Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

lxxnandoxxl

[Arquivado] problemas

Por , em Tópicos Arquivados (Seguranca & Malwares)

Recommended Posts

lxxnandoxxl    0

lxxnandoxxl
Postado

desculpem sou novo por aqui estava navegando procurando uma resposta para meus problemas com o pc e encontrei o imasters

 

bem estou com alguns problemas não consigo acessar alguas sites quando os acesso da uma msg de o internet explorer não pode abrir o site e tals

tambem não consigo acessar siter de anti virus online sempre quando esta instalando o plugin ele da um erro e não deixa que finalize

 

eu tenh0o no meu pc instalado o avast

espero que vces possam me ajudar aqui deixo uma copida do hijackthis

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 04:36:24, on 19/06/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\PixArt\PAC7302\Monitor.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\NET2SOFT\Anti-Hacker Expert\Firewall.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AhnLab\ASP\Components\ASPLnchr.exe

C:\Program Files\AhnLab\ASP\Smart Update i\aostray.exe

C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\mkd25tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\PokerStars\PokerStars.exe

C:\Program Files\Cake Poker (BETA)\CakeNotifier.exe

C:\Program Files\Everest Poker\Everest Poker.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2567694

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Games Bar Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGame.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll

O3 - Toolbar: Games Bar Brazil Toolbar - {1a7d1aed-2150-410e-a094-14d834aaf430} - C:\Program Files\Games_Bar_Brazil\tbGame.dll

O3 - Toolbar: Messenger Plus Live Brazil Toolbar - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Anti-Hacker Expert Firewall] C:\PROGRA~1\NET2SOFT\Anti-Hacker Expert\Firewall.exe

O4 - HKCU\..\Run: [EPSON Stylus T23 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEAB.EXE /FU "C:\Users\fernando\AppData\Local\Temp\E_S1E7B.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\fernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.2)" -"http://ultradownloads.uol.com.br/jogo-online/Aventura/Caixas-de-Gelo/"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: Cake Poker (BETA) Notifier.lnk = C:\Program Files\Cake Poker (BETA)\CakeNotifier.exe

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: Copacabana Poker - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\CopacabanapokerMPP\MPPoker.exe (HKCU)

O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)

O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EF74B177-29F3-4D62-8D8E-A0311B9A8BE3}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

 

--

End of file - 10500 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! lxxnandoxxl

 

<!> Desinstale:

 

<1> C:\Program Files\Games_Bar_Brazil

<2> C:\Program Files\Spybot - Search & Destroy

<3> C:\Program Files\PokerStars

<4> C:\PROGRA~1\NET2SOFT\Anti-Hacker Expert

<5> C:\Program Files\Cake Poker (BETA)

<6> C:\Programs\PartyGaming

 

<!> Ps: Após cada desinstalação,execute o OTC ou CCleaner na limpeza ao registro.

<!> Posteriormente,após a desinfecção do PC,volte a reinstalar seus jogos.

00000000000000000000000

ooooooooooooooooooooooo

<@> Baixe: < OTC > ( ...by Old Timer Tools )

<@> Salve-o no desktop.

<@> Execute-a,clicando em OTC.exe < 4142006426_4719050954_o.gif >

<@> Clique em CleanUp.jpg --> Yes.

<@> Terminando,reinicie o computador!

00000000000000000000000

ooooooooooooooooooooooo

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < otlDesktopIcon.png >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\sfcfiles.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5CREATERESTOREPOINT

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<!> <1> OTL.txt <--

<!> <2> Extras.txt <--

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

lxxnandoxxl    0

lxxnandoxxl
Postado

aqui estao as logs

 

OLT.TXT

 

OTL logfile created on: 28/06/2010 12:10:58 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\fernando\Desktop

Windows Vista Starter Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS

Drive D: | 9,35 Gb Total Space | 4,28 Gb Free Space | 45,75% Space Free | Partition Type: NTFS

Drive E: | 9,30 Gb Total Space | 2,83 Gb Free Space | 30,43% Space Free | Partition Type: NTFS

Drive F: | 5,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FERNANDO-PC

Current User Name: fernando

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\fernando\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)

PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe ()

PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

PRC - C:\Program Files\NET2SOFT\Anti-Hacker Expert\Firewall.exe (NET2SOFT INC.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\fernando\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.dll (Microsoft Corporation)

MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)

MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)

MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)

MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1434_none_d08b6002442c891f\msvcr80.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)

SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)

SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)

SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (scpVista) -- C:\Program Files\Scpad\scpVista.exe (Scopus Tecnologia Ltda)

SRV - (NMSAccessU) -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)

DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)

DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)

DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)

DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)

DRV - (bbcap) -- C:\Windows\System32\drivers\bbcap.sys (Windows ® Codename Longhorn DDK provider)

DRV - (Mkd2kfNt) -- C:\Windows\System32\drivers\Mkd2kfNT.sys (AhnLab, Inc.)

DRV - (Mkd2Nadr) -- C:\Windows\System32\drivers\Mkd2Nadr.sys (AhnLab, Inc.)

DRV - (usbaudio) Driver de áudio USB (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)

DRV - (s916mdm) -- C:\Windows\System32\drivers\s916mdm.sys (MCCI Corporation)

DRV - (s916bus) Sony Ericsson Device 916 driver (WDM) -- C:\Windows\System32\drivers\s916bus.sys (MCCI Corporation)

DRV - (s916mdfl) -- C:\Windows\System32\drivers\s916mdfl.sys (MCCI Corporation)

DRV - (Atc002) -- C:\Windows\System32\drivers\l260x86.sys (Atheros Communications)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.hotmail.com.br/ [binary data]

IE - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\..\URLSearchHook: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2567694&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Live Brazil Customized Web Search"

FF - prefs.js..browser.startup.homepage: "www.google.com.br"

FF - prefs.js..extensions.enabledItems: {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}:2.6.0.15

FF - prefs.js..extensions.enabledItems: {87F8774F-B485-47E2-A755-A40A8A5E8874}:1.0.7.10

FF - prefs.js..network.proxy.http: "132.239.17.226"

FF - prefs.js..network.proxy.http_port: 3124

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 22:02:36 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/27 19:54:15 | 000,000,000 | ---D | M]

 

[2010/05/26 22:03:41 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\mozilla\Extensions

[2010/06/23 09:55:00 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\mozilla\Firefox\Profiles\dxvbqj9b.default\extensions

[2010/06/23 09:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\fernando\AppData\Roaming\mozilla\Firefox\Profiles\dxvbqj9b.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}

[2010/06/13 15:21:22 | 000,000,000 | ---D | M] (Messenger Plus Live Brazil Toolbar) -- C:\Users\fernando\AppData\Roaming\mozilla\Firefox\Profiles\dxvbqj9b.default\extensions\{edbca961-4bf8-4cbe-8c63-a11dff9ed2d9}

[2010/04/21 12:06:34 | 000,000,955 | ---- | M] () -- C:\Users\fernando\AppData\Roaming\Mozilla\FireFox\Profiles\dxvbqj9b.default\searchplugins\conduit.xml

[2010/05/26 22:02:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/04/01 14:34:02 | 000,001,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\buscape.xml

[2010/04/01 14:34:02 | 000,001,212 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/04/01 14:34:02 | 000,001,168 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/04/01 14:34:02 | 000,000,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-br.xml

 

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Messenger Plus Live Brazil Toolbar) - {edbca961-4bf8-4cbe-8c63-a11dff9ed2d9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\..\Toolbar\WebBrowser: (Messenger Plus Live Brazil Toolbar) - {EDBCA961-4BF8-4CBE-8C63-A11DFF9ED2D9} - C:\Program Files\Messenger_Plus_Live_Brazil\tbMes1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Anti-Hacker Expert Firewall] C:\Program Files\NET2SOFT\Anti-Hacker Expert\Firewall.exe (NET2SOFT INC.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000..\Run: [EPSON Stylus T23 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEAB.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found

O4 - Startup: C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O7 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()

O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000\..Trusted Domains: everestpoker.com ([account] https in Sites confiáveis)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O22 - SharedTaskScheduler: {A3717295-941D-416F-9384-ED1736729F1C} - scpLIB - C:\Program Files\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2002/08/27 05:31:52 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{43d72ede-5523-11df-a023-f25b645db588}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe -- File not found

O33 - MountPoints2\{881c825e-45a8-11df-8a97-cefb607616e9}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe -- File not found

O33 - MountPoints2\{99063f9d-09ca-11de-80e1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{99063f9d-09ca-11de-80e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\bichos.exe -- [2002/08/27 05:29:16 | 003,135,076 | R--- | M] (Macromedia, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias [2009/03/24 12:40:22 | 000,000,000 | ---D | M]

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: EPSON Stylus T23 Series - hkey= - key= - File not found

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: Shareaza - hkey= - key= - C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)

MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {49C187D7-91E1-459E-9759-2925384BD397} - .NET Framework

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 14 Days ==========

 

[2010/06/28 11:24:07 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\fernando\Desktop\OTL.exe

[2010/06/28 11:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2010/06/28 11:05:58 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Users\fernando\Desktop\ccsetup233.exe

[2010/06/23 10:14:21 | 000,000,000 | ---D | C] -- C:\ProgramData\GbPlugin

[2010/06/19 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\fernando\AppData\Roaming\Malwarebytes

[2010/06/19 12:34:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/06/19 12:34:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/06/19 12:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/06/19 12:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/06/19 12:32:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\fernando\Desktop\mbam-setup.exe

[2010/06/19 04:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/06/18 23:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Everest Poker

[2010/06/14 21:40:39 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8

[2010/06/14 21:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2010/06/14 13:25:23 | 000,000,000 | ---D | C] -- C:\Users\fernando\Documents\Blocos de Anotações do OneNote

 

========== Files - Modified Within 14 Days ==========

 

[2010/06/28 12:13:27 | 008,912,896 | -HS- | M] () -- C:\Users\fernando\ntuser.dat

[2010/06/28 12:11:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3349340542-2255532408-2552783750-1000UA.job

[2010/06/28 12:02:05 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/06/28 12:02:05 | 000,004,528 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/06/28 11:24:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\fernando\Desktop\OTL.exe

[2010/06/28 11:22:30 | 001,449,312 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/06/28 11:22:30 | 000,635,670 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/06/28 11:22:30 | 000,588,818 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/06/28 11:22:30 | 000,122,138 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/06/28 11:22:30 | 000,101,562 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/06/28 11:19:12 | 000,099,864 | ---- | M] () -- C:\Users\fernando\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/28 11:17:29 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2010/06/28 11:17:03 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/06/28 11:17:01 | 000,372,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/06/28 11:16:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/06/28 11:16:40 | 000,000,031 | ---- | M] () -- C:\Windows\System32\bbcap.err

[2010/06/28 11:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\fernando\NTUSER.DAT{024c5571-6a70-11db-8b20-e67c0f776047}.TMContainer00000000000000000001.regtrans-ms

[2010/06/28 11:15:31 | 000,065,536 | -HS- | M] () -- C:\Users\fernando\NTUSER.DAT{024c5571-6a70-11db-8b20-e67c0f776047}.TM.blf

[2010/06/28 11:15:29 | 004,276,437 | -H-- | M] () -- C:\Users\fernando\AppData\Local\IconCache.db

[2010/06/28 11:06:40 | 000,000,764 | ---- | M] () -- C:\Users\fernando\Desktop\CCleaner.lnk

[2010/06/28 11:06:24 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Users\fernando\Desktop\ccsetup233.exe

[2010/06/24 16:11:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3349340542-2255532408-2552783750-1000Core.job

[2010/06/19 12:34:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/19 12:34:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\fernando\Desktop\mbam-setup.exe

[2010/06/19 04:36:04 | 000,001,834 | ---- | M] () -- C:\Users\fernando\Desktop\HijackThis.lnk

[2010/06/18 23:13:55 | 000,001,096 | ---- | M] () -- C:\Windows\win.ini

[2010/06/18 23:13:49 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\Everest Poker.lnk

[2010/06/14 13:25:23 | 000,001,073 | ---- | M] () -- C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

 

========== Files Created - No Company Name ==========

 

[2010/06/19 12:34:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/06/19 04:36:04 | 000,001,834 | ---- | C] () -- C:\Users\fernando\Desktop\HijackThis.lnk

[2010/06/18 23:13:49 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\Everest Poker.lnk

[2010/06/14 13:25:23 | 000,001,073 | ---- | C] () -- C:\Users\fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk

[2009/12/01 10:55:42 | 000,000,323 | ---- | C] () -- C:\Windows\System32\Remover.ini

[2009/12/01 10:55:39 | 000,000,566 | ---- | C] () -- C:\Windows\System32\SP7302.ini

[2009/04/28 15:22:00 | 000,000,057 | ---- | C] () -- C:\Windows\System32\peer.ini

[2009/04/10 03:34:56 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/04/10 03:34:54 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009/04/10 03:34:54 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009/04/10 03:34:53 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/04/10 03:34:52 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest

[2009/04/10 03:34:51 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009/03/15 11:46:43 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll

[2009/03/13 12:39:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2009/03/13 12:37:26 | 000,000,076 | ---- | C] () -- C:\Windows\EPSONT23.ini

[2009/03/11 23:38:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1255.dll

[2009/03/11 23:37:03 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009/03/11 23:36:58 | 000,011,205 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2009/03/11 23:36:53 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini

[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== LOP Check ==========

 

[2009/12/15 15:56:43 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\Ashampoo

[2009/12/16 01:22:26 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\Blueberry

[2009/03/25 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\ChemTable Software

[2009/06/22 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\EPSON

[2009/08/08 09:17:59 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\LogSys

[2010/06/21 10:27:49 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\Microgaming

[2009/03/06 01:45:02 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\Nexon

[2010/05/22 15:08:43 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\PacificPoker

[2009/04/28 15:20:37 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\PPLive

[2009/07/20 13:07:47 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\Shareaza

[2010/02/08 19:10:34 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\UB

[2010/05/30 00:08:54 | 000,000,000 | ---D | M] -- C:\Users\fernando\AppData\Roaming\VSRevoGroup

[2010/06/28 11:15:33 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

 

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/01/19 04:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll

[2006/11/02 06:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2008/01/19 04:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

 

< %SYSTEMDRIVE%\sfcfiles.dll /s /md5 >

 

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/01/19 04:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll

[2006/11/02 06:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2008/01/19 04:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2009/03/11 22:21:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2006/11/02 06:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2009/03/11 22:21:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2009/03/11 22:21:03 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[2008/01/19 04:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 81 bytes -> C:\Program Files\Cake Poker:MID

@Alternate Data Stream - 16 bytes -> C:\Users\fernando\Documents\Shareaza Downloads:Shareaza.GUID

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1D78DA28

< End of report >

 

EXTRAS.TXT

 

 

 

OTL Extras logfile created on: 28/06/2010 12:10:58 - Run 1

OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\fernando\Desktop

Windows Vista Starter Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 85,99 Gb Free Space | 57,69% Space Free | Partition Type: NTFS

Drive D: | 9,35 Gb Total Space | 4,28 Gb Free Space | 45,75% Space Free | Partition Type: NTFS

Drive E: | 9,30 Gb Total Space | 2,83 Gb Free Space | 30,43% Space Free | Partition Type: NTFS

Drive F: | 5,05 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: FERNANDO-PC

Current User Name: fernando

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{238E6A29-43B1-4333-8D8E-96F7ECEE5EBE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{722A4C35-2CC4-48FB-A14B-2EAD3C899A45}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{F387EE2E-490E-4F0C-BA2B-9CA91C31A702}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{006C5023-C140-4BD0-B4A2-52DDC03CE84E}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{14CA007F-BC78-452A-80D2-8E5EC3D711B8}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{1AA7D1B0-2E8C-4B28-BADE-B5C0CCDFFC99}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{250A61EC-B82C-4F8C-8C69-6A4D2905BE96}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |

"{31EA0EB4-8F2C-4284-B578-250C0C5C6A63}" = protocol=17 | dir=in | app=c:\program files\cake poker (beta)\pokerclient.exe |

"{470AC3EE-B51A-48C7-9BD2-EC1A55457D77}" = protocol=6 | dir=in | app=c:\program files\cake poker (beta)\pokerclient.exe |

"{57B403F3-6367-4446-B8D9-BAA98D08EBFE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{7274D1C2-7D1C-4D39-A031-E56EC1093E0C}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |

"{8DF0E52B-5705-4DD6-81C8-1662DD9FEFBD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{9497089B-A578-422F-892C-4C3A0DC103F4}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{966F2536-DE54-4C51-9FA7-09295643F387}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{B7D37FF2-E0B4-4DC1-90C4-1C08945A73CA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{CAE0DAA2-C9ED-4E6F-9222-B1AA61FFE405}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{DD3EA69C-E04A-4EFA-A820-C6994333229F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{EF557F35-2367-4434-A1AE-8896EFFA282E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{F40EB1FF-80C2-416E-B06C-E5929E2CE882}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"TCP Query User{0F6D40D1-74DD-4956-92B2-2C8AE901EAA4}C:\users\fernando\appdata\local\temp\rar$ex01.634\prorat 2.0 special edition - www.memoriahacker.tk\proconnective.exe" = protocol=6 | dir=in | app=c:\users\fernando\appdata\local\temp\rar$ex01.634\prorat 2.0 special edition - www.memoriahacker.tk\proconnective.exe |

"TCP Query User{2F798692-761E-4601-AE01-2BE1EEFFB553}C:\users\fernando\desktop\kit_3200_canais\extreaming\extreaming.exe" = protocol=6 | dir=in | app=c:\users\fernando\desktop\kit_3200_canais\extreaming\extreaming.exe |

"TCP Query User{3ABEC423-1822-4D01-AAEC-43DE61361949}C:\program files\skat\skat.exe" = protocol=6 | dir=in | app=c:\program files\skat\skat.exe |

"TCP Query User{8EBF119D-49D9-44CA-AE1B-CDDF0DF8C0D8}C:\program files\shareaza\shareaza.exe" = protocol=6 | dir=in | app=c:\program files\shareaza\shareaza.exe |

"TCP Query User{91F528C0-05E6-401F-AA3C-8B0631C78E21}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |

"TCP Query User{AE9C65EC-BCCA-485E-B0A2-4162EDD2B47D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"TCP Query User{BD605A4A-BD32-420F-BD85-F6C5F68E316D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{E2029F3A-8E41-4FB0-9198-0ABC09AF7029}C:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe |

"TCP Query User{FB511D29-C017-454D-8F98-E98934C5E58C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{FD233B0E-5106-42EB-AD77-D49866E39B28}D:\rom s.nes\snes9x.exe" = protocol=6 | dir=in | app=d:\rom s.nes\snes9x.exe |

"UDP Query User{09CF1D8F-2315-4696-AF1A-225FDA1682B3}C:\users\fernando\desktop\kit_3200_canais\extreaming\extreaming.exe" = protocol=17 | dir=in | app=c:\users\fernando\desktop\kit_3200_canais\extreaming\extreaming.exe |

"UDP Query User{4D3C7648-5A26-46E4-AA97-F0A083D4BBBE}C:\program files\shareaza\shareaza.exe" = protocol=17 | dir=in | app=c:\program files\shareaza\shareaza.exe |

"UDP Query User{61CEE7BA-3EDD-486F-BD2C-F0CBC7B70CE7}C:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\b2bpoker\noiqpoker\jre\bin\javaw.exe |

"UDP Query User{849812E8-22FC-4E64-8E99-EB106A5B5559}D:\rom s.nes\snes9x.exe" = protocol=17 | dir=in | app=d:\rom s.nes\snes9x.exe |

"UDP Query User{88204F61-1701-4D91-8A72-96C17753B492}C:\users\fernando\appdata\local\temp\rar$ex01.634\prorat 2.0 special edition - www.memoriahacker.tk\proconnective.exe" = protocol=17 | dir=in | app=c:\users\fernando\appdata\local\temp\rar$ex01.634\prorat 2.0 special edition - www.memoriahacker.tk\proconnective.exe |

"UDP Query User{9C8149C4-0E79-489D-8F85-5DC8687DEED0}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

"UDP Query User{9F6237C9-60A6-48F6-9325-EC0CE1B11667}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{DB887B2F-8957-4AE8-B715-0DF38B06288B}C:\program files\skat\skat.exe" = protocol=17 | dir=in | app=c:\program files\skat\skat.exe |

"UDP Query User{EA4E0D82-518B-4C25-B78E-A5970D86DB84}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |

"UDP Query User{FFFF26B9-2BD5-4911-AF7A-3F5FC520497E}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 12

"{2f9064c1-5003-4f65-889d-01c6e0d00c0d}" = Nero 9 Essentials

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = PC Camera

"{AC76BA86-7AD7-1046-7B44-A93000000001}" = Adobe Reader 9.3.1 - Português

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AhnLab MyFirewall 2.0" = AhnLab MyFirewall 2.0

"AhnLab Online Security" = AhnLab Online Security

"Ares" = Ares 2.1.1

"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009

"Ashampoo Burning Studio 8_is1" = Ashampoo Burning Studio 8.04

"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20

"avast!" = avast! Antivirus

"Bestpoker Avatar_is1" = Bestpoker Avatar

"bet365poker" = Poker at bet365

"betboo" = Betboo.com

"bwin Poker_is1" = bwin Poker

"Cake Poker(uninstall)" = Cake Poker

"CCleaner" = CCleaner

"Copacabanapoker (Poker)" = Copacabana Poker

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Stylus T23 Series" = Desinstalar impressora EPSON Stylus T23 Series

"Everest Poker" = Everest Poker (Remove Only)

"Gear Poker" = Gear Poker

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"IRPF2009 - Declaração de Ajuste Anual e Final de Espólio" = IRPF2009 - Declaração de Ajuste Anual e Final de Espólio

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mansion Poker" = MansionPoker

"MapleStory_is1" = MapleStory

"Messenger Plus! Live" = Messenger Plus! Live

"Messenger_Plus_Live_Brazil Toolbar" = Messenger_Plus_Live_Brazil Toolbar

"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)

"Pacific Poker" = Pacific Poker

"Paddy Power Poker" = Paddy Power Poker

"PKR" = PKR

"Poker 770" = Poker 770

"Receitanet Java 2009.01" = Receitanet Java 2009.01

"Revo Uninstaller" = Revo Uninstaller 1.30

"Shareaza_is1" = Shareaza 2.4.0.0

"Silent Package Run-Time Sample" = EPSON Reference Guide

"Super DVD Creator_is1" = Super DVD Creator 9.8 Full Version

"Titan Poker" = Titan Poker

"Winamp" = Winamp

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3349340542-2255532408-2552783750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"Poker Ocean" = Poker Ocean

"UB" = UB

 

========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 07/12/2009 15:08:30 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

failed, 00000005.

 

Error - 07/12/2009 15:08:30 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\System32\dbgeng.dll failed, 00000005.

 

Error - 07/12/2009 15:08:34 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\System32\winhttp.dll failed, 00000005.

 

Error - 07/12/2009 15:08:40 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\fernando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

failed, 00000005.

 

Error - 07/12/2009 15:08:41 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\fernando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

failed, 00000005.

 

Error - 07/12/2009 15:08:42 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

failed, 00000005.

 

Error - 07/12/2009 15:08:42 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\System32\winhttp.dll failed, 00000005.

 

Error - 07/12/2009 15:08:46 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

failed, 00000005.

 

Error - 07/12/2009 15:08:48 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Windows\System32\shlwapi.dll failed, 00000005.

 

Error - 07/12/2009 15:09:00 | Computer Name = fernando-PC | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Users\fernando\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat

failed, 00000005.

 

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! lxxnandoxxl

 

<@> Execute o OTL.exe.

<@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções

 

:otl

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKU\S-1-5-21-3349340542-2255532408-2552783750-1000..\RunOnce: [shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found

O33 - MountPoints2\{43d72ede-5523-11df-a023-f25b645db588}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe -- File not found

O33 - MountPoints2\{881c825e-45a8-11df-8a97-cefb607616e9}\Shell\AutoRun\command - "" = I:\PMBP_Win.exe -- File not found

O33 - MountPoints2\{99063f9d-09ca-11de-80e1-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{99063f9d-09ca-11de-80e1-806e6f6e6963}\Shell\AutoRun\command - "" = F:\bichos.exe -- [2002/08/27 05:29:16 | 003,135,076 | R--- | M] (Macromedia, Inc.)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:1D78DA28

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

:commands

[resethosts]

[purity]

[emptyflash]

[emptytemp]

[Reboot]

<@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar!

<@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <--

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post

Link para o post
Compartilhar em outros sites

lxxnandoxxl    0

lxxnandoxxl
Postado

não estou conseguindo fazer o que me foi pedido sigo todos os passos mas quando clico em consertar no otl sempre que chega em

 

[emptytemp]

[Reboot]

 

o pc trava gostaria de saber se isso é normal aguardo intruções

Compartilhar este post

Link para o post
Compartilhar em outros sites

Mário Monteiro    179

Mário Monteiro
Postado

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Arquivados (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito