sddom 0 Denunciar post Postado Junho 13, 2010 Meu notebook vem apresentando a seguinte mensagem ao ser inicializado: lsass.exe - Não foi possivel localizar componente Este aplicativo não pôde ser iniciado porque não foi encontrado odbcuapi.dll. A reisntalação do aplicativo pode corrigir o problema. Outro problema é a lentidao que esta apresentando em qualquer atividade que executo e travamentos constantes. Será que poderiam me orientar de como prosseguir?? Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:08:47, on 13/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\My Lockbox\mylbx.exe C:\Windows\System32\mopdir\services.exe C:\Windows\tsnpstd3.exe C:\Windows\vsnpstd3.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Claro 3G\Claro 3G.exe C:\Windows\system32\conime.exe C:\Users\zé de gili\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O1 - Hosts: ::1 localhost O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 internetbanking.caixa.gov.br O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [Winupdate] C:\Windows\System32\winupdate\lsass.exe /startup O4 - HKLM\..\Run: [wservices] C:\Windows\System32\mopdir\services.exe O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [wservices] C:\Windows\System32\mopdir\services.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{B0038BB0-F624-49D5-A51A-765E2EF0D122}: NameServer = 200.169.117.222 200.169.117.221 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11757 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 15, 2010 Bom Dia! sddom <@> Baixe: < Malwarebytes' Anti-Malware > <@> Link - 2: < > <@> Ps: Salve ou imprima estas instruções: - Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas. - Clique,à seguir,em Concluir. - Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas. - Ao final da atualização,com o programa aberto, marque: Verificação Rápida - Clique no botão Verificar. - Começará então o exame. -> Aguarde,pois pode demorar! - Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório. - Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover". - Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório. - Ps: O log será armazenado,automáticamente,pela ferramenta. - Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa. <@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez! <@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar. <@> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta. 00000000000000000000000 ooooooooooooooooooooooo <@> Baixe: < OTL > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Clique duplo em: < > <@> Ps: Sigamos,agora,com sua configuração! <!> 1 - Em "Saída",deixe marcado o botão "Resumida". <!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit! <!> 3 - Processos: Usar SafeList <-- Marque! <!> 4 - Módulos: Usar SafeList <-- Marque! <!> 5 - Serviços: Usar SafeList <-- Marque! <!> 6 - Drivers: Usar SafeList <-- Marque! <!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque! <!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque! <!> 9 - Verificação de Arquivos: <!> Data de Criação >> Escolha: 14 dias <!> Marque: Usar WhiteList para Nomes de Companhias <!> Marque: Ignorar Arquivos Microsoft <!> 10 - Arquivos Criados Desde: <!> Marque: Data de Criação <!> 11 - Arquivos Modificados Desde: <!> Marque: Data de Criação <!> Marque as caixas: [] Verificar Lop [] Verificar Purity <@> Ps: Sugiro que imprima estas orientações,para posterior leitura. netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT <@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções <@> Clique em: Verificar --> Aguarde! <@> Concluindo,poste: <!> <1> OTL.txt <-- <!> <2> Extras.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 15, 2010 Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:23:24, on 15/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Windows\System32\mobsync.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\My Lockbox\mylbx.exe C:\Windows\tsnpstd3.exe C:\Windows\vsnpstd3.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\System32\mopdir\services.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Claro 3G\Claro 3G.exe C:\Users\zé de gili\Downloads\HiJackThis.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O1 - Hosts: ::1 localhost O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 internetbanking.caixa.gov.br O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [wservices] C:\Windows\System32\mopdir\services.exe O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [Power2GoExpress] NA O4 - HKCU\..\Run: [wservices] C:\Windows\System32\mopdir\services.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{CFBF53EF-B696-461E-AF6B-B4BD4101BFA2}: NameServer = 200.169.117.222 200.169.117.221 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11657 bytes Mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4052 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18928 15/06/2010 15:29:25 mbam-log-2010-06-15 (15-29-25).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 126690 Tempo decorrido: 26 minuto(s), 26 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 1 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 1 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winupdate (Spyware.Passwords) -> Quarantined and deleted successfully. Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: C:\Windows\System32\winupdate\lsass.exe (Spyware.Passwords) -> Quarantined and deleted successfully. OTL: OTL logfile created on: 15/06/2010 15:50:05 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\zé de gili\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,05 Gb Total Space | 6,08 Gb Free Space | 4,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZÉDEGILI-PC Current User Name: zé de gili Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\zé de gili\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de programas\GbPlugin\gbpsv.exe ( ) PRC - C:\Windows\System32\mopdir\services.exe (Syncsoft Softwares) PRC - C:\Arquivos de programas\My Lockbox\mylbx.exe (FSPro Labs) PRC - C:\Windows\System32\fsproflt.exe (FSPro Labs) PRC - C:\Arquivos de programas\Registry Mechanic\RegMech.exe (PC Tools) PRC - C:\Arquivos de programas\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Arquivos de programas\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) PRC - C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe (ESET) PRC - C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Arquivos de programas\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) PRC - C:\Arquivos de programas\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Arquivos de programas\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Arquivos de programas\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Arquivos de programas\Power Manager\PM.exe () PRC - c:\Arquivos de programas\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\vsnpstd3.exe () PRC - C:\Windows\tsnpstd3.exe () PRC - C:\Arquivos de programas\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\zé de gili\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AVKWCtl) -- File not found SRV - (GbpSv) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe ( ) SRV - (fsproflt) -- C:\Windows\System32\fsproflt.exe (FSPro Labs) SRV - (PCToolsSSDMonitorSvc) -- C:\Arquivos de Programas\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Arquivos de programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (GbpKm) -- C:\Windows\system32\drivers\gbpkm.sys (GAS Tecnologia) DRV - (epfwtdir) -- C:\Windows\System32\drivers\epfwtdir.sys () DRV - (easdrv) -- C:\Windows\System32\drivers\easdrv.sys (ESET) DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (VMUVC) -- C:\Windows\System32\drivers\VMUVC.sys (Vimicro Corporation) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (vvftUVC) -- C:\Windows\System32\drivers\vvftUVC.sys (Vimicro Corporation) DRV - (FSProFilter) -- C:\Windows\System32\Drivers\FSPFltd.sys (FSPro Labs) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (wbms_vista_x86) -- C:\Windows\system32\drivers\wbms_vista_x86.sys (Winbond Electronics Corp.) DRV - (wbsx) -- C:\Windows\system32\drivers\wbsx_vista_x86.sys (Winbond Electronics Corp.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (wbsdmmc) -- C:\Windows\system32\drivers\wbsdmmc_vista_x86.sys (Winbond Electronics Corp.) DRV - (zteusbser) -- C:\Windows\System32\drivers\zteusbser.sys (ZTE Corporation) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (WINIO) -- C:\Windows\System32\WinIo.sys (http://www.internals.com) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - (usb2vcom) -- C:\Windows\System32\drivers\usb2vcom.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de Programas\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de Programas\myBabylon_English\tbmyBa.dll (Conduit Ltd.) IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://www.werbeservice.de/awdata/awstats012005.www.werbeservice.de.txt ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/" FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E886C}:1.0.11.5 FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.0.4 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102 FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.3 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/04 15:26:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/30 02:09:29 | 000,000,000 | ---D | M] [2009/02/21 00:01:11 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\mozilla\Extensions [2010/06/14 14:58:39 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions [2010/06/05 02:03:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/03/06 08:53:01 | 000,000,000 | ---D | M] (Aero Fox) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010/06/05 02:04:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} [2010/03/03 01:11:33 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2010/06/10 08:18:05 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\netvideohunter@netvideohunter.com [2010/03/06 08:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\browser\extensions [2010/03/06 08:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions [2010/03/06 08:53:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\browser\extensions [2010/03/06 08:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zé de gili\AppData\Roaming\mozilla\Firefox\Profiles\egkbmo99.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2010/02/04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\zé de gili\AppData\Roaming\Mozilla\FireFox\Profiles\egkbmo99.default\searchplugins\askcom.xml [2010/06/15 12:57:14 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions [2009/09/22 16:15:57 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions\Access Privileges Test [2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npOGAPlugin.dll [2010/04/21 10:28:48 | 000,002,191 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\babylon.xml [2010/03/13 14:00:41 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml [2010/03/13 14:00:42 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/03/13 14:00:42 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/03/13 14:00:42 | 000,000,952 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2010/05/30 01:14:54 | 000,001,210 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescoempresa.com.br O1 - Hosts: 209.160.70.176 bradescocartoes.com.br O1 - Hosts: 209.160.70.176 www.bradescocartoes.com.br O1 - Hosts: 209.160.70.176 internetbanking.caixa.gov.br O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Auxiliar de Conexão do Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.) O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de Programas\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Arquivos de Programas\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Arquivos de Programas\myBabylon_English\tbmyBa.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs) O4 - HKLM..\Run: [PowerManager] C:\Arquivos de Programas\Power Manager\PM.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [sSDMonitor] C:\Arquivos de Programas\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe () O4 - HKLM..\Run: [VMonitorVMUVC] C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (Vimicro Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [wservices] C:\Windows\System32\mopdir\services.exe (Syncsoft Softwares) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [Power2GoExpress] File not found O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe (PC Tools ) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [WMPNSCFG] C:\Arquivos de Programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [wservices] C:\Windows\System32\mopdir\services.exe (Syncsoft Softwares) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000\..Trusted Domains: bancobrasil.com.br ([www2] https in Sites confiáveis) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginBb: DllName - C:\Program Files\GbPlugin\gbieh.dll - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Arquivos de Programas\GbPlugin\gbieh.dll (Banco do Brasil) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{49874863-b802-11de-8236-0015afab8659}\Shell\AutoRun\command - "" = E:\0fkk02x.exe -- File not found O33 - MountPoints2\{49874863-b802-11de-8236-0015afab8659}\Shell\open\Command - "" = E:\0fkk02x.exe -- File not found O33 - MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\Shell\AutoRun\command - "" = E:\3yalgc.exe -- File not found O33 - MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\Shell\open\Command - "" = E:\3yalgc.exe -- File not found O33 - MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\Shell\AutoRun\command - "" = F:\0fkk02x.exe -- File not found O33 - MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\Shell\open\Command - "" = F:\0fkk02x.exe -- File not found O33 - MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\Shell\AutoRun\command - "" = 0fkk02x.exe O33 - MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\Shell\open\Command - "" = 0fkk02x.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Instalar.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Instalar.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias [2010/04/17 20:58:22 | 000,000,000 | ---D | M] NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Arquivos de programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Arquivos de programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Pastas da Web ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.clmp3enc - C:\Arquivos de Programas\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.iac2 - C:\\Windows\\system32\\iac25_32.ax () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msaudio1 - msaud32.acm File not found Drivers32: msacm.msg723 - msg723.acm File not found Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - sl_anet.acm File not found Drivers32: msacm.trspch - tssoft32.acm File not found Drivers32: msacm.voxacm160 - vct3216.acm File not found Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll File not found Drivers32: VIDC.DRAW - DVIDEO.DLL File not found Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.FPS1 - frapsvid.dll File not found Drivers32: vidc.i420 - i420vfw.dll File not found Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.M261 - msh261.drv File not found Drivers32: vidc.M263 - msh263.drv File not found Drivers32: vidc.mp42 - MPG4C32.dll File not found Drivers32: VIDC.MSUD - msulvc05.dll File not found Drivers32: VIDC.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - vp6vfw.dll File not found Drivers32: vidc.VP61 - vp6vfw.dll File not found Drivers32: vidc.VP62 - vp6vfw.dll File not found Drivers32: vidc.VP70 - C:\Windows\System32\vp7vfw.dll (On2.com) Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found Drivers32: vidc.X264 - x264vfw.dll File not found Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll () Drivers32: VIDC.YV12 - yv12vfw.dll File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 14 Days ========== [2010/06/15 13:57:18 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\AppData\Roaming\Malwarebytes [2010/06/15 13:56:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/06/15 13:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/15 13:56:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/06/15 13:56:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware [2010/06/15 08:56:38 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\Desktop\Nova Pasta [2010/06/14 15:23:43 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\Desktop\EDUCAÇÃO CONTINUADA [2010/06/13 09:37:25 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\AppData\Local\ElevatedDiagnostics [2010/06/13 06:07:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2010/06/13 01:19:10 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft ATS [2010/06/09 16:49:55 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\Documents\4283783740 [2010/06/09 09:16:17 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys [2010/06/09 09:16:16 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys [2010/06/09 09:16:14 | 000,104,960 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys [2010/06/09 09:15:33 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Claro 3G [2010/06/09 08:57:57 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\Desktop\claro setup [2010/06/09 08:52:17 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\{4931f82c-d818-4f25-9a01-5c27878f7a35} [2010/06/09 08:49:17 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\{fc6eb2ea-8581-418f-abd2-5167ab8d86b7} [2010/06/09 08:27:33 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\{22f7f341-17bd-4f03-b48d-85ac5c5065ad} [2010/06/07 16:32:08 | 000,398,720 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\vvftUVC.sys [2010/06/07 16:31:50 | 000,188,416 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\vvftUVC.ax [2010/06/07 16:31:50 | 000,094,208 | ---- | C] (Vimicro Cooperation) -- C:\Windows\System32\VvFtCtrl.dll [2010/06/07 16:31:12 | 000,011,776 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMUVC.dll [2010/06/07 16:31:10 | 000,516,096 | ---- | C] (vimicro) -- C:\Windows\System32\VMUVC.ax [2010/06/07 16:31:09 | 000,073,728 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\exvmuvc.ax [2010/06/07 16:31:04 | 000,252,800 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\drivers\VMUVC.sys [2010/06/07 16:31:03 | 000,098,304 | ---- | C] (Vimicro Corporation) -- C:\Windows\System32\VMCtrl.ax [2010/06/07 16:30:56 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Vimicro Corporation [2010/06/05 02:05:37 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\AppData\Local\WinAVI [2010/06/05 02:03:43 | 000,000,000 | ---D | C] -- C:\Windows\WinAVI Video Converter 9.0 [2010/06/05 02:03:42 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\WinAVI Video Converter 9.0 [2010/06/05 00:16:44 | 000,000,000 | ---D | C] -- C:\CloneDVDTemp [2010/06/03 12:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Elaborate Bytes [2010/06/02 00:52:45 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Elaborate Bytes [2010/06/01 23:35:26 | 000,000,000 | ---D | C] -- C:\Users\zé de gili\Desktop\CloneDVD.2.9.2 by mario - www.therebels.de [2010/05/24 17:12:10 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2010/05/24 17:12:08 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2010/05/24 17:12:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [1 C:\Users\zé de gili\*.tmp files -> C:\Users\zé de gili\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/06/15 16:03:02 | 007,077,888 | -HS- | M] () -- C:\Users\zé de gili\ntuser.dat [2010/06/15 15:48:02 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/15 15:41:11 | 000,045,568 | ---- | M] () -- C:\Users\zé de gili\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/15 15:37:11 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 15:37:09 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 15:34:56 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2010/06/15 15:34:51 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/15 15:34:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/06/15 15:34:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/06/15 15:34:13 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys [2010/06/15 15:32:03 | 000,524,288 | -HS- | M] () -- C:\Users\zé de gili\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms [2010/06/15 15:32:03 | 000,065,536 | -HS- | M] () -- C:\Users\zé de gili\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf [2010/06/15 15:31:59 | 004,593,964 | -H-- | M] () -- C:\Users\zé de gili\AppData\Local\IconCache.db [2010/06/15 13:56:35 | 000,000,827 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/15 13:04:15 | 000,637,106 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/06/15 13:04:15 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/06/15 13:04:15 | 000,122,732 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/06/15 13:04:15 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/06/15 13:04:13 | 001,452,574 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/06/15 11:00:24 | 000,347,519 | ---- | M] () -- C:\Users\zé de gili\AppData\Roaming\vso_ts_preview.xml [2010/06/15 09:10:03 | 000,012,400 | ---- | M] () -- C:\Users\zé de gili\Documents\Geraldo Vandré escreveu essa música em 1968.docx [2010/06/15 08:35:31 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib [2010/06/15 07:46:02 | 000,025,183 | ---- | M] () -- C:\Users\zé de gili\Desktop\produzido2.jpg [2010/06/15 07:40:15 | 000,016,823 | ---- | M] () -- C:\Users\zé de gili\Desktop\produzido.jpg [2010/06/15 01:37:58 | 002,797,083 | ---- | M] () -- C:\Users\zé de gili\Desktop\aCidente.3gp [2010/06/15 00:53:56 | 373,936,226 | ---- | M] () -- C:\Users\zé de gili\Desktop\Quando.em.Roma(DVDRip.DUB).rmvb.5640103630221260329.part [2010/06/14 19:42:57 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5A948C75-E742-419D-A054-62FD441E63D8}.job [2010/06/14 19:19:08 | 000,069,679 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 9.jpg [2010/06/14 19:14:06 | 000,074,466 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 8.jpg [2010/06/14 19:13:54 | 000,075,356 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 5.jpg [2010/06/14 18:47:12 | 000,067,257 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 4.jpg [2010/06/14 17:41:46 | 000,075,218 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 7.jpg [2010/06/14 17:36:24 | 000,063,132 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 6.jpg [2010/06/14 17:07:54 | 000,137,875 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 2.jpg [2010/06/14 17:07:24 | 000,079,391 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 1.jpg [2010/06/14 16:57:14 | 000,098,673 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE 3.jpg [2010/06/14 16:34:14 | 000,122,750 | ---- | M] () -- C:\Users\zé de gili\Desktop\CLIPE FINAL.jpg [2010/06/13 05:46:34 | 003,080,192 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010/06/13 05:46:34 | 000,262,144 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010/06/13 05:46:34 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010/06/13 05:02:59 | 031,092,136 | ---- | M] () -- C:\Users\zé de gili\Desktop\A.Caixa(DVDRip.DUB).rmvb.8652757099152066209.part [2010/06/13 03:11:17 | 000,119,296 | ---- | M] () -- C:\Users\zé de gili\Desktop\tabela copa do mundo 2010 ÁFRICA.xls [2010/06/13 01:47:04 | 000,064,572 | ---- | M] () -- C:\Users\zé de gili\Desktop\2010_03_2420_25_3674843diario_oficial_coronel_santana.jpg [2010/06/12 09:59:48 | 000,005,585 | ---- | M] () -- C:\Users\zé de gili\Desktop\eduardo.spj [2010/06/12 03:23:13 | 000,343,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/06/12 01:59:29 | 000,042,186 | ---- | M] () -- C:\Users\zé de gili\Desktop\o_peregrino_release1.jpg [2010/06/11 18:14:11 | 021,869,784 | ---- | M] () -- C:\Users\zé de gili\Desktop\Pra Não Dizer Que Nao Falei Das Flores.mp4 [2010/06/10 09:56:37 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2010/06/10 09:54:12 | 000,078,915 | ---- | M] () -- C:\Users\zé de gili\Desktop\PRO LOTECA 417.jpg [2010/06/09 21:45:38 | 000,336,624 | ---- | M] () -- C:\Users\zé de gili\Desktop\adams.jpg.htm [2010/06/09 15:16:00 | 000,295,647 | ---- | M] () -- C:\Users\zé de gili\Desktop\TEMPESTADE.jpg [2010/06/09 14:59:10 | 000,360,910 | ---- | M] () -- C:\Users\zé de gili\Desktop\Amor Além da Vida.jpg [2010/06/09 11:08:43 | 002,520,453 | ---- | M] () -- C:\Users\zé de gili\Desktop\A-Ilha.jpg [2010/06/09 10:30:34 | 000,424,052 | ---- | M] () -- C:\Users\zé de gili\Desktop\ovingadordanoite.jpg [2010/06/09 10:24:42 | 000,329,117 | ---- | M] () -- C:\Users\zé de gili\Desktop\Herois-Imaginarios.jpg [2010/06/09 10:16:07 | 000,418,538 | ---- | M] () -- C:\Users\zé de gili\Desktop\amarcadaserpente-739052.jpg [2010/06/09 09:16:08 | 000,001,437 | ---- | M] () -- C:\Users\Public\Desktop\Claro 3G.lnk [2010/06/09 08:23:13 | 000,000,000 | ---- | M] () -- C:\Users\zé de gili\Documents\PDVD_MediaDisc.PlayList [2010/06/09 02:10:05 | 000,455,028 | ---- | M] () -- C:\Users\zé de gili\Desktop\te amarei label.jpg [2010/06/08 15:28:37 | 000,154,462 | ---- | M] () -- C:\Windows\hpoins21.dat [2010/06/08 13:58:05 | 000,000,427 | ---- | M] () -- C:\Windows\win.ini [2010/06/07 22:59:33 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/06/07 18:26:40 | 000,154,312 | ---- | M] () -- C:\Windows\hpoins21.dat.temp [2010/06/07 16:54:40 | 001,705,984 | ---- | M] () -- C:\Users\zé de gili\Documents\lis.avi [2010/06/07 16:40:39 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\amcap.lnk [2010/06/02 00:54:08 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\CloneDVD2.lnk [1 C:\Users\zé de gili\*.tmp files -> C:\Users\zé de gili\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/06/15 13:56:35 | 000,000,827 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/06/15 09:05:32 | 000,012,400 | ---- | C] () -- C:\Users\zé de gili\Documents\Geraldo Vandré escreveu essa música em 1968.docx [2010/06/15 07:45:56 | 000,025,183 | ---- | C] () -- C:\Users\zé de gili\Desktop\produzido2.jpg [2010/06/15 07:40:13 | 000,016,823 | ---- | C] () -- C:\Users\zé de gili\Desktop\produzido.jpg [2010/06/14 23:47:14 | 002,797,083 | ---- | C] () -- C:\Users\zé de gili\Desktop\aCidente.3gp [2010/06/14 19:20:02 | 000,069,679 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 9.jpg [2010/06/14 19:12:01 | 001,870,933 | ---- | C] () -- C:\Users\zé de gili\Desktop\HPIM0295.jpg [2010/06/14 19:11:56 | 001,710,609 | ---- | C] () -- C:\Users\zé de gili\Desktop\HPIM0294.jpg [2010/06/14 19:11:52 | 001,834,761 | ---- | C] () -- C:\Users\zé de gili\Desktop\HPIM0292.jpg [2010/06/14 19:11:23 | 000,075,218 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 7.jpg [2010/06/14 19:11:23 | 000,063,132 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 6.jpg [2010/06/14 19:11:22 | 000,075,356 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 5.jpg [2010/06/14 19:11:22 | 000,074,466 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 8.jpg [2010/06/14 19:11:22 | 000,067,257 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 4.jpg [2010/06/14 17:12:41 | 000,137,875 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 2.jpg [2010/06/14 17:12:41 | 000,122,750 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE FINAL.jpg [2010/06/14 17:12:41 | 000,098,673 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 3.jpg [2010/06/14 17:12:41 | 000,079,391 | ---- | C] () -- C:\Users\zé de gili\Desktop\CLIPE 1.jpg [2010/06/13 02:21:57 | 000,119,296 | ---- | C] () -- C:\Users\zé de gili\Desktop\tabela copa do mundo 2010 ÁFRICA.xls [2010/06/13 01:47:01 | 000,064,572 | ---- | C] () -- C:\Users\zé de gili\Desktop\2010_03_2420_25_3674843diario_oficial_coronel_santana.jpg [2010/06/13 01:19:13 | 003,080,192 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl [2010/06/13 01:19:13 | 000,262,144 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf [2010/06/13 01:19:13 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx [2010/06/12 20:36:57 | 031,092,136 | ---- | C] () -- C:\Users\zé de gili\Desktop\A.Caixa(DVDRip.DUB).rmvb.8652757099152066209.part [2010/06/12 09:59:43 | 000,005,585 | ---- | C] () -- C:\Users\zé de gili\Desktop\eduardo.spj [2010/06/12 02:14:15 | 373,936,226 | ---- | C] () -- C:\Users\zé de gili\Desktop\Quando.em.Roma(DVDRip.DUB).rmvb.5640103630221260329.part [2010/06/12 01:59:22 | 000,042,186 | ---- | C] () -- C:\Users\zé de gili\Desktop\o_peregrino_release1.jpg [2010/06/11 16:37:14 | 021,869,784 | ---- | C] () -- C:\Users\zé de gili\Desktop\Pra Não Dizer Que Nao Falei Das Flores.mp4 [2010/06/11 14:54:12 | 000,000,364 | ---- | C] () -- C:\Users\zé de gili\frame.txt [2010/06/10 09:53:52 | 000,078,915 | ---- | C] () -- C:\Users\zé de gili\Desktop\PRO LOTECA 417.jpg [2010/06/09 21:45:30 | 000,336,624 | ---- | C] () -- C:\Users\zé de gili\Desktop\adams.jpg.htm [2010/06/09 15:15:57 | 000,295,647 | ---- | C] () -- C:\Users\zé de gili\Desktop\TEMPESTADE.jpg [2010/06/09 14:59:05 | 000,360,910 | ---- | C] () -- C:\Users\zé de gili\Desktop\Amor Além da Vida.jpg [2010/06/09 11:08:41 | 002,520,453 | ---- | C] () -- C:\Users\zé de gili\Desktop\A-Ilha.jpg [2010/06/09 10:30:33 | 000,424,052 | ---- | C] () -- C:\Users\zé de gili\Desktop\ovingadordanoite.jpg [2010/06/09 10:24:40 | 000,329,117 | ---- | C] () -- C:\Users\zé de gili\Desktop\Herois-Imaginarios.jpg [2010/06/09 10:15:57 | 000,418,538 | ---- | C] () -- C:\Users\zé de gili\Desktop\amarcadaserpente-739052.jpg [2010/06/09 09:15:33 | 000,001,437 | ---- | C] () -- C:\Users\Public\Desktop\Claro 3G.lnk [2010/06/09 02:10:02 | 000,455,028 | ---- | C] () -- C:\Users\zé de gili\Desktop\te amarei label.jpg [2010/06/07 22:59:33 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010/06/07 21:26:09 | 000,001,040 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/07 21:26:03 | 000,001,036 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/07 16:54:49 | 001,705,984 | ---- | C] () -- C:\Users\zé de gili\Documents\lis.avi [2010/06/07 16:40:39 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\amcap.lnk [2010/06/02 01:52:10 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010/06/02 00:54:08 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\CloneDVD2.lnk [2010/05/24 17:12:16 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2010/04/30 20:20:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010/02/26 07:36:39 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll.crk [2010/02/26 07:03:52 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll [2010/01/02 17:48:33 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini [2009/10/07 09:18:36 | 000,035,168 | ---- | C] () -- C:\Windows\System32\drivers\epfwtdir.sys [2009/06/08 02:17:29 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI [2009/06/07 11:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009/06/07 11:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009/06/04 00:25:04 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2009/03/02 21:20:37 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll [2009/02/14 11:31:27 | 000,030,336 | ---- | C] () -- C:\Windows\System32\drivers\usb2vcom.sys [2009/01/28 15:50:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009/01/28 14:44:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008/02/09 01:58:22 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CamthWDM.sys [2008/01/31 07:42:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/01/31 07:42:40 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008/01/31 07:42:38 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008/01/31 07:42:37 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/01/31 07:40:16 | 000,000,057 | ---- | C] () -- C:\Windows\System32\OEMINFO.INI [2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2004/11/16 20:22:43 | 000,020,480 | ---- | C] () -- C:\Windows\Base64.dll ========== LOP Check ========== [2010/05/31 03:12:45 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Acoustica [2010/01/30 20:48:53 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\AVI ReComp [2010/04/19 19:29:31 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Azureus [2009/11/24 11:11:30 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Image Zone Express [2009/11/24 11:11:30 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Printer Info Cache [2010/04/06 09:33:33 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Registry Mechanic [2009/11/11 21:41:24 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Thinstall [2009/12/27 11:27:04 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\VitySoft [2010/06/15 11:00:26 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Vso [2010/05/01 14:29:30 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\VSTT Manager [2009/12/09 14:10:13 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\Webcammax [2009/11/20 18:10:33 | 000,000,000 | ---D | M] -- C:\Users\zé de gili\AppData\Roaming\ZTEEVDO [2010/06/15 15:32:58 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010/06/14 19:42:57 | 000,000,428 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5A948C75-E742-419D-A054-62FD441E63D8}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll/s/md5 > Invalid Switch: md5 < %SYSTEMDRIVE%\scecli.dll/s/md5 > Invalid Switch: md5 < %SYSTEMDRIVE%\sfcfiles.dll/s/md5 > Invalid Switch: md5 < %SYSTEMDRIVE%\netlogon.dll/s/md5 > Invalid Switch: md5 < %SYSTEMDRIVE%\atapi.sys/s/md5 > Invalid Switch: md5 ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Windows:FE82659CF16E7164 @Alternate Data Stream - 204 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > Extras - OTL: OTL Extras logfile created on: 15/06/2010 15:50:05 - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\zé de gili\Downloads Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 56,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,05 Gb Total Space | 6,08 Gb Free Space | 4,11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ZÉDEGILI-PC Current User Name: zé de gili Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3069142-2708710054-3977911593-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [mega] -- "C:\Program Files\Megacubo\megacubo.exe" "%1" (www.megacubo.net ) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{12541AFD-9A44-4CD2-A937-00F20237D0C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1D3AA3DC-E296-4936-8C39-631DA6BF5177}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{292C7EEB-A17A-49B2-8F0C-B24FFDE26B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3A11E5E3-7C03-4B11-BC7A-40BC8917E8C9}" = lport=445 | protocol=6 | dir=in | app=system | "{4A78B925-CFAB-4F17-80FD-A76834AEE29F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{538ACD75-F123-41AC-886C-A205FB16AD9C}" = lport=10243 | protocol=6 | dir=in | app=system | "{6A98B08D-4A10-4B4D-880B-DB820949AC1F}" = lport=2869 | protocol=6 | dir=in | app=system | "{7B8266B2-D650-4440-96E3-3F0A64C58547}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{A4FDBDEC-1DB9-445D-B260-7A7758EA4100}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B9140C94-80E0-4036-AE37-0CBD7F12B555}" = lport=5800 | protocol=6 | dir=in | name=vnc | "{C911C505-1784-4685-A26D-E2DC187B0BB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{CD229F2A-6AF9-4950-9423-3EAE3755B973}" = lport=2869 | protocol=6 | dir=in | app=system | "{D4C17A60-144F-4FA1-A80B-B780DEF816BC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F4A02E0F-FC2D-4538-B006-B9900F2C2AEF}" = lport=5900 | protocol=6 | dir=in | name=vnc2 | "{FD0F18C4-BB4E-4442-8528-CD38098507A8}" = rport=10243 | protocol=6 | dir=out | app=system | "{FE5059A8-03D9-4DAC-B760-61343414B02A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{037F1348-AA41-4FB9-A1A4-52C88CBC102F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{081DBC1A-B7ED-489C-A59A-152BE9CE33C5}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe | "{093E544E-3F54-4FE7-ABD9-AAD6B40B1BE0}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgamsvr.exe | "{1240D562-7F79-45A8-A157-15581F337050}" = protocol=6 | dir=in | app=c:\program files\megacubo\megacubo.exe | "{133D761C-55B6-4E41-AF10-EF3D9AE74223}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe | "{164796D4-D3F1-4B36-B5DA-7DECFBEF202E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{1A8F7645-52EA-4B1C-B65A-8309DFBEB8E9}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | "{1BFF219F-E31B-4A1E-A276-7013C95C3A7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{31F053DC-2C10-48F7-9E56-B1F04E393509}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgcc.exe | "{695734C0-E20E-4561-9C00-B1205629902A}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe | "{7DD4C63A-7A5A-414B-9370-51E71D34BA1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{820D2CB5-AD93-421F-81E7-D5B8F5B7190A}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{87D99BF1-0A1F-4E32-BF79-97F8BDEB7740}" = protocol=6 | dir=out | app=system | "{8B63151E-C12C-4512-BD93-2F24C22C804E}" = protocol=17 | dir=in | app=c:\program files\megacubo\megacubo.exe | "{8CA977B0-CA58-4A1F-963C-6617F4836D5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8D96DE4A-83E7-4FBE-B104-6D0B767D3246}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe | "{924949BA-71AF-48FB-8677-477A98DDC1F5}" = protocol=17 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe | "{98C3476C-DFDE-4D12-905C-5CBF3762CA5B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{9B37815F-5E7F-4F6C-BFC4-2760BAD22AE5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A0FCD12D-8914-4395-AAE1-9364C8FD8244}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avgemc.exe | "{A6E1C1CD-CC49-4CCC-A908-A9F8A34FAE90}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{B516AB9A-3EB6-4839-9E16-AEF7A4900DA6}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | "{CD46BAE2-0AB9-4570-BB0A-9B64F5AFAD0D}" = protocol=6 | dir=in | app=c:\program files\grisoft\avg7\avginet.exe | "{D6CA5E1E-057E-486B-B4CA-25A36024AB9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DD8CC7DE-9926-4BB0-9111-9B5BAD7B9BBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E28364C0-E04E-4C54-9616-C25A85EFADEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E6D4C951-E515-4AC1-AA90-4C2418D9D11A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E6F89BD5-49C3-425F-8BD2-B30F5E4F6A2E}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{EADDE400-40B0-4326-895B-954B08DB9B22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F12036D0-9B70-4334-B844-632B9720F53D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F5A9DDF0-CED8-4BCC-9AC0-5AF028BA2BF3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{F7D553F4-6E89-4D78-85DD-F87637026885}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{FF69CAF0-872C-4218-817B-77F4A163ED03}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{08E74D5B-9D0F-421A-B41D-3B0D8D784DE0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{5E2D5571-807B-4449-946D-A36F6350A87E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{5F13D0CE-F4A2-4E6B-A870-B5826E33153D}C:\program files\realvnc\vnc4\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "TCP Query User{D5CAE30C-6CB5-40BE-8A3A-F56C3ED52B62}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe | "TCP Query User{E5406D54-63CD-4EFB-94D6-D6EECC00ADD4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{884E88AF-5563-405C-8964-E838C89CEF86}C:\program files\realvnc\vnc4\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\vncviewer.exe | "UDP Query User{A6E29A2E-E23E-441B-A48F-091EDD4C3067}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{C584FFFE-4977-472A-9AD5-DD609F8AEE2F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D9F8472F-8A48-4CCA-8D00-E8369BE803FF}C:\program files\nero\nero 9\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 9\nero showtime\showtime.exe | "UDP Query User{EA9ECC92-2901-4D80-AE1B-FF091CD5720E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistente de Conexão do Windows Live ID "{0b9f851f-5b9f-463f-939a-44f60f93ac63}" = Nero BackItUp 4 "{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{1438B41C-658C-35B7-9253-780F2E0A0B8E}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ptb "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{24F3CA05-14C6-4D1D-BED8-6E4F61EF1B0E}" = Windows Live Movie Maker "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2D793B70-C130-42D7-943B-43A67335570F}" = Windows Live Proteção para a Família "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call "{34b34343-9a24-485f-8adc-2bfec61f81e4}" = DTS Plug-in "{3b3fcdf6-ee8b-4f76-9214-8da6e3aa61b3}" = Activation (Nero 9) "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{612d2757-f691-4444-86ea-5b0d8d3f302a}" = Blu-ray Disc Authoring Plug-in "{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6fbfc1d1-152d-4bdf-9840-f0c4ec16a72e}" = Gracenote Plug-in "{71A51A91-E7D3-11DB-A386-005056C00008}" = Vimicro USB2.0 UVC PC Camera "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.1.135 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_HOMESTUDENTR_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_HOMESTUDENTR_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90d7c6b0-f276-406c-a468-719d05d549c5}" = Nero Move it "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Claro 3G "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1046-7B44-A92000000001}" = Adobe Reader 9.2 - Português "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English "{B7FB6B99-C93C-4818-825B-37EF4B64C80C}" = PS_AIO_02_Software "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C10D6AB8-05BB-422D-AAE3-36D6E0381487}" = ESET NOD32 Antivirus "{C14337B6-7777-4643-A0B0-B054EF10F59D}" = c5200_Help "{C57CD366-C6BE-45B5-B5C6-0424E506F1D0}" = BR "{C68BF996-C440-46f5-AFCF-A0CE584AB95C}" = C5200 "{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA "{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{d22092f0-e837-455d-953a-219eb10c5de1}" = Nero MediaHome 4 "{D25BDCF5-19F6-4d9e-B9C9-273FE81446C4}" = PS_AIO_02_ProductContext "{D64BC2CF-0F12-47d7-B412-B4F3FD684253}" = HP Photosmart All-In-One Software 9.0 "{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1" = FotoSketcher 1.96 "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E96DA799-C0DF-44d7-AE41-D8312824B898}" = C5200_doccd "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus "{EF0D2E55-6FE2-4e35-BE22-A742E85D84E3}" = PS_AIO_02_Software_min "{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2 "{F06FCDEC-5AB3-4927-A3E7-36AF98A8E05C}" = USB TO UART Driver 2.00.3 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "8461-7759-5462-8226" = Vuze "Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Alladin_is1" = Game Alladin "AVI ReComp" = AVI ReComp 1.5.0 "Avisynth" = AviSynth 2.5 "CCleaner" = CCleaner "Claro" = Claro "CloneDVD2" = CloneDVD2 "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP "Debut" = Debut Video Capture Software "DivXLand Media Subtitler" = DivXLand Media Subtitler "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Flick_is1" = DVD Flick 1.3.0.7 "DVD Shrink_is1" = DVD Shrink 3.2 "ffdshow_is1" = ffdshow [rev 2630] [2009-01-22] "FormatFactory" = FormatFactory 2.20 "HDMI" = Intel® Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "HPOCR" = HP OCR Software 9.0 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio "IRPF2010 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2010 - Declaração de Ajuste Anual e Final de Espólio "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Megacubo_is1" = Megacubo 7.0.3 "Messenger Plus! Live" = Messenger Plus! Live "Microsoft .NET Framework 3.5 Language Pack SP1 - ptb" = Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MjM Free Photo Recovery" = MjM Free Photo Recovery "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "My Lockbox_is1" = My Lockbox 1.6 for Windows 2000/XP "myBabylon_English Toolbar" = myBabylon_English Toolbar "PhotoStage" = PhotoStage Slideshow Producer "Power Manager_is1" = Power Manager 2.4.3 "RealAlt_is1" = Real Alternative 1.9.0 "Receitanet Java 2010.02a" = Receitanet Java 2010.02a "Registry Mechanic_is1" = Registry Mechanic 9.0 "Riva FLV Player_is1" = Riva FLV Player "SolveigMM AVI Trimmer" = SolveigMM AVI Trimmer "SopCast" = SopCast 3.0.3 "ToolBox" = NCH Toolbox "Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908 "UnderCoverXP_is1" = UnderCoverXP 1.22 "VobSub" = VobSub 2.23 "WebcamMax" = WebcamMax "WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = Arquivo do WinRAR "Xvid_is1" = Xvid 1.2.2 "ZTEWireless-101_is1" = AIKO 76E "Zuma Deluxe RA" = Zuma Deluxe RA ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/06/2010 06:31:10 | Computer Name = zédegili-PC | Source = Google Update | ID = 20 Description = Error - 09/06/2010 06:59:59 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 09/06/2010 07:23:16 | Computer Name = zédegili-PC | Source = Application Error | ID = 1000 Description = Aplicativo com falha PowerDVD.exe, versão 7.0.2802.0, carimbo de data/hora 0x4610efa4, módulo com falha PowerDVD.exe, versão 7.0.2802.0, carimbo de data/hora 0x4610efa4, código de exceção 0xc0000005, deslocamento com falha 0x00015f2a, identificação do processo 0x1328, hora de início do aplicativo 0x01cb07c59af33ef4. Error - 09/06/2010 07:24:49 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 09/06/2010 07:31:10 | Computer Name = zédegili-PC | Source = Google Update | ID = 20 Description = Error - 09/06/2010 07:45:25 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 09/06/2010 07:47:40 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 09/06/2010 08:10:46 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 09/06/2010 08:14:45 | Computer Name = zédegili-PC | Source = VSS | ID = 8194 Description = Error - 10/06/2010 12:14:51 | Computer Name = zédegili-PC | Source = RasClient | ID = 20227 Description = [ System Events ] Error - 15/06/2010 09:29:55 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15/06/2010 09:29:55 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15/06/2010 09:29:55 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7009 Description = Error - 15/06/2010 09:29:55 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15/06/2010 14:32:03 | Computer Name = zédegili-PC | Source = DCOM | ID = 10010 Description = Error - 15/06/2010 14:32:14 | Computer Name = zédegili-PC | Source = DCOM | ID = 10010 Description = Error - 15/06/2010 14:32:48 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7043 Description = Error - 15/06/2010 14:34:46 | Computer Name = zédegili-PC | Source = HTTP | ID = 15016 Description = Error - 15/06/2010 14:35:49 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15/06/2010 14:35:49 | Computer Name = zédegili-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Abraços meu velho! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 16, 2010 Bom Dia! sddom <@> Execute o OTL.exe. <@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções :filesC:\Windows\System32\mopdir\services.exe C:\Windows\System32\mopdir :otl O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [Power2GoExpress] File not found O4 - HKU\S-1-5-21-3069142-2708710054-3977911593-1000..\Run: [wservices] C:\Windows\System32\mopdir\services.exe (Syncsoft Softwares) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17) O33 - MountPoints2\{49874863-b802-11de-8236-0015afab8659}\Shell\AutoRun\command - "" = E:\0fkk02x.exe -- File not found O33 - MountPoints2\{49874863-b802-11de-8236-0015afab8659}\Shell\open\Command - "" = E:\0fkk02x.exe -- File not found O33 - MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found O33 - MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\Shell\AutoRun\command - "" = E:\3yalgc.exe -- File not found O33 - MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\Shell\open\Command - "" = E:\3yalgc.exe -- File not found O33 - MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\Shell - "" = AutoRun O33 - MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found O33 - MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\Shell\AutoRun\command - "" = F:\0fkk02x.exe -- File not found O33 - MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\Shell\open\Command - "" = F:\0fkk02x.exe -- File not found O33 - MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\Shell\AutoRun\command - "" = 0fkk02x.exe O33 - MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\Shell\open\Command - "" = 0fkk02x.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Instalar.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Instalar.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found [1 C:\Users\zé de gili\*.tmp files -> C:\Users\zé de gili\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:D1B5B4F1 :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes] "Gopher"="gopher://" :commands [resethosts] [purity] [emptyflash] [emptytemp] [Reboot] <@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar! <@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 16, 2010 BOA NOITE! SEGUE OS RELATORIOS HIJACKTHIS E OTL Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:54:10, on 16/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\My Lockbox\mylbx.exe C:\Windows\tsnpstd3.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\vsnpstd3.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\Registry Mechanic\regmech.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Claro 3G\Claro 3G.exe C:\Users\zé de gili\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.itautec.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.werbeservice.de/awdata/awstats012005.www.werbeservice.de.txt R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [wservices] C:\Windows\System32\mopdir\services.exe O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10990 bytes OTL: All processes killed ========== FILES ========== File\Folder C:\Windows\System32\mopdir\services.exe not found. File\Folder C:\Windows\System32\mopdir not found. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-3069142-2708710054-3977911593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress not found. Registry value HKEY_USERS\S-1-5-21-3069142-2708710054-3977911593-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wservices not found. File C:\Windows\System32\mopdir\services.exe not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49874863-b802-11de-8236-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49874863-b802-11de-8236-0015afab8659}\ not found. File E:\0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49874863-b802-11de-8236-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49874863-b802-11de-8236-0015afab8659}\ not found. File E:\0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5329f3cf-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5329f3cf-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5329f3cf-75ef-11de-a9e9-0015afab8659}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5329f404-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5329f404-75ef-11de-a9e9-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5329f404-75ef-11de-a9e9-0015afab8659}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d37ac3c-0826-11de-a652-0040a7138e6a}\ not found. File E:\3yalgc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7d37ac3c-0826-11de-a652-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d37ac3c-0826-11de-a652-0040a7138e6a}\ not found. File E:\3yalgc.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d4ddc0-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0d4ddc0-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d4ddc0-922e-11de-a48a-0015afab8659}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d4ddcd-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0d4ddcd-922e-11de-a48a-0015afab8659}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0d4ddcd-922e-11de-a48a-0015afab8659}\ not found. File E:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642afc9-39cf-11de-b18b-0040a7138e6a}\ not found. File F:\0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642afc9-39cf-11de-b18b-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642afc9-39cf-11de-b18b-0040a7138e6a}\ not found. File F:\0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642afcf-39cf-11de-b18b-0040a7138e6a}\ not found. File 0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f642afcf-39cf-11de-b18b-0040a7138e6a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f642afcf-39cf-11de-b18b-0040a7138e6a}\ not found. File 0fkk02x.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found. File E:\Instalar.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\Instalar.exe not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully. File/Folder C:\Users\zé de gili\*.tmp not found. File/Folder C:\*.tmp not found. ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully! ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Luís Fernando User: Public User: ze de gili User: zé de gili ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users -> No Temporary Internet Files cache folder defined! User: Default ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Default User ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Luís Fernando -> No Temporary Internet Files cache folder defined! User: Public -> No Temporary Internet Files cache folder defined! User: ze de gili -> No Temporary Internet Files cache folder defined! User: zé de gili ->Temp folder emptied: 519381564 bytes -> No Temporary Internet Files cache folder defined! ->Java cache emptied: 90361706 bytes ->FireFox cache emptied: 47724086 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2846288 bytes RecycleBin emptied: 1768 bytes Total Files Cleaned = 630,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06162010_174040 Files\Folders moved on Reboot... Registry entries deleted on Reboot... OBRIGADO! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 17, 2010 Bom Dia! sddom <@> Baixe: < > ( ...by sUBs ) <!> Link-2 --> < ForoSpyware > <!> Link-3 --> < GeeksToGo > <@> Salve-o no desktop! <@> Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! ) <@> Feche todas as janelas e execute a ferramenta! <@> Ps: A execução,por comando,também é possível: <@> Vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\Combofix.exe" /killall <@> Clique em Ok. <@> Na janela: "Contrato de garantia de software" --> Clique em Sim! <@> Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo! <@> Terminando,clique Sim ou Yes. --> Aguarde! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta ComboFix.exe e faça,novamente,seu download. <!> Salve-a no desktop,renomeada como: Kombo.exe <!> Ps: Nomeie durante o salvamento,e não após salvá-la! <!> Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em "Modo de Segurança". <-- Link! <!> Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação: <!> Ps: Anote essas detecções,e dê o OK. <!> Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde! <!> Ps: Evite executar,voluntariamente,esta ferramenta! <!> Ps: Para evitar problemas,siga todas as recomendações propostas. <!> Ps: ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão profissional. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX <@> Abrir-se-á a janela Auto Scan. --> Aguarde! <@> Para finalizar remoções,o ComboFix poderá reiniciar o computador. <@> Se houver necessidade,digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão! <@> Durante o scan,evite manusear o mouse ou teclado! <-- Importante! <@> Para parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter! <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 17, 2010 Segue os relatorios solicitados hijackthis e combofix Ao final se você pudesse me indicar programas pra defender melhor o meu computador lhe seria muito grato. obrigado! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:16:49, on 17/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\My Lockbox\mylbx.exe C:\Windows\tsnpstd3.exe C:\Windows\vsnpstd3.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\conime.exe C:\Program Files\Claro 3G\Claro 3G.exe C:\Users\zé de gili\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{F74E3E18-B0B8-4D5D-9C84-936891B73A1F}: NameServer = 200.169.117.222 200.169.117.221 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10108 bytes ComboFix 10-06-16.03 - zé de gili 17/06/2010 12:05:31.1.2 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2038.1217 [GMT -3:00] Executando de: c:\users\zé de gili\Desktop\Combofix.exe Comandos utilizados :: /killall SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 204 bytes in 1 streams. ADS - Windows: deleted 48 bytes in 1 streams. /wow section - STAGE 4 Acesso negado. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinConfig c:\program files\WinConfig\npf_mgm.exe c:\windows\imglib.dll c:\windows\SNMPAPI.DLL c:\windows\system32\AutoRun.inf c:\windows\system32\vb6ko.dll c:\windows\system32\WanPacket.dll c:\windows\system32\win.com c:\windows\system32\WinUpdate . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))) . 2010-06-17 15:22 . 2010-06-17 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-16 20:14 . 2010-06-16 20:14 -------- d-----w- C:\_OTL 2010-06-16 15:04 . 2010-06-16 15:04 -------- d-----w- c:\program files\Common Files\Protexis 2010-06-15 16:56 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 16:56 . 2010-06-15 16:56 -------- d-----w- c:\programdata\Malwarebytes 2010-06-15 16:56 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 16:56 . 2010-06-15 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-13 04:19 . 2010-06-13 09:13 -------- d-----w- c:\program files\Microsoft ATS 2010-06-13 04:07 . 2010-05-04 05:59 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-11 20:32 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-11 17:28 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-06-11 17:28 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-09 12:16 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2010-06-09 12:16 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2010-06-09 12:16 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2010-06-09 12:15 . 2010-06-17 11:15 -------- d-----w- c:\program files\Claro 3G 2010-06-08 23:07 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys 2010-06-08 22:38 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-06-07 19:32 . 2008-07-01 14:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys 2010-06-07 19:31 . 2008-09-02 20:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll 2010-06-07 19:31 . 2008-02-29 13:11 11776 ----a-w- c:\windows\system32\VMUVC.dll 2010-06-07 19:31 . 2009-07-20 19:50 252800 ----a-w- c:\windows\system32\drivers\VMUVC.sys 2010-06-07 19:30 . 2010-06-07 19:30 -------- d-----w- c:\program files\Vimicro Corporation 2010-06-05 05:03 . 2010-06-05 05:03 -------- d-----w- c:\windows\WinAVI Video Converter 9.0 2010-06-05 05:03 . 2010-06-05 05:04 -------- d-----w- c:\program files\WinAVI Video Converter 9.0 2010-06-05 03:16 . 2010-06-05 03:16 -------- d-----w- C:\CloneDVDTemp 2010-06-03 15:52 . 2010-06-03 15:52 -------- d-----w- c:\programdata\Elaborate Bytes 2010-06-02 03:52 . 2010-06-02 03:52 -------- d-----w- c:\program files\Elaborate Bytes 2010-05-31 06:56 . 2010-05-31 06:56 -------- d-----w- c:\program files\Common Files\SureThing Shared 2010-05-31 06:55 . 2010-05-31 06:55 -------- d-----w- c:\program files\Roxio 2010-05-31 05:50 . 2010-05-31 06:18 -------- d-----w- c:\program files\Acoustica CD Label Maker 2010-05-31 02:56 . 2010-05-31 02:56 -------- d-----w- c:\programdata\Hewlett-Packard 2010-05-31 02:56 . 2007-03-15 18:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-05-31 02:51 . 2010-05-31 02:51 -------- d-----w- c:\programdata\HPSSUPPLY 2010-05-31 02:44 . 2010-05-31 02:44 -------- d-----w- c:\programdata\HP Product Assistant 2010-05-31 02:42 . 2010-05-31 02:42 -------- d-----w- c:\program files\Common Files\HP 2010-05-31 02:40 . 2010-05-31 02:40 -------- d-----w- c:\program files\Hewlett-Packard 2010-05-31 02:31 . 2007-05-02 10:03 267864 ----a-w- c:\windows\system32\hpzids01.dll 2010-05-31 02:30 . 2007-03-15 18:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll 2010-05-31 02:29 . 2007-05-02 09:01 675840 ----a-w- c:\windows\system32\hpowiax5.dll 2010-05-31 02:29 . 2007-05-02 09:00 303104 ----a-w- c:\windows\system32\hpovst12.dll 2010-05-31 02:29 . 2007-05-02 08:56 954368 ----a-w- c:\windows\system32\hpotiop5.dll 2010-05-31 02:29 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2010-05-31 02:19 . 2010-06-08 18:28 154462 ----a-w- c:\windows\hpoins21.dat 2010-05-30 04:14 . 2010-05-30 04:14 1114 ----a-w- C:\X25576080X.reg 2010-05-26 17:36 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 20:11 . 2010-05-25 20:12 -------- d-----w- c:\program files\FotoSketcher 2010-05-24 20:12 . 2006-09-18 17:12 843776 ----a-w- c:\windows\vsnpstd3.exe 2010-05-24 20:12 . 2006-07-07 18:04 262144 ----a-w- c:\windows\tsnpstd3.exe 2010-05-24 20:12 . 2006-09-15 13:41 10205696 ----a-w- c:\windows\system32\drivers\snpstd3.sys 2010-05-24 20:12 . 2006-10-05 12:50 61440 ----a-w- c:\windows\system32\vsnpstd3.dll 2010-05-24 20:12 . 2006-04-12 15:11 147456 ----a-w- c:\windows\system32\rsnpstd3.dll 2010-05-24 20:12 . 2005-11-23 16:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll 2010-05-24 20:12 . 2010-05-24 20:12 -------- d-----w- c:\program files\Common Files\snpstd3 2010-05-24 19:41 . 2006-07-03 13:31 94208 ----a-w- c:\windows\amcap.exe 2010-05-18 21:53 . 2010-05-18 21:53 -------- d-----w- c:\users\ze de gili . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-17 12:47 . 2006-11-06 01:23 637106 ----a-w- c:\windows\system32\prfh0416.dat 2010-06-17 12:47 . 2006-11-06 01:23 122732 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-16 15:49 . 2009-12-22 21:26 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-06-16 15:05 . 2009-12-22 04:48 -------- d-----w- c:\programdata\Corel 2010-06-16 14:51 . 2009-04-16 02:36 -------- d-----w- c:\program files\Corel 2010-06-13 08:09 . 2009-03-11 18:13 -------- d-----w- c:\programdata\GbPlugin 2010-06-13 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-13 05:30 . 2008-01-31 12:45 -------- d-----w- c:\programdata\Microsoft Help 2010-06-13 05:09 . 2009-04-22 06:04 -------- d-----w- c:\program files\GbPlugin 2010-06-13 04:57 . 2009-02-21 00:35 -------- d-----w- c:\program files\Microsoft 2010-06-09 10:24 . 2009-12-02 20:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 01:57 . 2009-04-30 16:48 -------- d-----w- c:\program files\Google 2010-06-07 19:30 . 2008-01-31 10:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-02 03:15 . 2009-03-11 12:35 -------- d-----w- c:\programdata\DVD Shrink 2010-05-31 04:51 . 2009-12-30 20:14 -------- d-----w- c:\program files\UnderCoverXP 2010-05-31 02:51 . 2009-10-09 14:37 -------- d-----w- c:\program files\HP 2010-05-31 02:44 . 2009-10-09 14:35 -------- d-----w- c:\programdata\HP 2010-05-30 05:09 . 2009-02-21 23:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-27 12:52 . 2009-02-21 02:25 -------- d-----w- c:\program files\Messenger Plus! Live 2010-05-26 13:48 . 2010-02-03 18:01 45472 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2010-05-18 07:29 . 2010-05-18 07:28 -------- d-----w- c:\program files\DVD Flick 2010-05-18 06:59 . 2010-01-02 17:56 -------- d-----w- c:\program files\Common Files\Nero 2010-05-18 06:38 . 2010-01-02 17:57 -------- d-----w- c:\programdata\Nero 2010-05-15 15:57 . 2010-05-15 15:57 1114 ----a-w- C:\W15151377.reg 2010-05-13 17:35 . 2010-05-13 17:35 -------- d-----w- c:\program files\MSN Messenger 2010-05-12 14:21 . 2009-10-08 21:39 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-07 06:52 . 2010-05-07 01:39 -------- d-----w- c:\programdata\NCH Software 2010-05-07 06:51 . 2010-05-07 01:37 -------- d-----w- c:\program files\NCH Software 2010-05-07 06:50 . 2010-05-07 06:50 -------- d-----w- c:\programdata\NCH Swift Sound 2010-05-07 06:50 . 2010-05-07 06:50 -------- d-----w- c:\program files\NCH Swift Sound 2010-05-04 05:55 . 2010-06-13 04:06 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-13 04:06 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-13 04:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-04 01:04 . 2009-02-14 14:36 -------- d-----w- c:\program files\LogoManager Pro Suite 2010-05-04 01:04 . 2009-02-14 14:36 -------- d-----w- c:\program files\Common Files\LogoManager 2010-04-29 22:42 . 2010-04-29 22:42 -------- d-----w- c:\program files\CCleaner 2010-04-27 16:42 . 2010-04-27 14:54 94720 ----a-w- c:\windows\system32\inetpdrv.dll 2010-04-27 16:41 . 2010-04-27 14:54 367104 ----a-w- c:\windows\system32\mshelp32.dll 2010-04-27 15:04 . 2010-04-27 14:59 -------- d-----w- c:\programdata\WebcamMax 2010-04-21 13:29 . 2010-04-21 13:28 -------- d-----w- c:\program files\myBabylon_English 2010-04-17 23:00 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-04-17 22:59 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080] [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-12-31 14:53 2349080 ----a-w- c:\program files\myBabylon_English\tbmyBa.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-02-04 19:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2009-12-31 2349080] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824] "WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2010-01-13 6039896] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744] "PowerManager"="c:\program files\Power Manager\PM.exe" [2007-09-12 31744] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-30 68592] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-01-26 1214128] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47 335136 ----a-w- c:\program files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R2 AVKWCtl;Protetor anti-vírus AntiVirus;c:\program files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 136176] R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2006-04-04 30336] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-07-20 252800] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720] R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [2007-04-10 98432] R4 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\drivers\wbms_vista_x86.sys [2007-06-26 52224] R4 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\drivers\wbsdmmc_vista_x86.sys [2007-04-20 44544] R4 wbsx;Winbond xD Picture Controller;c:\windows\system32\drivers\wbsx_vista_x86.sys [2007-06-04 49664] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-05-26 45472] S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648] S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-05-26 55072] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-10-05 288256] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 00:24] 2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 00:24] 2010-06-17 c:\windows\Tasks\User_Feed_Synchronization-{5A948C75-E742-419D-A054-62FD441E63D8}.job - c:\windows\system32\msfeedssync.exe [2010-06-13 04:30] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ uInternet Settings,ProxyOverride = local IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www2 TCP: {8071EA0A-2A40-49D7-8188-ACFAB68E52A5} = 200.223.19.98,200.223.0.84 TCP: {EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC} = 200.223.19.98,200.223.0.84 FF - ProfilePath - c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORFÃOS REMOVIDOS - - - - HKLM-Run-wservices - c:\windows\System32\mopdir\services.exe ************************************************************************** Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: ************************************************************************** . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Outros Processos em Execução ------------------------ . c:\windows\system32\conime.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\RtHDVCpl.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Registry Mechanic\regmech.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Tempo para conclusão: 2010-06-17 12:42:08 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-06-17 15:41 Pré-execução: 5.439.254.528 bytes disponíveis Pós execução: 5.252.255.744 bytes disponíveis - - End Of File - - 129B67E40BA2A7A5081EDA33378CBA9C Valeu amigo! abraço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 17, 2010 Boa Noite! sddom <@> Baixe: < SystemLook > ( ...by jpshortstuff ) <@> Salve-o no desktop. <@> Execute SystemLook.exe e,no campo,cole estas informações: :filefindodbcuapi.dll <@> Clique,à seguir,em Look --> Aguarde! <@> Terminando,clique em Exit. <@> Poste o relatório: SystemLook.txt <-- 0000000000000000000000 oooooooooooooooooooooo <@> Selecione e copie,todo o conteúdo que está na área do QUOTE,para o Bloco de Notas. <@> Salve-o,no Desktop,com o nome: CFScript.txt File::c:\program files\Ask.com\GenericAskToolbar.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] [-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] [-HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] [-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] "{00000000-6E41-4FD3-8538-502F5495E5FC}"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"=- Folder:: c:\program files\Ask.com RegLock:: [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] <@> Ps: É recomendável que esteja desconectado,ao rodar o script. <@> Ps: Desabilite,temporariamente,seu antivírus. <@> Ps: Não utilizem este script em outra máquina! <@> Arraste,o CFScript.txt para o ícone/interior do ComboFix. <@> Veja a demonstração! <@> Atenda à solicitação,que deverá surgir,para rodar o ComboFix. <@> Ps: Faça o arraste,até surgir essa solicitação! ( janela ) <@> Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 19, 2010 boa tarde! fiz como você disse com o combofix, mas nao obtive êxito, aparece a seguinte mensagem quando aparece algo: "some files could not be created. please close all aplications, reboot windows and restart this installation" Iaí o que devo fazer? abaixo o relatorio do systemlook: SystemLook v1.0 by jpshortstuff (11.01.10) Log created at 20:53 on 18/06/2010 by zé de gili (Administrator - Elevation successful) ========== filefind ========== Searching for "odbcuapi.dll" No files found. -=End Of File=- Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 20, 2010 Boa Noite! sddom boa tarde! fiz como você disse com o combofix, mas nao obtive êxito, aparece a seguinte mensagem quando aparece algo:"some files could not be created. please close all aplications, reboot windows and restart this installation" Iaí o que devo fazer? <!> Tentou o procedimento em Modo de Segurança? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 21, 2010 Bom dia, valeu consegui executar em modo de segurança, segue os relatorios solicitados: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:54:08, on 21/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\My Lockbox\mylbx.exe C:\Windows\tsnpstd3.exe C:\Windows\vsnpstd3.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Registry Mechanic\RMTray.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conime.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\zé de gili\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9441 bytes ComboFix 10-06-18.03 - zé de gili 21/06/2010 9:27.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.55.1046.18.2038.1585 [GMT -3:00] Executando de: c:\users\zé de gili\Desktop\ComboFix.exe Comandos utilizados :: c:\users\zé de gili\Desktop\CFScript.txt SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ADS - drivers: deleted 204 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ask.com c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe . (((((((((((((((( Arquivos/Ficheiros criados de 2010-05-21 to 2010-06-21 )))))))))))))))))))))))))))) . 2010-06-21 12:41 . 2010-06-21 12:41 -------- d-----w- c:\users\ze de gili\AppData\Local\temp 2010-06-21 12:41 . 2010-06-21 12:41 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-21 12:41 . 2010-06-21 12:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-21 12:16 . 2010-06-21 12:16 -------- d-----w- c:\program files\Common Files\Java 2010-06-21 12:14 . 2010-06-21 12:13 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-19 16:41 . 2010-06-19 16:42 -------- d-----w- C:\32788R22FWJFW.3.tmp 2010-06-19 04:01 . 2010-06-19 04:02 -------- d-----w- C:\32788R22FWJFW.2.tmp 2010-06-19 03:52 . 2010-06-19 03:59 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-06-17 18:57 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys 2010-06-17 18:57 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys 2010-06-17 18:57 . 2008-03-21 13:16 104960 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys 2010-06-17 18:57 . 2010-06-20 14:23 -------- d-----w- c:\program files\Claro 3G 2010-06-16 20:14 . 2010-06-16 20:14 -------- d-----w- C:\_OTL 2010-06-16 15:04 . 2010-06-16 15:04 -------- d-----w- c:\program files\Common Files\Protexis 2010-06-15 16:56 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 16:56 . 2010-06-15 16:56 -------- d-----w- c:\programdata\Malwarebytes 2010-06-15 16:56 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 16:56 . 2010-06-15 16:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-13 04:19 . 2010-06-13 09:13 -------- d-----w- c:\program files\Microsoft ATS 2010-06-13 04:07 . 2010-05-04 05:59 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-11 20:32 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll 2010-06-11 17:28 . 2010-05-26 14:25 289792 ----a-w- c:\windows\system32\atmfd.dll 2010-06-11 17:28 . 2010-05-26 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll 2010-06-08 23:07 . 2010-05-01 13:53 2036224 ----a-w- c:\windows\system32\win32k.sys 2010-06-08 22:38 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll 2010-06-07 19:32 . 2008-07-01 14:12 398720 ----a-w- c:\windows\system32\drivers\vvftUVC.sys 2010-06-07 19:31 . 2008-09-02 20:47 94208 ----a-w- c:\windows\system32\VvFtCtrl.dll 2010-06-07 19:31 . 2008-02-29 13:11 11776 ----a-w- c:\windows\system32\VMUVC.dll 2010-06-07 19:31 . 2009-07-20 19:50 252800 ----a-w- c:\windows\system32\drivers\VMUVC.sys 2010-06-07 19:30 . 2010-06-07 19:30 -------- d-----w- c:\program files\Vimicro Corporation 2010-06-05 05:03 . 2010-06-05 05:03 -------- d-----w- c:\windows\WinAVI Video Converter 9.0 2010-06-05 05:03 . 2010-06-05 05:04 -------- d-----w- c:\program files\WinAVI Video Converter 9.0 2010-06-05 03:16 . 2010-06-05 03:16 -------- d-----w- C:\CloneDVDTemp 2010-06-03 15:52 . 2010-06-03 15:52 -------- d-----w- c:\programdata\Elaborate Bytes 2010-06-02 03:52 . 2010-06-02 03:52 -------- d-----w- c:\program files\Elaborate Bytes 2010-05-31 06:56 . 2010-05-31 06:56 -------- d-----w- c:\program files\Common Files\SureThing Shared 2010-05-31 06:55 . 2010-05-31 06:55 -------- d-----w- c:\program files\Roxio 2010-05-31 05:50 . 2010-05-31 06:18 -------- d-----w- c:\program files\Acoustica CD Label Maker 2010-05-31 02:56 . 2010-05-31 02:56 -------- d-----w- c:\programdata\Hewlett-Packard 2010-05-31 02:56 . 2007-03-15 18:32 274944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzpp5ha.dll 2010-05-31 02:51 . 2010-05-31 02:51 -------- d-----w- c:\programdata\HPSSUPPLY 2010-05-31 02:44 . 2010-05-31 02:44 -------- d-----w- c:\programdata\HP Product Assistant 2010-05-31 02:42 . 2010-05-31 02:42 -------- d-----w- c:\program files\Common Files\HP 2010-05-31 02:40 . 2010-05-31 02:40 -------- d-----w- c:\program files\Hewlett-Packard 2010-05-31 02:31 . 2007-05-02 10:03 267864 ----a-w- c:\windows\system32\hpzids01.dll 2010-05-31 02:30 . 2007-03-15 18:32 118272 ----a-w- c:\windows\system32\hpz3l5ha.dll 2010-05-31 02:29 . 2007-05-02 09:01 675840 ----a-w- c:\windows\system32\hpowiax5.dll 2010-05-31 02:29 . 2007-05-02 09:00 303104 ----a-w- c:\windows\system32\hpovst12.dll 2010-05-31 02:29 . 2007-05-02 08:56 954368 ----a-w- c:\windows\system32\hpotiop5.dll 2010-05-31 02:29 . 2007-03-08 04:20 364544 ----a-w- c:\windows\system32\hppldcoi.dll 2010-05-31 02:19 . 2010-06-08 18:28 154462 ----a-w- c:\windows\hpoins21.dat 2010-05-30 04:14 . 2010-05-30 04:14 1114 ----a-w- C:\X25576080X.reg 2010-05-26 17:36 . 2010-04-23 13:55 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-25 20:11 . 2010-05-25 20:12 -------- d-----w- c:\program files\FotoSketcher 2010-05-24 20:12 . 2006-09-18 17:12 843776 ----a-w- c:\windows\vsnpstd3.exe 2010-05-24 20:12 . 2006-07-07 18:04 262144 ----a-w- c:\windows\tsnpstd3.exe 2010-05-24 20:12 . 2006-09-15 13:41 10205696 ----a-w- c:\windows\system32\drivers\snpstd3.sys 2010-05-24 20:12 . 2006-10-05 12:50 61440 ----a-w- c:\windows\system32\vsnpstd3.dll 2010-05-24 20:12 . 2006-04-12 15:11 147456 ----a-w- c:\windows\system32\rsnpstd3.dll 2010-05-24 20:12 . 2005-11-23 16:55 53248 ----a-w- c:\windows\system32\csnpstd3.dll 2010-05-24 20:12 . 2010-05-24 20:12 -------- d-----w- c:\program files\Common Files\snpstd3 2010-05-24 19:41 . 2006-07-03 13:31 94208 ----a-w- c:\windows\amcap.exe . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-20 17:41 . 2009-12-22 21:26 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-06-20 17:41 . 2009-12-22 21:26 2828 --sha-w- c:\programdata\KGyGaAvL.sys 2010-06-20 14:24 . 2006-11-06 01:23 637106 ----a-w- c:\windows\system32\prfh0416.dat 2010-06-20 14:24 . 2006-11-06 01:23 122732 ----a-w- c:\windows\system32\prfc0416.dat 2010-06-17 16:02 . 2009-08-03 18:03 -------- d-----w- c:\program files\ESET 2010-06-16 15:05 . 2009-12-22 04:48 -------- d-----w- c:\programdata\Corel 2010-06-16 14:51 . 2009-04-16 02:36 -------- d-----w- c:\program files\Corel 2010-06-13 08:09 . 2009-03-11 18:13 -------- d-----w- c:\programdata\GbPlugin 2010-06-13 08:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-06-13 05:30 . 2008-01-31 12:45 -------- d-----w- c:\programdata\Microsoft Help 2010-06-13 05:09 . 2009-04-22 06:04 -------- d-----w- c:\program files\GbPlugin 2010-06-13 04:57 . 2009-02-21 00:35 -------- d-----w- c:\program files\Microsoft 2010-06-09 10:24 . 2009-12-02 20:45 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-08 01:57 . 2009-04-30 16:48 -------- d-----w- c:\program files\Google 2010-06-07 19:30 . 2008-01-31 10:43 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-02 03:15 . 2009-03-11 12:35 -------- d-----w- c:\programdata\DVD Shrink 2010-05-31 04:51 . 2009-12-30 20:14 -------- d-----w- c:\program files\UnderCoverXP 2010-05-31 02:51 . 2009-10-09 14:37 -------- d-----w- c:\program files\HP 2010-05-31 02:44 . 2009-10-09 14:35 -------- d-----w- c:\programdata\HP 2010-05-30 05:09 . 2009-02-21 23:24 -------- d-----w- c:\program files\Common Files\Adobe 2010-05-27 12:52 . 2009-02-21 02:25 -------- d-----w- c:\program files\Messenger Plus! Live 2010-05-26 13:48 . 2010-02-03 18:01 45472 ----a-w- c:\windows\system32\drivers\GbpKm.sys 2010-05-21 17:14 . 2009-10-08 21:39 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-18 07:29 . 2010-05-18 07:28 -------- d-----w- c:\program files\DVD Flick 2010-05-18 06:59 . 2010-01-02 17:56 -------- d-----w- c:\program files\Common Files\Nero 2010-05-18 06:38 . 2010-01-02 17:57 -------- d-----w- c:\programdata\Nero 2010-05-15 15:57 . 2010-05-15 15:57 1114 ----a-w- C:\W15151377.reg 2010-05-13 17:35 . 2010-05-13 17:35 -------- d-----w- c:\program files\MSN Messenger 2010-05-07 06:52 . 2010-05-07 01:39 -------- d-----w- c:\programdata\NCH Software 2010-05-07 06:51 . 2010-05-07 01:37 -------- d-----w- c:\program files\NCH Software 2010-05-07 06:50 . 2010-05-07 06:50 -------- d-----w- c:\programdata\NCH Swift Sound 2010-05-07 06:50 . 2010-05-07 06:50 -------- d-----w- c:\program files\NCH Swift Sound 2010-05-04 05:55 . 2010-06-13 04:06 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-05-04 05:55 . 2010-06-13 04:06 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-05-04 04:31 . 2010-06-13 04:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-05-04 01:04 . 2009-02-14 14:36 -------- d-----w- c:\program files\LogoManager Pro Suite 2010-05-04 01:04 . 2009-02-14 14:36 -------- d-----w- c:\program files\Common Files\LogoManager 2010-04-29 22:42 . 2010-04-29 22:42 -------- d-----w- c:\program files\CCleaner 2010-04-27 16:42 . 2010-04-27 14:54 94720 ----a-w- c:\windows\system32\inetpdrv.dll 2010-04-27 16:41 . 2010-04-27 14:54 367104 ----a-w- c:\windows\system32\mshelp32.dll 2010-04-27 15:04 . 2010-04-27 14:59 -------- d-----w- c:\programdata\WebcamMax 2010-04-17 23:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-04-17 23:00 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll 2010-04-17 22:59 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-30 39408] "RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824] "WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2010-01-13 6039896] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744] "PowerManager"="c:\program files\Power Manager\PM.exe" [2007-09-12 31744] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-30 68592] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2010-01-26 1214128] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] "VMonitorVMUVC"="c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe" [2008-08-29 143360] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2010-05-26 13:47 335136 ----a-w- c:\program files\GbPlugin\gbieh.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208] R2 AVKWCtl;Protetor anti-vírus AntiVirus;c:\program files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe [x] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720] R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800] R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648] R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-05-26 55072] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 136176] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2009-10-14 583640] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-10-05 288256] R3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\Drivers\usb2vcom.sys [2006-04-04 30336] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-07-20 252800] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 398720] R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\zteusbser.sys [2007-04-10 98432] R4 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\drivers\wbms_vista_x86.sys [2007-06-26 52224] R4 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\drivers\wbsdmmc_vista_x86.sys [2007-04-20 44544] R4 wbsx;Winbond xD Picture Controller;c:\windows\system32\drivers\wbsx_vista_x86.sys [2007-06-04 49664] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-05-26 45472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 00:24] 2010-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-08 00:24] 2010-06-20 c:\windows\Tasks\User_Feed_Synchronization-{5A948C75-E742-419D-A054-62FD441E63D8}.job - c:\windows\system32\msfeedssync.exe [2010-06-13 04:30] . . ------- Scan Suplementar ------- . uStart Page = hxxp://www.google.com.br/ IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 Trusted Zone: bancobrasil.com.br\www2 TCP: {8071EA0A-2A40-49D7-8188-ACFAB68E52A5} = 200.223.19.98,200.223.0.84 TCP: {EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC} = 200.223.19.98,200.223.0.84 FF - ProfilePath - c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll FF - component: c:\users\zé de gili\AppData\Roaming\Mozilla\Firefox\Profiles\egkbmo99.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORFÃOS REMOVIDOS - - - - BHO-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) Toolbar-{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file) HKLM-RunOnce-<NO NAME> - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-21 09:41 Windows 6.0.6001 Service Pack 1 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . Tempo para conclusão: 2010-06-21 09:44:55 ComboFix-quarantined-files.txt 2010-06-21 12:44 ComboFix2.txt 2010-06-17 15:42 Pré-execução: 10.864.230.400 bytes disponíveis Pós execução: 10.832.257.024 bytes disponíveis - - End Of File - - 24EEF46A877C3DFBD74EFF7EF11DFBEF obrigado mais uma vez, abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 21, 2010 Bom Dia! sddom <@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 ) <@> Salve-a em Arquivos de programas! <@> Desabilite seu antivírus! <@> Ps: Para Windows Vista,tenha atributos de administrador,ao executar a ferramenta. <@> Instale e execute a ferramenta,com um duplo-clique em: < > <@> Nas opções da língua,escolha "PT-BR" --> Enter. <@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter. <@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... ) <@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok. <@> O computador irá reiniciar. <-- Aguarde! <@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta. <@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante! <@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter. <@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 21, 2010 Boa noite! relatorios usbfix e hijackthis ############################## | UsbFix 7.013 | [supressão] Usuário: zé de gili (Administrador) # ZÉDEGILI-PC [itautec S.A. Infoway] Atualizado em 21/06/10 por El Desaparecido / C_XX Começou em 17:51:45 | 21/06/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: Genuine Intel® CPU T1400 @ 1.73GHz CPU 2: Genuine Intel® CPU T1400 @ 1.73GHz Microsoft® Windows Vista™ Home Basic (6.0.6001 32-Bit) # Service Pack 1 Internet Explorer 8.0.6001.18928 Windows Firewall: Habilitado RAM -> 2038 Mb C:\ (%systemdrive%) -> Disco fixo # 148 Gb (7 Mb livre - 5%) [system_OS] # NTFS D:\ -> CD-ROM G:\ -> Disco removível # 4 Gb (788 Mb livre - 21%) [] # FAT32 H:\ -> Disco removível # 2 Gb (916 Mb livre - 48%) [### GABY###] # FAT ################## | Ficheiros # pastas infeciosos | Não supprimido ! C:\Program Files\GbPlugin ################## | Registro | Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools Supprimido ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives Supprimido ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives ################## | Mountpoints2 | ################## | Listing | [21/06/2010 - 18:04:01 | SHD ] C:\$RECYCLE.BIN [19/06/2010 - 00:59:22 | D ] C:\32788R22FWJFW.1.tmp [19/06/2010 - 01:02:32 | D ] C:\32788R22FWJFW.2.tmp [19/06/2010 - 13:42:07 | D ] C:\32788R22FWJFW.3.tmp [31/01/2008 - 07:35:37 | SHD ] C:\Arquivos de programas [23/04/2010 - 13:33:14 | D ] C:\Arquivos de Programas RFB [18/09/2006 - 18:43:36 | A | 24] C:\autoexec.bat [30/05/2010 - 01:14:54 | A | 11] C:\boods.log [17/04/2010 - 21:16:30 | D ] C:\Boot [19/01/2008 - 04:45:45 | RASH | 333203] C:\bootmgr [15/05/2010 - 12:57:01 | A | 11] C:\boots.log [31/01/2008 - 08:25:55 | RAS | 8192] C:\BOOTSECT.BAK [03/05/2009 - 22:41:26 | D ] C:\Brasfoot2008 [05/06/2010 - 00:16:44 | D ] C:\CloneDVDTemp [21/06/2010 - 09:44:55 | A | 20614] C:\ComboFix.txt [21/06/2010 - 09:16:03 | D ] C:\Config.Msi [18/09/2006 - 18:43:37 | A | 10] C:\config.sys [02/11/2006 - 09:59:44 | SHD ] C:\Documents and Settings [10/09/2009 - 03:56:31 | D ] C:\Downloads [21/06/2010 - 09:47:53 | ASH | 2137448448] C:\hiberfil.sys [31/01/2008 - 07:40:21 | D ] C:\Intel [22/07/2008 - 16:36:11 | RASH | 0] C:\IO.SYS [31/01/2008 - 09:56:13 | A | 41] C:\L0016011.SW [03/05/2010 - 22:04:24 | D ] C:\lotoman2 [02/12/2009 - 17:52:04 | D ] C:\Microgaming [22/07/2008 - 16:36:11 | RASH | 0] C:\MSDOS.SYS [31/01/2008 - 09:45:08 | RD ] C:\MSOCache [23/01/2010 - 17:36:07 | A | 3508984] C:\mummy.log [21/06/2010 - 09:47:46 | ASH | 2451247104] C:\pagefile.sys [03/02/2010 - 18:11:03 | A | 13030] C:\PDOXUSRS.NET [17/04/2010 - 20:53:06 | D ] C:\PerfLogs [21/06/2010 - 17:46:25 | RD ] C:\Program Files [21/06/2010 - 09:16:04 | D ] C:\ProgramData [21/06/2010 - 09:44:58 | D ] C:\Qoobox [31/01/2008 - 07:44:36 | A | 426] C:\RHDSetup.log [31/01/2008 - 09:52:39 | D ] C:\SW_UTIL [21/06/2010 - 09:10:17 | SHD ] C:\System Volume Information [21/06/2010 - 18:04:01 | D ] C:\UsbFix [21/06/2010 - 17:52:34 | A | 3176] C:\UsbFix.txt [18/05/2010 - 18:53:55 | RD ] C:\Users [15/05/2010 - 12:57:01 | A | 1114] C:\W15151377.reg [21/06/2010 - 09:47:46 | AD ] C:\Windows [30/05/2010 - 01:14:57 | A | 1114] C:\X25576080X.reg [16/06/2010 - 17:14:02 | D ] C:\_OTL [31/01/2008 - 09:27:51 | AT | 23460] C:\_wdsuef.dmp ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:18:07, on 21/06/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\zé de gili\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{8071EA0A-2A40-49D7-8188-ACFAB68E52A5}: NameServer = 200.223.19.98,200.223.0.84 O17 - HKLM\System\CCS\Services\Tcpip\..\{E4283A55-28D5-42B0-85B3-0C7AC926CB30}: NameServer = 200.169.117.222 200.169.117.221 O17 - HKLM\System\CCS\Services\Tcpip\..\{EABD51B3-1F2B-47A5-8CCD-FAF00D0A2CCC}: NameServer = 200.223.19.98,200.223.0.84 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Protetor anti-vírus AntiVirus (AVKWCtl) - Unknown owner - C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 7942 bytes Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 21, 2010 Boa Noite! sddom <@> Execute o OTL.exe. <@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções :filesC:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe C:\Program Files\G DATA AntiVirus Trial\AVK C:\Program Files\G DATA AntiVirus Trial :services AVKWCtl :commands [purity] [emptyflash] [emptytemp] [Reboot] <@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar! <@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 21, 2010 boa noite! ok feito. All processes killed ========== FILES ========== File\Folder C:\Program Files\G DATA AntiVirus Trial\AVK\AVKWCtl.exe not found. File\Folder C:\Program Files\G DATA AntiVirus Trial\AVK not found. File\Folder C:\Program Files\G DATA AntiVirus Trial not found. ========== SERVICES/DRIVERS ========== Service AVKWCtl stopped successfully! Service AVKWCtl deleted successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Luís Fernando User: Public User: ze de gili User: zé de gili ->Flash cache emptied: 866 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users -> No Temporary Internet Files cache folder defined! User: Default ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Default User ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Luís Fernando ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: Public ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: ze de gili ->Temp folder emptied: 0 bytes -> No Temporary Internet Files cache folder defined! User: zé de gili ->Temp folder emptied: 21168012 bytes -> No Temporary Internet Files cache folder defined! ->Java cache emptied: 0 bytes ->FireFox cache emptied: 92754352 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 7290980 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 32096 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 116,00 mb OTL by OldTimer - Version 3.2.6.0 log created on 06212010_222349 Files\Folders moved on Reboot... Registry entries deleted on Reboot... te mais ver! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 21, 2010 Boa Noite! sddom <@> Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. < > <@> Abrir-se-á,a seguinte janela: ( Abrir arquivo - Aviso de Segurança ) <@> Clique em Executar --> Aguarde! <@> Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. <@> Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! <@> Ou,vá em Iniciar --> Executar --> Digite ou cole: "%userprofile%\desktop\combofix" /uninstall <@> Clique OK. 0000000000000000000000 oooooooooooooooooooooo <@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! 0000000000000000000000 oooooooooooooooooooooo <@> Baixe: < JavaRa > <@> Tire-o do zip! <@> Dê um duplo-clique no JavaRa.exe --> Clique em Search For Updates. <@> Selecione a opção Update Using jucheck.exe --> Clique no botão Search. <@> Se estiver atualizado,receberá um aviso confirmando a última versão. <@> Caso contrário,aguarde a nova versão do Java ser baixada e instalada. <@> Clique no botão "Remove Older Versions" --> Aguarde! 0000000000000000000000 oooooooooooooooooooooo <@> Baixe: < TFC > ( by Old Timer ) <!> Link - 2 < http://www.geekstogo.com/forum/TFC-Temp-File-Cleaner-OldTimer-file187.html > <@> Salve-o no desktop! <@> Feche todos os programas! ( Internet,navegador,etc... ) <@> Execute TFC.exe,com um duplo-clique. <@> Ps: Para Windows Vista --> Clique direito --> Escolha: Executar como Administrador <@> Clique em Start --> Aguarde! <@> Terminando,reinicie o computador...caso a ferramenta não o solicite e dê início ao processo. ( reboot ) Segue os relatorios solicitados hijackthis e combofixAo final se você pudesse me indicar programas pra defender melhor o meu computador lhe seria muito grato. obrigado! <!> Basta,apenas,o Panda Cloud Antivirus e bons hábitos ao navegar. 00000000000000000000000 <@> Desinstale o Nod32 e instale o primeiro antivírus,gratuito,com tecnologias de cloud-computing. <!> < Panda Cloud Antivirus > <@> Maiores informações: < Link > 000000000000000000000000 <!> Seus logs estão limpos! ^_^ <!> Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
sddom 0 Denunciar post Postado Junho 22, 2010 Obrigado DigRam os problemas estao resolvidos e o computador está mais rapido. vlw abraços! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 22, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
