 

:Commands

[resethosts]

[purity]

[emptytemp]

[Reboot]

 

• Clique no botão Run Fix --> Aguarde a conclusão!

• Terminando,vá até a pasta: C:\_OTL\MovedFiles\*.log <-- Poste!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\nltide_2 deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42245deb-a8ff-11de-bbbd-000000000000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42245deb-a8ff-11de-bbbd-000000000000}\ not found.

File AdobeR.exe e not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.31E96541_5977_446A_9397_22DA57E04BAB.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.3670E45E_F597_44DC_8445_B30B72AC1FA3.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6F92E03F_40CE_4760_8D0B_B2B9EECCBF83.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.6FDD6204_04EF_488E_9610_5FD5A46BDE30.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.D44510BD_E8D6_49AE_B888_112D87C9C161.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.00572D8A_1A73_4E5D_A46B_6EFDE691C218.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.12F9FD19_1994_419B_9C84_B3BF45693899.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.1B52089C_6701_42A0_89CA_7B933A931DF3.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2AD90733_4466_4DD1_AAC2_2D483DAB8FE4.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.2C086B75_55FC_4C05_AB40_BB3EB84F6328.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.43C5331B_E676_43FF_8FC2_B4819B909B85.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4613DC68_CB36_4D11_BCBF_4E57372A7F0A.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.492EDA4F_0AD5_48E5_9EA0_89E62AA41E2F.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.4E827EA0_9C9A_4D1B_81C3_76489B68A99A.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5E812FC8_5D2C_4762_90FD_969FA3D8E5B3.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.5FB79635_0941_43C8_9A50_81BF9B954BA6.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.690902FB_CE2B_4E0F_879D_F1EC8A0BBEA7.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E5A7B86_D068_47A0_8520_EF28243DDB8F.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.6E6707B2_B726_47AC_AF34_064D79BFE936.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.7DE6324D_42A7_41B1_968A_DEB2B22A4545.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.93C233A4_2586_44C9_AD8C_A050FA91D51E.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9E0FE730_F4A9_4210_B551_5B2DA66F162E.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.9F9E7040_314F_41D4_8279_D07D229A052B.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A0EAF5F9_367F_484D_B885_F776EFEEA05E.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.A6B8BC6C_FB66_49C2_8E3A_5D9624334BBD.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.ADE1D959_6508_41EE_881A_B753E14752A6.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.B4733F37_D4D8_4085_94FE_8A78FEB5D157.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.C0D49D98_6F16_4B5F_AAC1_C12ECA02364C.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla1.FBE69EB0_39A5_48C7_84B0_4577EAD3F47C.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla2.31E96541_5977_446A_9397_22DA57E04BAB.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla20.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla22.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla24.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla28.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.1DCDDFD3_9BEF_4F44_BF65_0605E8FA1B4D.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.500F1E4F_607F_4B5C_AA73_1EE07CB67F95.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.A3C8CE51_0693_485E_9D7E_5599B664C3CD.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.E41808F3_5CAF_4C3A_84C8_04328A1F6092.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla3.FAF8A314_E56E_45D7_BEE9_65A690C7198C.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla31.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla35.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla36.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla39.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.316FF00F_788B_4C9D_B87F_F6B99DE5AD83.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla4.917B2E4C_4780_4F4B_981F_00C79F001E25.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla46.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla48.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla49.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseCustomCalla51.dll deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP\WiseData.ini deleted successfully.

C:\WINDOWS\40F8FD5F470148D6A8FC1F188007DF38.TMP folder deleted successfully.

C:\WINDOWS\534252345.tmp deleted successfully.

C:\WINDOWS\msdownld.tmp folder deleted successfully.

C:\WINDOWS\SET3.tmp deleted successfully.

C:\WINDOWS\SET4.tmp deleted successfully.

C:\WINDOWS\SET8.tmp deleted successfully.

C:\WINDOWS\System32\asycfilt.dll.tmp deleted successfully.

C:\WINDOWS\System32\CONFIG.TMP deleted successfully.

C:\Documents and Settings\João Bezerra\Definições locais\Application Data\GLF21C.tmp deleted successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 186857 bytes

->FireFox cache emptied: 9297569 bytes

->Flash cache emptied: 405 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

 

User: João Bezerra

->Temp folder emptied: 3510520 bytes

->Temporary Internet Files folder emptied: 6850916 bytes

->Java cache emptied: 124352 bytes

->FireFox cache emptied: 90564942 bytes

->Google Chrome cache emptied: 557424 bytes

->Flash cache emptied: 4870 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 106,00 mb

 

 

OTL by OldTimer - Version 3.2.6.0 log created on 06102010_182552

 

Files\Folders moved on Reboot...

C:\Documents and Settings\João Bezerra\Definições locais\Temporary Internet Files\Content.IE5\3HQDJCVF\MsgrConfig[1].asmx moved successfully.

 

Registry entries deleted on Reboot...

 

Acho que o meu pc esta infectado com um rootkit.win32.tdss.d

 

Ajude me por favor

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Faça o download do ComboFix de um destes locais:

 

Link 1.

Link 2.

Link 3.

 

Importante!

Você não deve usar Combofix a menos que você tenha sido instruído a fazê-lo por um análista de segurança.

Destina-se pelo seu criador para ser utilizado sob orientação e supervisão de um especialista, e não para uso privado.

Utilizando esta ferramenta incorreto poderia levar a desastrosa problemas com o seu sistema operacional.

 

Certifique-se de que você salvou ComboFix.exe para o seu desktop.

 

• Desabilite o seu Antivírus e AntiSpyware , geralmente através de um clique direito sobre o ícone da bandeja do sistema. Eles podem interferir na execução da ferramenta.

 

• Dê um duplo clique no ComboFix.exe & siga as instruções.

 

• Como parte de seu processo, ComboFix irá verificar se o Microsoft Windows Recovery Console está instalado. Como as infecções de malware são hoje, é fortemente recomendado que esteja pré-instalado em sua máquina antes de fazer qualquer remoção de malware. Ela permitirá que você arrancar em especial uma recuperação / reparação modo a permitir-nos-á mais fácil ajudá-lo a seu computador deve ter um problema após uma tentativa de remoção de malware.

 

• Siga as instruções para permitir ComboFix para baixar e instalar o Microsoft Windows Recovery Console e, quando for solicitado, concordar com o End-User License Agreement para instalar o Microsoft Windows Recovery Console.

 

-- Atenção: Se a consola de recuperação do Microsoft Windows já estiver instalado, ComboFix irá continuar a sua remoção malware procedimentos.

 

RcAuto1.gif

 

Uma vez que o Microsoft Windows Recovery Console é instalado usando o ComboFix, você deverá ver a seguinte mensagem:

 

whatnext.png

 

Clique em Sim, para continuar a varredura de malware.

 

Quando terminar, ela deve produzir um log para você. Poste o relatorio do combofix que estar em C: \ ComboFix.txt junto com um log do hijackthis.

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

ComboFix 10-06-11.01 - João Bezerra 12-06-2010 21:01:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2038.1230 [GMT 1:00]

Executando de: c:\documents and settings\Administrador\Os meus documentos\TransferÛncias\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\programas\Downloaded Installers

c:\programas\Downloaded Installers\{BE580819-778C-419C-9B39-3BE5407AA97E}\setup.msi

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_NPF

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-12 to 2010-06-12 ))))))))))))))))))))))))))))

.

 

2010-06-12 13:05 . 2010-06-12 13:05 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-12 12:59 . 2010-06-12 12:59 -------- d-----w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com

2010-06-12 04:07 . 2010-06-12 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-12 04:07 . 2010-06-12 04:07 -------- d-----w- c:\programas\SUPERAntiSpyware

2010-06-12 01:57 . 2010-06-12 01:57 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-06-10 23:21 . 2010-06-10 23:21 -------- d-----w- c:\documents and settings\Administrador\Tracing

2010-06-10 23:15 . 2010-06-10 23:15 -------- d-----w- c:\documents and settings\Administrador\Application Data\RCP 5

2010-06-10 23:11 . 2010-06-10 23:11 -------- d-----w- c:\documents and settings\Administrador\Application Data\SafeReturner

2010-06-10 23:08 . 2010-06-10 23:08 -------- d-sh--w- c:\documents and settings\Administrador\IETldCache

2010-06-10 22:56 . 2010-06-10 23:25 12872 ----a-w- c:\windows\system32\bootdelete.exe

2010-06-10 22:42 . 2010-06-12 13:01 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-06-10 22:41 . 2010-06-10 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2010-06-10 22:41 . 2010-06-10 22:41 -------- d-----w- c:\programas\Hitman Pro 3.5

2010-06-10 22:22 . 2010-06-10 23:37 -------- d-----w- c:\programas\Safe Returner

2010-06-10 22:05 . 2010-06-10 22:05 -------- d-----w- c:\programas\AnalogX

2010-06-10 17:25 . 2010-06-10 17:25 -------- d-----w- C:\_OTL

2010-06-09 00:51 . 2010-06-09 00:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-06-09 00:45 . 2010-06-09 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MessengerDiscovery 2

2010-06-09 00:37 . 2010-06-09 00:39 -------- dc-h--w- c:\windows\ie8

2010-06-09 00:36 . 2010-06-09 00:36 -------- d-----w- c:\programas\Bing Bar Installer

2010-06-08 18:11 . 2010-06-08 18:11 -------- d-----w- c:\programas\Thoosje

2010-06-08 18:08 . 2010-06-08 18:24 -------- d-----w- C:\PC-Checkup

2010-06-08 18:07 . 2002-01-05 10:37 344064 ----a-w- c:\windows\system32\msvcr70.dll

2010-06-08 18:07 . 2010-06-08 18:07 -------- d-----w- c:\programas\AML Products

2010-06-08 18:07 . 2002-01-05 05:48 974848 ----a-w- c:\windows\system32\mfc70.dll

2010-06-08 17:50 . 2010-06-08 17:50 -------- d-----w- c:\programas\Unlocker

2010-06-08 10:54 . 2010-06-08 10:54 -------- d-----w- c:\programas\Ficheiros comuns\Java

2010-06-08 10:53 . 2010-06-08 10:52 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-01 18:20 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll

2010-06-01 18:20 . 2010-06-01 18:20 -------- d-----w- c:\programas\K-Lite Codec Pack

2010-05-30 15:22 . 2010-05-30 15:22 -------- d-----w- c:\programas\bet-at-home.com Poker

2010-05-28 00:58 . 2010-05-30 03:08 -------- d-----w- C:\BTNext

2010-05-28 00:52 . 2010-05-30 11:06 -------- d-----w- c:\programas\BTNext Evolution

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-12 20:07 . 2009-01-12 00:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-06-12 19:45 . 2009-04-01 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-12 17:48 . 2010-06-12 17:48 439816 ----a-w- c:\documents and settings\Administrador\Application Data\Real\Update\setup3.10\setup.exe

2010-06-12 13:00 . 2010-06-12 13:00 63488 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-12 13:00 . 2010-06-12 13:00 52224 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-06-12 13:00 . 2010-06-12 13:00 117760 ----a-w- c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-12 12:33 . 2008-04-13 23:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2010-06-12 02:27 . 2004-09-21 12:00 83210 ----a-w- c:\windows\system32\perfc016.dat

2010-06-12 02:27 . 2004-09-21 12:00 486748 ----a-w- c:\windows\system32\perfh016.dat

2010-06-12 02:10 . 2009-02-03 00:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-06-12 01:50 . 2010-06-12 01:50 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe

2010-06-11 20:59 . 2009-03-04 21:35 -------- d-----w- c:\programas\VirtualDJ

2010-06-11 00:03 . 2008-12-30 20:43 6266 ----a-w- C:\cc_20081230_204348.reg

2010-06-10 17:45 . 2009-06-22 18:37 -------- d-----w- c:\programas\BetClic Poker

2010-06-09 16:52 . 2010-05-08 12:55 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware

2010-06-09 00:45 . 2009-11-17 01:26 -------- d-----w- c:\programas\MessengerDiscovery 2

2010-06-08 18:37 . 2009-02-03 00:47 -------- d-----w- c:\programas\Spybot - Search & Destroy

2010-06-08 18:07 . 2009-05-21 02:34 737280 ----a-w- c:\windows\iun6002.exe

2010-06-07 02:12 . 2009-04-01 01:03 -------- d-----w- c:\programas\Microsoft Silverlight

2010-06-03 07:53 . 2010-06-03 07:53 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys

2010-06-03 07:53 . 2010-06-03 07:53 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys

2010-06-03 07:53 . 2009-03-30 19:17 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-06-03 07:53 . 2009-03-30 19:17 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-05-30 15:22 . 2009-06-24 12:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Boss Media

2010-05-25 16:59 . 2009-01-26 02:32 -------- d-----w- c:\programas\PokerStars

2010-05-22 02:01 . 2008-12-23 14:29 -------- d-----w- c:\programas\Launch Manager

2010-05-13 11:57 . 2008-12-23 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-12 17:58 . 2009-04-01 03:03 -------- d-----w- c:\programas\Google

2010-05-10 20:52 . 2009-03-30 18:36 -------- d-----w- c:\programas\Ficheiros comuns\eMail ID

2010-05-02 16:48 . 2010-05-02 16:48 -------- d-----w- c:\programas\ReaConverter 5.5 Pro

2010-04-30 03:23 . 2008-12-23 14:30 -------- d--h--w- c:\programas\InstallShield Installation Information

2010-04-30 03:01 . 2010-04-30 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest Software

2010-04-29 14:39 . 2010-05-08 12:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 14:39 . 2010-05-08 12:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.

 

------- Sigcheck -------

 

[-] 2008-05-08 . 5EB35193D93DB2B617D05DC5C2E26392 . 1572352 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"SUPERAntiSpyware"="c:\programas\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-07 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]

"IntelZeroConfig"="c:\programas\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"EOUApp"="c:\programas\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-07-20 593920]

"SkyTel"="SkyTel.EXE" [2006-08-16 2879488]

"AzMixerSel"="c:\programas\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 53248]

"Ad-Watch"="c:\programas\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-01 524632]

"IconixOEAddOn"="c:\programas\eMail ID\OEAddOn\OEdmn_6.exe" [2010-03-03 342872]

"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 16248320]

"GrooveMonitor"="c:\programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SynTPEnh"="c:\programas\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761946]

"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"SunJavaUpdateSched"="c:\programas\Ficheiros comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

"HitmanPro35"="c:\programas\Hitman Pro 3.5\HitmanPro35.exe" [2010-06-10 5937984]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2008-12-28 185872]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\programas\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\programas\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-03-13 09:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]

javatupn REG_SZ c:\windows\system32\atsec6.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Programas\\Bit Torrent\\BitTorrent.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\Programas\\Sports Interactive\\Football Manager 2010\\fm.exe"=

"c:\\Programas\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Programas\\SecondLife\\SLVoice.exe"=

"c:\\Documents and Settings\\João Bezerra\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programas\\Poker Clock\\PokerClock.exe"=

"c:\\Programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Programas\\8BallClub\\GameDirector.exe"=

"c:\\Programas\\BTNext Evolution\\BTNext.exe"=

"c:\\Programas\\Hitman Pro 3.5\\HitmanPro35.exe"=

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01-04-2009 19:26 64160]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29-12-2008 19:12 717296]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30-03-2009 20:17 216200]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30-03-2009 20:17 242896]

R1 SASDIFSV;SASDIFSV;c:\programas\SUPERAntiSpyware\sasdifsv.sys [17-02-2010 19:25 12872]

R1 SASKUTIL;SASKUTIL;c:\programas\SUPERAntiSpyware\SASKUTIL.SYS [10-05-2010 19:41 67656]

R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [01-04-2009 1:04 467968]

R2 avg9wd;AVG Free WatchDog;c:\programas\AVG\AVG9\avgwdsvc.exe [13-03-2010 10:47 308064]

R2 IconixService;Iconix Update Service;c:\programas\Ficheiros comuns\eMail ID\IconixService.exe [30-03-2009 19:36 283992]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programas\Lavasoft\Ad-Aware\AAWService.exe [09-03-2009 20:06 1029456]

S2 gupdate1c9b276a161315a;Serviço Google Update (gupdate1c9b276a161315a);c:\programas\Google\Update\GoogleUpdate.exe [01-04-2009 4:04 133104]

S3 rcp_service;ReaConverter scheduler service;c:\programas\ReaConverter 5.5 Pro\rcp_scheduler.exe [30-11-2007 11:27 558592]

S3 wpasvc;wpa_supplicant service; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2010-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:26]

 

2010-06-12 c:\windows\Tasks\Google Software Updater.job

- c:\programas\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-01 12:42]

 

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-01 03:04]

 

2010-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programas\Google\Update\GoogleUpdate.exe [2009-04-01 03:04]

 

2010-06-12 c:\windows\Tasks\User_Feed_Synchronization-{A671B2E0-2591-4AA7-9DF2-80E434C21ED7}.job

- c:\windows\system32\msfeedssync.exe [2008-05-08 03:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = local

Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - c:\programas\Ficheiros comuns\BinarySense\hlAPP.dll

DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://pt.powerchallenge.com/applet/PowerLoader.cab

DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab

FF - ProfilePath - c:\documents and settings\João Bezerra\Application Data\Mozilla\Firefox\Profiles\sg82wdzy.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - www.google.com

FF - component: c:\programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\programas\Mozilla Firefox\extensions\{1253D21B-263B-1843-275C-1726DA8B2A12}\components\FFProxy36.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programas\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programas\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll

FF - plugin: c:\programas\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\programas\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npIconixProxy3.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npIconixProxy36.dll

FF - plugin: c:\programas\Veetle\Player\npvlc.dll

FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll

FF - plugin: c:\programas\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

 

SafeBoot-klmdb.sys

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-12 21:08

Windows 5.1.2600 Service Pack 3 NTFS

 

Procurando processos ocultos ...

 

Procurando entradas auto inicializáveis ocultas ...

 

Procurando ficheiros/arquivos ocultos ...

 

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

 

**************************************************************************

 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spoj.sys >>UNKNOWN [0x8A89D938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28

\Driver\ACPI -> ACPI.sys @ 0xba666cb8

\Driver\atapi -> atapi.sys @ 0xba5ddb40

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: Broadcom 440x 10/100 Integrated Controller -> SendCompleteHandler -> NDIS.sys @ 0xba4e6bb0

PacketIndicateHandler -> NDIS.sys @ 0xba4d5a0d

SendHandler -> NDIS.sys @ 0xba4e9b40

user & kernel MBR OK

 

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-1715567821-884357618-842925246-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7FF04398-A3CE-3968-F740-7754FE9B59F9}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"eafkkbklcl"=hex:66,61,70,6c,67,6f,63,66,6d,69,6e,64,00,31

"daikhbhl"=hex:64,62,6a,61,6d,67,61,68,6f,69,6a,6f,62,70,65,67,63,68,64,66,6a,

68,6e,62,6c,6d,69,63,6b,6b,69,63,66,6f,64,68,6b,69,6f,6b,00,00

"ianofnnmhdfjiikgjn"=hex:69,61,62,61,69,66,66,65,6b,6a,6a,67,6b,66,64,64,6a,67,

00,00

"hahamkhgadbicadg"=hex:69,61,62,61,69,66,66,65,6b,6a,6a,67,6b,66,64,64,6a,67,

00,00

 

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\f62ae326-5297-6549-f032-36c8e64e324]

@Denied: (Full) (AuthenticatedUsers)

@Denied: (Full) (Administrators)

"1vjyiujmaxkkx"=hex:64,61,65,61,38,66,61,61,2d,66,37,61,64,2d,34,34,32,64,2d,

38,36,66,61,2d,64,66,61,33,64,63,32,62,34,64,66,33

"1a6jtcbz36zig"=hex:64,62,02,00,28,7c,4e,00,38,c5,2e,03,f0,ff,ff,ff,48,bd,64,

00,90,51,5a,00,70,7b,4e,00,e8,ff,ff,ff,76,6b,00,00,86,00,00,00,20,d0,9a,01,\

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

 

- - - - - - - > 'winlogon.exe'(912)

c:\programas\SUPERAntiSpyware\SASWINLO.DLL

 

- - - - - - - > 'explorer.exe'(2484)

c:\programas\eMail ID\OEAddOn\OEldr_7.dll

c:\documents and settings\João Bezerra\Application Data\Dropbox\bin\DropboxExt.13.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\programas\Windows Desktop Search\MSNLNamespaceMgr.dll

c:\programas\SUPERAntiSpyware\SASSEH.DLL

c:\programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB

.

------------------------ Outros Processos em Execução ------------------------

.

c:\programas\Intel\Wireless\Bin\EvtEng.exe

c:\programas\Intel\Wireless\Bin\S24EvMon.exe

c:\programas\AVG\AVG9\avgchsvx.exe

c:\programas\AVG\AVG9\avgrsx.exe

c:\programas\AVG\AVG9\avgcsrvx.exe

c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe

c:\programas\Ficheiros comuns\BinarySense\hldasvc.exe

c:\programas\Ficheiros comuns\BinarySense\hldasvc.exe

c:\programas\AVG\AVG9\avgnsx.exe

c:\programas\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\programas\Intel\Wireless\Bin\RegSrvc.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\RTHDCPL.EXE

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\igfxext.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

c:\docume~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Tempo para conclusão: 2010-06-12 21:17:51 - Máquina reiniciou

ComboFix-quarantined-files.txt 2010-06-12 20:17

 

Pré-execução: 5.011.369.984 bytes livres

Pós execução: 4.844.716.032 bytes livres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

 

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - 9887C299FF8DFA6FB0D6344E673D17F9

 

 

_________________________________________________________________________-

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:22:18, on 12-06-2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Intel\Wireless\Bin\EvtEng.exe

C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

C:\Programas\AVG\AVG9\avgchsvx.exe

C:\Programas\AVG\AVG9\avgrsx.exe

C:\Programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

C:\Programas\AVG\AVG9\avgwdsvc.exe

C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

C:\Programas\AVG\AVG9\avgnsx.exe

C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

C:\Programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe

C:\Programas\Intel\Wireless\Bin\EOUWiz.exe

C:\PROGRA~1\LAUNCH~1\LManager.exe

C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programas\Synaptics\SynTP\SynTPEnh.exe

C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\DOCUME~1\JOOBEZ~1\DEFINI~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Mozilla Firefox\firefox.exe

C:\Programas\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG9\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Programas\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [EOUApp] "C:\Programas\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [AzMixerSel] C:\Programas\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [Ad-Watch] C:\Programas\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM\..\Run: [iconixOEAddOn] "C:\Programas\eMail ID\OEAddOn\OEdmn_6.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HitmanPro35] "C:\Programas\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programas\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Programas\eMail ID\IEAddOn\IconixBHO_42.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra button: PokerTime - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://pt.powerchallenge.com/applet/PowerLoader.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programas\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Programas\Ficheiros comuns\BinarySense\hlAPP.dll" (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcGIS License Manager - Unknown owner - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programas\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Serviço Google Update (gupdate1c9b276a161315a) (gupdate1c9b276a161315a) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Programas\Ficheiros comuns\BinarySense\hldasvc.exe

O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Programas\Ficheiros comuns\eMail ID\IconixService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programas\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programas\Ficheiros comuns\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Programas\ReaConverter 5.5 Pro\rcp_scheduler.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programas\Intel\Wireless\Bin\S24EvMon.exe

 

--

End of file - 11374 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Acesse este site:

http://www.kaspersky.com/kos/eng/partner/default/pages/default/check.html?n=1261360413531

 

Clique em Clipboard01-1.jpg

Siga as instruções de configuração do verificador conforme imagem abaixo.

kosjn0.gif

poste o log do scan aqui mesmo no tópico

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Monday, June 14, 2010

Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Sunday, June 13, 2010 17:22:49

Records in database: 4273116

--------------------------------------------------------------------------------

 

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

 

Scan statistics:

Objects scanned: 125281

Threats found: 4

Infected objects found: 4

Suspicious objects found: 0

Scan duration: 06:48:01

 

 

File name / Threat / Threats count

D:\Antenna.WebDesign.Studio.2.7.Inc.Keygen-Nydic\keygen.exe Infected: Backdoor.Win32.Poison.bmwt 1

D:\Downloads\Able2Extract Pro 5.0 PDF to Word Excel HTML & Text Converter.zip Infected: Trojan.Win32.Chifrax.d 1

D:\IaXrmqoc_YouTubeGet4.9.8.rar Infected: Trojan-Clicker.MSIL.Xone.cb 1

D:\Instaladores Programas\btnext_1.1.3.exe Infected: Packed.Win32.Black.a 1

 

Selected area has been scanned.

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

Olá, o seu log está limpo.

 

Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK.

 

92674490.jpg

 

Algum problema relacionado a malware?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

Não, tudo melhorou, muito obrigado....

 

É mesmo necessário eliminar o combofix?

 

Obrigado

 

Não, tudo melhorou, muito obrigado....

 

É mesmo necessário eliminar o combofix?

 

Obrigado

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

A eliminação do combofix da sua máquina fica ao seu critério. Quanto ao seu caso o problema está resolvido?

Compartilhar este post

Link para o post
Compartilhar em outros sites

Joao Bezerra    0

Joao Bezerra
Postado

A eliminação do combofix da sua máquina fica ao seu critério. Quanto ao seu caso o problema está resolvido?

 

 

Sim, resolvido!

 

Mais uma vez muito obrigado por toda a ajuda prestada...

Compartilhar este post

Link para o post
Compartilhar em outros sites

PedroN    1

PedroN
Postado

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito