[Resolvido] &nbspPagina que se abre sozinha

Lucas F. dos Santos · Agosto 27, 2010

A alguns dias quando estou usando o Firefox abre uma pagina de conteúdo ---ográfico e isso esta me causando muitos transtornos já usei vários anti virós mas não deu certo.

Estou ate pensando em formatar meu HD

Mário Monteiro · Agosto 27, 2010

Post um log conforme tópico

http://forum.imasters.com.br/index.php?showtopic=165906

Lucas F. dos Santos · Agosto 28, 2010

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:34:32, on 27/08/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

D:\temp\My Lockbox\mylbx.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Users\Lucas\Downloads\HiJackThis.exe

C:\Program Files\Internet Explorer\IELowutil.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Search-Results Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: aTube Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [mylbx] D:\temp\My Lockbox\mylbx.exe /a

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [symInstallStub] C:\Windows\system32\Adobe\Shockwave 11\syminstallstub.exe /partnerid=adobe /productlist=nss /staging=false /debug /delay=5 /tasktries=1

O4 - Global Startup: Application.lnk = C:\Program Files\WinApplication\WinApplication.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O17 - HKLM\System\CS1\Services\Tcpip\..\{3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: NitroPC Service (NitroPCSrv) - Unknown owner - C:\Program Files\NitroPC\NitroPCService.exe (file missing)

O23 - Service: parvwxydfsijos - Helper - c:\windows\system32\yeearmdc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files\Scpad\scpVista.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--

End of file - 7421 bytes

wings · Agosto 28, 2010

Boa noite.....

*Baixe o MalwareBytes Anti-malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir, o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

Lucas F. dos Santos · Agosto 29, 2010

Não foi encontrado nada mas a pagina continua aparecendo.

Segue relatório

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4502

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

29/08/2010 13:53:41

mbam-log-2010-08-29 (13-53-41).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 304531

Tempo decorrido: 1 hora(s), 36 minuto(s), 45 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

wings · Agosto 29, 2010

*Baixe o OTL e salve-o no desktop

*Execute o OTL e selecione as opções abaixo:

[X] Verificar All Users
Exame Extra do Registro: [X] Nenhum

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Lop

[X] Verificar Purity

*Deixe as demais opções como estão.

*Copie o código abaixo:

%SystemDrive%\*.*
%SystemRoot%\*.*

%SystemRoot%\Prefetch\*.*

%SystemDrive%\documents and settings\All Users\Dados de aplicativos\*.*

%SystemDrive%\documents and settings\All Users\Dados de aplicativos\*

%SystemDrive%\documents and settings\All Users\Menu iniciar\Programas\Inicializar\*.*

%SystemDrive%\documents and settings\User\Configurações Locais\Temp\*.*

%UserProfile%\*.*

netsvcs

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

*Clique em [Verificar] e aguarde o término

*Cole o relatório OTL.txt apresentado

Lucas F. dos Santos · Agosto 29, 2010

OTL logfile created on: 29/08/2010 16:54:54 - Run 1

OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Lucas\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

960,00 Mb Total Physical Memory | 120,00 Mb Available Physical Memory | 13,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 71,00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51,29 Gb Total Space | 15,27 Gb Free Space | 29,78% Space Free | Partition Type: NTFS

Drive D: | 97,56 Gb Total Space | 61,46 Gb Free Space | 63,00% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: LUCAS-PC

Current User Name: Adm

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/29 16:48:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.com

PRC - [2010/08/28 17:56:33 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\plugin-container.exe

PRC - [2010/08/28 17:56:32 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe

PRC - [2010/08/27 20:37:23 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Arquivos de Programas\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/08/27 20:37:21 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Arquivos de Programas\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/06/28 17:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Arquivos de Programas\Alwil Software\Avast5\AvastSvc.exe

PRC - [2010/06/01 20:02:18 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Arquivos de Programas\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/05/30 17:16:08 | 001,696,992 | ---- | M] (FSPro Labs) -- D:\temp\My Lockbox\mylbx.exe

PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Family Safety\fsssvc.exe

PRC - [2010/04/28 07:44:02 | 000,647,528 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Live\Family Safety\fsui.exe

PRC - [2010/01/06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe

PRC - [2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/07/13 22:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe

PRC - [2009/07/13 22:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/13 22:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Sidebar\sidebar.exe

PRC - [2009/07/13 22:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Internet Explorer\ielowutil.exe

PRC - [2009/07/13 22:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/05/24 16:20:06 | 000,231,936 | ---- | M] () -- C:\Arquivos de Programas\WinApplication\WinApplication.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe

========== Modules (SafeList) ==========

MOD - File not found -- C:\Windows\System32\mscUn-ern.dll

MOD - [2010/08/29 16:48:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.com

MOD - [2009/07/13 22:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll

MOD - [2009/07/13 22:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll

MOD - [2009/07/13 22:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll

MOD - [2009/07/13 22:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll

MOD - [2009/07/13 22:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll

MOD - [2009/07/13 22:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll

MOD - [2009/07/13 22:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll

MOD - [2009/07/13 22:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll

MOD - [2009/07/13 22:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2009/07/13 22:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NitroPCSrv)

SRV - [2010/08/27 20:37:21 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/06/28 17:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2010/05/06 22:51:55 | 000,390,952 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

SRV - [2010/01/06 18:23:32 | 000,142,648 | ---- | M] (FSPro Labs) [Auto | Running] -- C:\Windows\System32\fsproflt.exe -- (fsproflt)

SRV - [2009/07/13 22:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)

SRV - [2009/07/13 22:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)

SRV - [2009/07/13 22:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)

SRV - [2009/07/13 22:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)

SRV - [2009/07/13 22:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)

SRV - [2009/07/13 22:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)

SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 22:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)

SRV - [2009/07/13 22:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)

SRV - [2009/07/13 22:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)

SRV - [2009/07/13 22:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)

SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/13 22:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)

SRV - [2009/07/13 22:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/07/13 22:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)

SRV - [2009/07/13 22:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)

SRV - [2009/07/13 22:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)

SRV - [2009/07/13 22:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV)

SRV - [2009/07/13 22:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)

SRV - [2009/07/13 22:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)

SRV - [2009/07/10 10:54:14 | 000,136,496 | ---- | M] (Scopus Tecnologia Ltda) [Auto | Stopped] -- C:\Arquivos de Programas\Scpad\scpVista.exe -- (scpVista)

SRV - [2009/07/05 11:29:29 | 000,081,991 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\yeearmdc.exe -- (parvwxydfsijos)

SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Arquivos de Programas\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2010/08/27 20:37:59 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2010/06/28 17:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/06/28 17:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/06/28 17:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/06/28 17:32:56 | 000,050,256 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/06/28 17:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/05/08 14:26:34 | 000,278,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2010/05/08 14:26:32 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010/04/16 09:08:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)

DRV - [2009/12/11 04:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)

DRV - [2009/11/16 13:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)

DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

DRV - [2009/07/13 22:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)

DRV - [2009/07/13 22:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)

DRV - [2009/07/13 22:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)

DRV - [2009/07/13 22:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV - [2009/07/13 22:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)

DRV - [2009/07/13 22:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)

DRV - [2009/07/13 22:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV - [2009/07/13 22:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)

DRV - [2009/07/13 22:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)

DRV - [2009/07/13 22:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)

DRV - [2009/07/13 22:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)

DRV - [2009/07/13 22:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)

DRV - [2009/07/13 22:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)

DRV - [2009/07/13 22:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)

DRV - [2009/07/13 22:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)

DRV - [2009/07/13 22:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)

DRV - [2009/07/13 22:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2009/07/13 22:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)

DRV - [2009/07/13 22:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV - [2009/07/13 22:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)

DRV - [2009/07/13 22:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)

DRV - [2009/07/13 22:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)

DRV - [2009/07/13 22:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)

DRV - [2009/07/13 22:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)

DRV - [2009/07/13 22:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV - [2009/07/13 22:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)

DRV - [2009/07/13 22:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)

DRV - [2009/07/13 22:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009/07/13 22:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)

DRV - [2009/07/13 22:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009/07/13 22:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)

DRV - [2009/07/13 22:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/13 22:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)

DRV - [2009/07/13 22:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)

DRV - [2009/07/13 22:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)

DRV - [2009/07/13 22:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)

DRV - [2009/07/13 22:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)

DRV - [2009/07/13 22:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)

DRV - [2009/07/13 22:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)

DRV - [2009/07/13 22:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV - [2009/07/13 22:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)

DRV - [2009/07/13 21:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2009/07/13 21:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)

DRV - [2009/07/13 21:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV - [2009/07/13 20:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)

DRV - [2009/07/13 20:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)

DRV - [2009/07/13 20:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)

DRV - [2009/07/13 20:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)

DRV - [2009/07/13 20:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)

DRV - [2009/07/13 20:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)

DRV - [2009/07/13 20:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/13 20:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV - [2009/07/13 20:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)

DRV - [2009/07/13 20:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)

DRV - [2009/07/13 20:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)

DRV - [2009/07/13 20:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)

DRV - [2009/07/13 20:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009/07/13 20:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009/07/13 20:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)

DRV - [2009/07/13 20:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)

DRV - [2009/07/13 20:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)

DRV - [2009/07/13 20:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)

DRV - [2009/07/13 19:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 19:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV - [2009/07/13 19:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2009/07/13 19:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)

DRV - [2009/07/13 19:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)

DRV - [2009/07/13 19:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)

DRV - [2009/07/13 19:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2009/07/13 19:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)

DRV - [2009/07/13 19:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2009/07/13 19:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)

DRV - [2009/07/13 19:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)

DRV - [2008/06/05 19:37:54 | 000,043,792 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\FSPFltd.sys -- (FSProFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 31 D6 1D 9D 01 CB 01 [binary data]

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://int.search-results.com?o=102368&l=dis

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

IE - HKU\S-1-5-21-4262322605-869973698-12785198-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.br/"

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/06/01 20:03:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 17:56:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/28 17:56:35 | 000,000,000 | ---D | M]

[2010/08/16 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Adm\AppData\Roaming\mozilla\Extensions

[2010/08/16 19:34:32 | 000,000,000 | ---D | M] -- C:\Users\Adm\AppData\Roaming\mozilla\Firefox\Profiles\am9hfvq6.default\extensions

[2010/08/13 22:21:52 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2010/06/01 19:49:43 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npgcplug.dll

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npOGAPlugin.dll

[2005/04/27 17:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npracplug.dll

[2009/10/23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Arquivos de Programas\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010/07/13 19:02:35 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml

[2010/07/13 19:02:35 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2010/07/13 19:02:35 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2010/07/13 19:02:35 | 000,000,952 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (ssh2 Class) - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de Programas\Scpad\scpsssh2.dll (Scopus Tecnologia Ltda)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Arquivos de Programas\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de Programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fsui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [mylbx] D:\temp\My Lockbox\mylbx.exe (FSPro Labs)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-21-4262322605-869973698-12785198-1005..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)

O4 - HKU\S-1-5-21-4262322605-869973698-12785198-1005..\Run: [spybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Intel\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de Programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de Programas\Scpad\scpLIB.dll (Scopus Tecnologia Ltda)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)

NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 12:15:04 | 000,000,000 | ---D | C] -- C:\Users\Adm\AppData\Roaming\Malwarebytes

[2010/08/29 12:14:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/08/29 12:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/08/29 12:14:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/08/28 20:21:48 | 000,000,000 | ---D | C] -- C:\Users\Adm\Desktop\Gleice_003

[2010/08/28 16:29:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Symantec Shared

[2010/08/28 16:11:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS

[2010/08/28 16:11:11 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Norton Security Scan

[2010/08/28 16:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

[2010/08/28 16:11:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022

[2010/08/28 16:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec

[2010/08/28 16:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller

[2010/08/28 16:11:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\NortonInstaller

[2010/08/28 15:49:31 | 000,000,000 | ---D | C] -- C:\Users\Adm\Documents\NeroVision

[2010/08/27 20:39:26 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/08/27 20:39:17 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/08/27 20:07:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{52AC600B-5800-407E-99FF-83CD0669760B}

[2010/08/27 20:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/08/27 20:07:15 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Lavasoft

[2010/08/24 20:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CrystalIdea Software

[2010/08/22 12:43:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom

[2010/08/22 12:43:35 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Zylom Games

[2010/08/21 15:58:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat

[2010/08/21 15:57:55 | 000,000,000 | ---D | C] -- C:\Users\Adm\Desktop\temp

[2010/08/21 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Adm\AppData\Local\Diagnostics

[2010/08/19 19:53:48 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\DESIGNER

[2010/08/19 19:52:41 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Visual Studio

[2010/08/17 11:26:29 | 000,000,000 | ---D | C] -- C:\MSNCleaner

[2010/08/17 11:05:00 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\AxBx

[2010/08/16 19:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2010/08/16 19:50:06 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Spybot - Search & Destroy

[2010/08/16 19:34:04 | 000,000,000 | ---D | C] -- C:\Users\Adm\AppData\Roaming\Mozilla

[2010/08/15 13:24:29 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr

[2010/08/07 22:22:21 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Pysycache

[2010/08/01 10:13:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS

[2010/07/31 12:41:05 | 000,142,648 | ---- | C] (FSPro Labs) -- C:\Windows\System32\fsproflt.exe

[2010/07/31 12:41:04 | 000,043,792 | ---- | C] (FSPro Labs) -- C:\Windows\System32\drivers\FSPFltd.sys

[2010/06/01 19:49:50 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Arquivos de Programas\RngInterstitial.dll

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 16:54:47 | 002,097,152 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT

[2010/08/29 16:46:41 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/08/29 16:44:07 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/29 16:43:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/29 16:43:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/29 16:43:46 | 754,622,464 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/29 13:22:08 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/29 12:14:51 | 000,000,742 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/28 21:19:22 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Adm.job

[2010/08/28 21:19:11 | 000,430,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/28 21:02:07 | 001,661,425 | -H-- | M] () -- C:\Users\Adm\AppData\Local\IconCache.db

[2010/08/28 21:01:08 | 000,053,148 | ---- | M] () -- C:\Users\Adm\Desktop\Projeto sem título.nvc

[2010/08/28 20:34:19 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/28 20:34:19 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/28 20:21:11 | 000,216,205 | ---- | M] () -- C:\Users\Adm\Desktop\Gleice_001.pptx

[2010/08/28 20:08:11 | 000,004,608 | ---- | M] () -- C:\Users\Adm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/28 19:42:49 | 000,118,656 | ---- | M] () -- C:\Users\Adm\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/08/28 19:41:12 | 000,000,137 | ---- | M] () -- C:\Users\Adm\AppData\Roaming\default.rss

[2010/08/28 19:40:06 | 004,552,940 | ---- | M] () -- C:\Users\Adm\Desktop\Gleice.avi

[2010/08/28 19:34:21 | 000,000,683 | ---- | M] () -- C:\Users\Public\Desktop\E.M. PowerPoint Video Converter.lnk

[2010/08/28 19:34:21 | 000,000,662 | ---- | M] () -- C:\Users\Adm\Desktop\Total Video Player.lnk

[2010/08/28 19:25:32 | 000,230,654 | ---- | M] () -- C:\Users\Adm\Desktop\Gleice.pptx

[2010/08/28 16:52:24 | 000,012,394 | ---- | M] () -- C:\Users\Adm\.recently-used.xbel

[2010/08/28 16:11:18 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2010/08/28 16:11:11 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini

[2010/08/27 20:39:11 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2010/08/27 20:39:07 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe

[2010/08/27 20:37:59 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2010/08/27 20:07:43 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/08/27 12:08:41 | 001,499,760 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/27 12:08:41 | 000,657,482 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2010/08/27 12:08:41 | 000,610,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/27 12:08:41 | 000,125,874 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2010/08/27 12:08:41 | 000,104,520 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/25 14:44:37 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000002.regtrans-ms

[2010/08/25 14:44:37 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000001.regtrans-ms

[2010/08/25 14:44:37 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TM.blf

[2010/08/24 20:07:08 | 000,000,637 | ---- | M] () -- C:\Users\Adm\Desktop\Uninstall Tool.lnk

[2010/08/21 15:59:06 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000002.regtrans-ms

[2010/08/21 15:59:06 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000001.regtrans-ms

[2010/08/21 15:59:06 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TM.blf

[2010/08/21 15:28:30 | 000,001,280 | RHS- | M] () -- C:\Users\Adm\ntuser.pol

[2010/08/20 11:23:44 | 000,002,282 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2010/08/19 19:45:48 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini

[2010/08/19 19:32:30 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/17 11:05:03 | 000,001,058 | ---- | M] () -- C:\Users\Adm\Desktop\Clean Virus MSN.lnk

[2010/08/16 19:50:13 | 000,001,234 | ---- | M] () -- C:\Users\Adm\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/08/16 19:50:13 | 000,001,212 | ---- | M] () -- C:\Users\Adm\Desktop\Spybot - Search & Destroy.lnk

[2010/08/16 19:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010/08/15 13:24:30 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2010/08/13 22:21:56 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/08/03 08:13:52 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2010/07/31 12:41:06 | 000,000,647 | ---- | M] () -- C:\Users\Adm\Desktop\My Lockbox.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/29 12:14:51 | 000,000,742 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/28 20:03:18 | 000,004,608 | ---- | C] () -- C:\Users\Adm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/28 20:01:48 | 000,216,205 | ---- | C] () -- C:\Users\Adm\Desktop\Gleice_001.pptx

[2010/08/28 19:40:18 | 004,552,940 | ---- | C] () -- C:\Users\Adm\Desktop\Gleice.avi

[2010/08/28 19:34:21 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\E.M. PowerPoint Video Converter.lnk

[2010/08/28 19:34:21 | 000,000,662 | ---- | C] () -- C:\Users\Adm\Desktop\Total Video Player.lnk

[2010/08/28 19:25:31 | 000,230,654 | ---- | C] () -- C:\Users\Adm\Desktop\Gleice.pptx

[2010/08/28 16:52:24 | 000,012,394 | ---- | C] () -- C:\Users\Adm\.recently-used.xbel

[2010/08/28 16:11:20 | 000,000,470 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Adm.job

[2010/08/28 16:11:18 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk

[2010/08/28 16:11:11 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini

[2010/08/28 15:54:24 | 000,053,148 | ---- | C] () -- C:\Users\Adm\Desktop\Projeto sem título.nvc

[2010/08/27 21:47:55 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe

[2010/08/27 20:43:52 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/08/27 20:07:43 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2010/08/25 14:44:35 | 000,524,288 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000002.regtrans-ms

[2010/08/25 14:44:35 | 000,524,288 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000001.regtrans-ms

[2010/08/25 14:44:35 | 000,065,536 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TM.blf

[2010/08/24 20:07:08 | 000,000,637 | ---- | C] () -- C:\Users\Adm\Desktop\Uninstall Tool.lnk

[2010/08/24 20:02:11 | 000,323,072 | ---- | C] () -- C:\Windows\System32\WgaTray.exe

[2010/08/24 20:02:11 | 000,190,976 | ---- | C] () -- C:\Windows\System32\WgaLogon.dll

[2010/08/21 15:28:27 | 000,524,288 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000002.regtrans-ms

[2010/08/21 15:28:27 | 000,524,288 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000001.regtrans-ms

[2010/08/21 15:28:27 | 000,065,536 | -HS- | C] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TM.blf

[2010/08/17 11:05:03 | 000,001,058 | ---- | C] () -- C:\Users\Adm\Desktop\Clean Virus MSN.lnk

[2010/08/16 19:50:13 | 000,001,234 | ---- | C] () -- C:\Users\Adm\Desktop\Spybot - Search & Destroy (for blind users).lnk

[2010/08/16 19:50:13 | 000,001,212 | ---- | C] () -- C:\Users\Adm\Desktop\Spybot - Search & Destroy.lnk

[2010/08/16 19:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/08/13 22:21:56 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/07/31 12:41:06 | 000,000,647 | ---- | C] () -- C:\Users\Adm\Desktop\My Lockbox.lnk

[2010/07/01 11:27:53 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll

[2010/05/08 14:26:34 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2010/05/08 14:26:32 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2010/05/05 20:13:21 | 000,000,137 | ---- | C] () -- C:\Users\Adm\AppData\Roaming\default.rss

[2010/05/02 19:33:40 | 000,007,600 | ---- | C] () -- C:\Users\Adm\AppData\Local\Resmon.ResmonCfg

[2010/04/16 04:26:04 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini

[2010/04/16 03:49:58 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/11/16 13:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL

[2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/07/13 20:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll

[2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll

[2009/01/09 11:45:01 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mscac-ocd.dll

[2008/03/28 14:00:58 | 000,009,836 | ---- | C] () -- C:\Windows\System32\mswan-oce.dll

[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll

[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll

[2006/12/01 18:34:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\PhysXLoader.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2006/11/22 11:37:08 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2010/05/03 19:57:49 | 000,000,000 | ---D | M] -- C:\Users\Adm\AppData\Roaming\GrabPro

[2010/08/28 16:52:24 | 000,000,000 | ---D | M] -- C:\Users\Adm\AppData\Roaming\gtk-2.0

[2010/05/05 22:43:43 | 000,000,000 | ---D | M] -- C:\Users\Adm\AppData\Roaming\Orbit

[2010/08/24 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Aline_2\AppData\Roaming\gtk-2.0

[2010/07/19 20:09:49 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\EleFun Games

[2010/08/09 13:45:54 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\gtk-2.0

[2010/04/21 13:16:27 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/04/22 19:41:22 | 000,000,000 | ---D | M] -- C:\Users\Alison\AppData\Roaming\Windows Live Writer

[2010/05/08 14:50:39 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Earthsim

[2010/07/19 19:39:07 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\EleFun Games

[2010/08/28 13:37:06 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\gtk-2.0

[2010/05/09 14:24:28 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Orbit

[2010/04/21 00:06:48 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2010/08/29 16:46:41 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/07/22 00:06:00 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\Install.job

[2010/07/29 07:05:40 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SystemDrive%\*.* >

[2010/04/16 03:56:44 | 000,000,003 | ---- | M] () -- C:\7Loader.TAG

[2010/08/29 16:43:45 | 000,002,140 | ---- | M] () -- C:\aaw7boot.log

[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/08/29 16:43:46 | 754,622,464 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/29 16:43:46 | 1069,547,520 | -HS- | M] () -- C:\pagefile.sys

[2007/04/25 12:45:57 | 000,000,631 | ---- | M] () -- C:\PDVD.iss

< %SystemRoot%\*.* >

[2010/06/28 17:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr

[2009/07/13 22:14:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\bfsvc.exe

[2010/08/29 16:43:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/01 11:10:19 | 000,029,530 | ---- | M] () -- C:\Windows\DirectX.log

[2009/10/31 02:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2009/07/13 22:14:20 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\fveupdate.exe

[2010/04/16 09:08:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Windows\gdrv.sys

[2009/07/13 22:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

[2009/07/13 22:14:21 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\hh.exe

[2010/04/16 04:26:04 | 000,004,767 | ---- | M] () -- C:\Windows\Irremote.ini

[2009/07/13 19:58:08 | 000,043,131 | ---- | M] () -- C:\Windows\mib.bin

[2009/06/10 18:19:27 | 000,001,405 | ---- | M] () -- C:\Windows\msdfmap.ini

[2009/07/13 22:14:27 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\notepad.exe

[2010/08/16 19:34:18 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat

[2010/08/19 23:21:30 | 000,006,346 | ---- | M] () -- C:\Windows\PFRO.log

[2009/07/13 22:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\regedit.exe

[2010/08/29 16:43:50 | 000,009,296 | ---- | M] () -- C:\Windows\setupact.log

[2010/07/19 06:41:11 | 000,000,000 | ---- | M] () -- C:\Windows\setuperr.log

[1997/01/16 00:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST5UNST.EXE

[2009/06/10 18:14:45 | 000,048,201 | ---- | M] () -- C:\Windows\Starter.xml

[2009/06/10 18:46:28 | 000,000,219 | ---- | M] () -- C:\Windows\system.ini

[2009/06/10 18:41:17 | 000,094,784 | ---- | M] (Twain Working Group) -- C:\Windows\twain.dll

[2009/07/13 22:16:16 | 000,051,200 | ---- | M] (Twain Working Group) -- C:\Windows\twain_32.dll

[2009/06/10 18:41:17 | 000,049,680 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_16.exe

[2009/07/13 22:14:42 | 000,031,232 | ---- | M] (Twain Working Group) -- C:\Windows\twunk_32.exe

[2009/06/10 18:14:45 | 000,051,867 | ---- | M] () -- C:\Windows\Ultimate.xml

[2010/08/19 19:45:48 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini

[2009/07/14 01:41:57 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest

[2010/08/29 16:47:28 | 001,939,921 | ---- | M] () -- C:\Windows\WindowsUpdate.log

[2009/06/10 18:42:20 | 000,256,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhelp.exe

[2009/07/13 22:14:45 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\winhlp32.exe

[2010/04/17 00:21:08 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

[2009/06/10 18:34:23 | 000,316,640 | ---- | M] () -- C:\Windows\WMSysPr9.prx

[2009/07/13 22:14:49 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\write.exe

[2009/06/10 18:42:49 | 000,000,707 | ---- | M] () -- C:\Windows\_default.pif

[2010/04/19 21:19:15 | 000,000,020 | ---- | M] () -- C:\Windows\¬úZ

< %SystemRoot%\Prefetch\*.* >

[2010/08/29 16:46:55 | 000,185,584 | ---- | M] () -- C:\Windows\Prefetch\AAWTRAY.EXE-AE63BC5E.pf

[2010/08/29 16:46:44 | 000,068,970 | ---- | M] () -- C:\Windows\Prefetch\AAWWSC.EXE-4FA5806F.pf

[2010/04/16 02:56:00 | 000,332,116 | ---- | M] () -- C:\Windows\Prefetch\AgAppLaunch.db

[2010/05/12 18:44:25 | 000,660,008 | ---- | M] () -- C:\Windows\Prefetch\AgCx_S1_S-1-5-21-4262322605-869973698-12785198-1001.snp.db

[2010/05/17 19:46:01 | 001,000,353 | ---- | M] () -- C:\Windows\Prefetch\AgCx_S2_S-1-5-21-4262322605-869973698-12785198-1002.snp.db

[2010/04/22 18:55:40 | 000,941,652 | ---- | M] () -- C:\Windows\Prefetch\AgCx_S3_S-1-5-21-4262322605-869973698-12785198-1001.snp.db

[2010/08/26 20:30:09 | 000,606,876 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC2.db

[2010/08/21 15:58:35 | 000,174,485 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC3_4505D211.db

[2010/08/11 09:12:30 | 000,392,570 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC3_BE97C439.db

[2010/08/21 16:34:07 | 000,401,330 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC3_E17DCA8B.db

[2010/08/27 10:40:09 | 000,555,421 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC3_E7ED97B5.db

[2010/08/28 21:26:13 | 000,311,655 | ---- | M] () -- C:\Windows\Prefetch\AgCx_SC4.db

[2010/08/29 13:44:15 | 000,487,423 | ---- | M] () -- C:\Windows\Prefetch\AgGlFaultHistory.db

[2010/08/29 13:44:15 | 001,672,472 | ---- | M] () -- C:\Windows\Prefetch\AgGlFgAppHistory.db

[2010/08/29 13:44:14 | 002,874,270 | ---- | M] () -- C:\Windows\Prefetch\AgGlGlobalHistory.db

[2010/08/28 14:36:30 | 000,849,649 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4262322605-869973698-12785198-1000.db

[2010/08/17 18:43:50 | 000,897,557 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4262322605-869973698-12785198-1001.db

[2010/08/29 11:09:34 | 000,732,206 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4262322605-869973698-12785198-1002.db

[2010/08/27 16:14:51 | 000,590,131 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4262322605-869973698-12785198-1006.db

[2010/08/28 14:36:30 | 000,853,172 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4262322605-869973698-12785198-1000.db

[2010/08/17 18:43:50 | 000,829,283 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4262322605-869973698-12785198-1001.db

[2010/08/29 11:09:34 | 000,763,686 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4262322605-869973698-12785198-1002.db

[2010/08/27 16:14:50 | 000,228,941 | ---- | M] () -- C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4262322605-869973698-12785198-1006.db

[2010/08/29 13:44:13 | 000,399,604 | ---- | M] () -- C:\Windows\Prefetch\AgRobust.db

[2010/08/29 14:01:08 | 000,025,114 | ---- | M] () -- C:\Windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf

[2010/08/29 16:45:44 | 000,180,520 | ---- | M] () -- C:\Windows\Prefetch\AVAST.SETUP-0294E3FE.pf

[2010/08/16 19:34:32 | 000,034,684 | ---- | M] () -- C:\Windows\Prefetch\AVWSC.EXE-04E21D4D.pf

[2010/08/29 12:01:36 | 000,016,218 | ---- | M] () -- C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf

[2010/08/29 16:52:02 | 000,104,666 | ---- | M] () -- C:\Windows\Prefetch\CONSENT.EXE-40419367.pf

[2010/08/29 09:08:37 | 000,104,666 | ---- | M] () -- C:\Windows\Prefetch\CSC.EXE-F8803EEA.pf

[2010/08/29 09:08:37 | 000,013,684 | ---- | M] () -- C:\Windows\Prefetch\CVTRES.EXE-CB8485B0.pf

[2010/08/29 16:46:20 | 000,098,752 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-2E02FDCA.pf

[2010/08/29 11:22:38 | 000,147,918 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-3C4E5BEC.pf

[2010/08/29 11:07:09 | 000,021,754 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-3CCCA5DB.pf

[2010/08/29 16:50:51 | 000,057,032 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf

[2010/08/29 16:52:07 | 000,029,132 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf

[2010/08/29 11:09:44 | 000,023,624 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-69505E22.pf

[2010/08/29 11:09:06 | 000,045,958 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-BF54A4C5.pf

[2010/08/29 11:21:37 | 000,020,704 | ---- | M] () -- C:\Windows\Prefetch\DLLHOST.EXE-EE326293.pf

[2010/08/29 16:50:46 | 000,076,130 | ---- | M] () -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

[2010/08/29 11:59:36 | 000,329,816 | ---- | M] () -- C:\Windows\Prefetch\FIREFOX.EXE-66015FD1.pf

[2010/08/29 13:22:08 | 000,038,880 | ---- | M] () -- C:\Windows\Prefetch\GOOGLEUPDATE.EXE-737A6CD7.pf

[2010/07/28 19:26:51 | 000,009,974 | ---- | M] () -- C:\Windows\Prefetch\GPSCRIPT.EXE-FB901B09.pf

[2010/08/29 16:53:34 | 000,016,890 | ---- | M] () -- C:\Windows\Prefetch\IELOWUTIL.EXE-F7372953.pf

[2010/08/29 11:10:44 | 000,035,340 | ---- | M] () -- C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf

[2010/08/29 12:01:36 | 000,083,614 | ---- | M] () -- C:\Windows\Prefetch\JAVA.EXE-BE8A91FF.pf

[2010/08/29 12:01:36 | 000,017,772 | ---- | M] () -- C:\Windows\Prefetch\JP2LAUNCHER.EXE-B5C8DF2E.pf

[2010/08/29 08:57:47 | 000,754,096 | ---- | M] () -- C:\Windows\Prefetch\Layout.ini

[2010/08/29 14:00:52 | 000,115,184 | ---- | M] () -- C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf

[2010/08/29 11:10:45 | 000,012,258 | ---- | M] () -- C:\Windows\Prefetch\MAKECAB.EXE-FC3CBE21.pf

[2010/08/29 12:14:10 | 000,048,426 | ---- | M] () -- C:\Windows\Prefetch\MBAM-SETUP-1.46.EXE-53C5F081.pf

[2010/08/29 12:16:20 | 000,076,610 | ---- | M] () -- C:\Windows\Prefetch\MBAM.EXE-29ACFEFE.pf

[2010/08/29 12:14:50 | 000,011,582 | ---- | M] () -- C:\Windows\Prefetch\MBAMGUI.EXE-85E1A4CF.pf

[2010/08/29 16:45:25 | 000,114,498 | ---- | M] () -- C:\Windows\Prefetch\MOBSYNC.EXE-B307E1CC.pf

[2010/08/29 09:36:14 | 000,024,988 | ---- | M] () -- C:\Windows\Prefetch\MPCMDRUN.EXE-2C9109F9.pf

[2010/08/29 11:11:13 | 000,065,260 | ---- | M] () -- C:\Windows\Prefetch\MSDT.EXE-D579957D.pf

[2010/08/29 13:53:01 | 000,093,536 | ---- | M] () -- C:\Windows\Prefetch\MSFEEDSSYNC.EXE-BDDD8ED1.pf

[2010/08/29 13:59:49 | 000,022,524 | ---- | M] () -- C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf

[2010/08/25 23:46:08 | 003,766,120 | ---- | M] () -- C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf

[2010/08/29 16:52:13 | 000,039,624 | ---- | M] () -- C:\Windows\Prefetch\OTL.COM-0A597608.pf

[2010/08/29 14:02:06 | 000,000,508 | ---- | M] () -- C:\Windows\Prefetch\PfSvPerfStats.bin

[2010/08/29 16:55:58 | 000,140,854 | ---- | M] () -- C:\Windows\Prefetch\PHOTOSCREENSAVER.SCR-8B2352AA.pf

[2010/08/29 16:45:48 | 000,132,934 | ---- | M] () -- C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-C6EE3785.pf

[2010/08/29 11:15:03 | 000,025,360 | ---- | M] () -- C:\Windows\Prefetch\RASPHONE.EXE-4DDAF175.pf

[2010/08/29 16:51:56 | 000,038,848 | ---- | M] () -- C:\Windows\Prefetch\REALPLAY.EXE-4416B012.pf

[2010/08/29 16:49:17 | 000,035,482 | ---- | M] () -- C:\Windows\Prefetch\REALSCHED.EXE-7237BDE9.pf

[2010/08/29 13:59:46 | 000,049,180 | ---- | M] () -- C:\Windows\Prefetch\REALUPGRADE.EXE-C40C8713.pf

[2010/08/29 12:16:12 | 000,024,268 | ---- | M] () -- C:\Windows\Prefetch\REGSVR32.EXE-B31EC963.pf

[2010/08/29 11:10:44 | 000,014,352 | ---- | M] () -- C:\Windows\Prefetch\ROUTE.EXE-121C5018.pf

[2010/08/29 16:50:42 | 000,044,794 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-0AC5F3E8.pf

[2010/08/29 12:12:33 | 000,046,450 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-0BF7B4BB.pf

[2010/08/29 16:44:55 | 000,056,864 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-41C19BFB.pf

[2010/08/29 11:09:06 | 000,033,794 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-4361F566.pf

[2010/08/29 12:13:05 | 000,039,244 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-50FFACE3.pf

[2010/08/29 11:10:04 | 000,045,258 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-577C6FE3.pf

[2010/08/29 11:14:31 | 000,035,942 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-57F57AEE.pf

[2010/08/29 11:08:28 | 000,044,108 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-C47E7D77.pf

[2010/08/29 16:57:02 | 000,050,680 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-D2A040D5.pf

[2010/08/29 16:51:51 | 000,042,126 | ---- | M] () -- C:\Windows\Prefetch\RUNDLL32.EXE-DE4361BD.pf

[2010/08/29 11:13:31 | 000,151,034 | ---- | M] () -- C:\Windows\Prefetch\SDIAGNHOST.EXE-B3171AA1.pf

[2010/08/29 16:55:01 | 000,016,204 | ---- | M] () -- C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf

[2010/08/29 16:55:01 | 000,037,060 | ---- | M] () -- C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf

[2010/08/21 15:45:32 | 000,036,644 | ---- | M] () -- C:\Windows\Prefetch\SLUI.EXE-3E441AEE.pf

[2010/08/29 14:01:17 | 000,097,304 | ---- | M] () -- C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf

[2010/08/29 11:11:43 | 000,032,058 | ---- | M] () -- C:\Windows\Prefetch\SVCHOST.EXE-B597A9D1.pf

[2010/08/29 16:46:17 | 000,271,718 | ---- | M] () -- C:\Windows\Prefetch\SVCHOST.EXE-F31BDE28.pf

[2010/08/29 13:22:11 | 000,050,242 | ---- | M] () -- C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf

[2010/08/29 16:53:06 | 000,063,406 | ---- | M] () -- C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf

[2010/08/29 14:01:54 | 000,035,426 | ---- | M] () -- C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf

[2010/08/29 12:47:04 | 000,024,088 | ---- | M] () -- C:\Windows\Prefetch\WERFAULT.EXE-155C56CF.pf

[2010/08/29 16:57:01 | 000,020,494 | ---- | M] () -- C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf

[2010/08/29 11:36:04 | 000,030,296 | ---- | M] () -- C:\Windows\Prefetch\WLCOMM.EXE-E9DF8E24.pf

[2010/08/29 16:48:01 | 000,028,780 | ---- | M] () -- C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf

[2010/08/29 16:47:17 | 000,115,372 | ---- | M] () -- C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf

[2010/08/29 11:45:06 | 000,065,896 | ---- | M] () -- C:\Windows\Prefetch\WMPLAYER.EXE-D7C621F8.pf

[2010/08/29 16:45:14 | 000,051,804 | ---- | M] () -- C:\Windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf

[2010/08/29 11:36:39 | 000,037,262 | ---- | M] () -- C:\Windows\Prefetch\WMPSHARE.EXE-ADA8BB96.pf

< %SystemDrive%\documents and settings\All Users\Dados de aplicativos\*.* >

< %SystemDrive%\documents and settings\All Users\Dados de aplicativos\* >

< %SystemDrive%\documents and settings\All Users\Menu iniciar\Programas\Inicializar\*.* >

< %SystemDrive%\documents and settings\User\Configurações Locais\Temp\*.* >

< %UserProfile%\*.* >

[2010/08/28 16:52:24 | 000,012,394 | ---- | M] () -- C:\Users\Adm\.recently-used.xbel

[2010/08/29 16:54:47 | 002,097,152 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT

[2010/08/29 16:54:47 | 000,262,144 | -HS- | M] () -- C:\Users\Adm\ntuser.dat.LOG1

[2010/04/22 19:42:11 | 000,000,000 | -HS- | M] () -- C:\Users\Adm\ntuser.dat.LOG2

[2010/04/26 21:39:17 | 000,999,424 | ---- | M] () -- C:\Users\Adm\NTUSER.DAT.rbk

[2010/08/25 14:44:37 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TM.blf

[2010/08/25 14:44:37 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000001.regtrans-ms

[2010/08/25 14:44:37 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{18d59421-b059-11df-9dc5-adc9ba1ea430}.TMContainer00000000000000000002.regtrans-ms

[2010/06/05 11:04:52 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2e150f04-70a9-11df-aee4-de083686563b}.TM.blf

[2010/06/05 11:04:52 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2e150f04-70a9-11df-aee4-de083686563b}.TMContainer00000000000000000001.regtrans-ms

[2010/06/05 11:04:52 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2e150f04-70a9-11df-aee4-de083686563b}.TMContainer00000000000000000002.regtrans-ms

[2010/05/09 22:46:04 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2f275031-5b84-11df-baa6-001d7d825bed}.TM.blf

[2010/05/09 22:46:04 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2f275031-5b84-11df-baa6-001d7d825bed}.TMContainer00000000000000000001.regtrans-ms

[2010/05/09 22:46:04 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{2f275031-5b84-11df-baa6-001d7d825bed}.TMContainer00000000000000000002.regtrans-ms

[2010/07/14 17:41:13 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6bad2cf1-8f7c-11df-bb5f-c95628f700fb}.TM.blf

[2010/07/14 17:41:13 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6bad2cf1-8f7c-11df-bb5f-c95628f700fb}.TMContainer00000000000000000001.regtrans-ms

[2010/07/14 17:41:13 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6bad2cf1-8f7c-11df-bb5f-c95628f700fb}.TMContainer00000000000000000002.regtrans-ms

[2010/04/22 20:04:18 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf

[2010/04/22 20:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms

[2010/04/22 20:04:18 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms

[2010/04/29 20:26:32 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{808fe84f-53de-11df-949d-001d7d825bed}.TM.blf

[2010/04/29 20:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{808fe84f-53de-11df-949d-001d7d825bed}.TMContainer00000000000000000001.regtrans-ms

[2010/04/29 20:26:32 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{808fe84f-53de-11df-949d-001d7d825bed}.TMContainer00000000000000000002.regtrans-ms

[2010/07/01 10:39:49 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{851dd08b-84fd-11df-942f-f0a33fc0453b}.TM.blf

[2010/07/01 10:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{851dd08b-84fd-11df-942f-f0a33fc0453b}.TMContainer00000000000000000001.regtrans-ms

[2010/07/01 10:39:49 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{851dd08b-84fd-11df-942f-f0a33fc0453b}.TMContainer00000000000000000002.regtrans-ms

[2010/08/21 15:59:06 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TM.blf

[2010/08/21 15:59:06 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000001.regtrans-ms

[2010/08/21 15:59:06 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{934b9da3-ad4f-11df-9d08-cb5346ba7e31}.TMContainer00000000000000000002.regtrans-ms

[2010/05/08 14:51:40 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{9f24ced5-5ac9-11df-8c50-001d7d825bed}.TM.blf

[2010/05/08 14:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{9f24ced5-5ac9-11df-8c50-001d7d825bed}.TMContainer00000000000000000001.regtrans-ms

[2010/05/08 14:51:40 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{9f24ced5-5ac9-11df-8c50-001d7d825bed}.TMContainer00000000000000000002.regtrans-ms

[2010/04/25 19:00:25 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{bd37a904-5099-11df-8a0a-001d7d825bed}.TM.blf

[2010/04/25 19:00:25 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{bd37a904-5099-11df-8a0a-001d7d825bed}.TMContainer00000000000000000001.regtrans-ms

[2010/04/25 19:00:25 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{bd37a904-5099-11df-8a0a-001d7d825bed}.TMContainer00000000000000000002.regtrans-ms

[2010/06/30 19:51:52 | 000,065,536 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{e366f94a-8498-11df-bbf1-f07fec58193b}.TM.blf

[2010/06/30 19:51:52 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{e366f94a-8498-11df-bbf1-f07fec58193b}.TMContainer00000000000000000001.regtrans-ms

[2010/06/30 19:51:52 | 000,524,288 | -HS- | M] () -- C:\Users\Adm\NTUSER.DAT{e366f94a-8498-11df-bbf1-f07fec58193b}.TMContainer00000000000000000002.regtrans-ms

[2010/04/22 19:42:14 | 000,000,020 | -HS- | M] () -- C:\Users\Adm\ntuser.ini

[2010/08/21 15:28:30 | 000,001,280 | RHS- | M] () -- C:\Users\Adm\ntuser.pol

========== Alternate Data Streams ==========

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:8927A071

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:AE9A5120

< End of report >

wings · Agosto 29, 2010

1.

*Baixe o SCRP e salve-o no desktop

*Extraia para o desktop

*Execute o SCRP, aguarde e clique em [OK]

2.

*Execute o OTL

*Em "Exames Personalizados/Correções" cole o código abaixo:

:Processes
explorer.exe

:OTL

O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1000\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

O3 - HKU\S-1-5-21-4262322605-869973698-12785198-1005\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Arquivos de Programas\Ask.com\GenericAskToolbar.dll (Search-Results)

:Commands

[sTART EXPLORER]

[REBOOT]

*Clique em [Consertar]

*O PC será reiniciado

*Cole o relatório criado em C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos

Informe como está o PC.

Lucas F. dos Santos · Agosto 30, 2010

Quando eu executo o OTL os ícones da área trabalho sumiram o o PC travou aguardei mais de uma hora, mas foi preciso reiniciar.

Fiz esse procedimento 3 vezes tendo sempre o mesmo resultado.

wings · Agosto 30, 2010

OK....

1.

*Baixe o AD-Remover e salve-o no desktop

*Execute o AD-Remover

*Clique [scan]....aguarde o término

*Cole o relatório C:\Ad-Report-SCAN.log

Lucas F. dos Santos · Setembro 1, 2010

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

Updated by C_XX on 26/07/10 at 12:00

Contact: AdRemover.contact[AT]gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 21:09:26 on 31/08/2010, Normal boot

Microsoft Windows 7 Ultimate (X86)

Adm@LUCAS-PC (Gigabyte Technology Co., Ltd. VM900M)

============== SEARCH ==============

0,Folder found: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File found: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

0,Folder found: C:\Program Files\Ask.com

3,File found: C:\Windows\Installer\32010.msi

3,File found: C:\Windows\Installer\6bd6c6.msi

-- File opened: C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\Prefs.js --

Line found: user_pref("CT2290987.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line found: user_pref("CT2290987.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT229...

Line found: user_pref("CT2405726.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...

Line found: user_pref("CT2405726.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...

Line found: user_pref("browser.search.defaultthis.engineName", "King Net Customized Web Search");

Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2290987&Sea...

Line found: user_pref("browser.search.selectedEngine", "King Net Customized Web Search");

-- File closed --

1,Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key found: HKCU\Software\Ask.com

0,Key found: HKCU\Software\AppDataLow\AskToolbarInfo

0,Key found: HKCU\Software\AppDataLow\Software\AskToolbar

3,Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Key found: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

0,Value found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

-- C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\am9hfvq6.default\Prefs.js --

browser.startup.homepage, hxxp://www.google.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Aline_2\AppData\Roaming\Mozilla\FireFox\Profiles\t1nwgdj8.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Aline_2\\Pictures\\BFF

browser.startup.homepage, www.google.com

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Alison\AppData\Roaming\Mozilla\FireFox\Profiles\ax0sbqfi.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Alison\\Desktop

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\Prefs.js --

browser.search.defaultenginename, Bing

browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2290987&SearchSource=3&q={searchTerms}

browser.search.selectedEngine, King Net Customized Web Search

browser.startup.homepage, hxxp://www.google.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=

========================================

** Internet Explorer Version [8.0.7600.16385] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Show_ToolBar: yes

Start Page: hxxp://int.search-results.com?o=102368&l=dis

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157

Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\Windows\System32\blank.htm

Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)

C:\Program Files\Ad-Remover\Backup: 1 File(s)

\Ad-Report-SCAN[1].txt - 31/08/2010 (5511 Byte(s))

End at: 21:14:12, 31/08/2010

============== E.O.F ==============

wings · Setembro 1, 2010

1.

*Baixe o SCRP e salve-o no desktop

*Extraia para o desktop

*Execute o SCRP, aguarde e clique [OK]

2.

*Execute o AD-Remover

*Clique [Clean]...aguarde o término. A reinicialização do PC poderá ser solicitada pelo programa.

*Cole o relatório C:\Ad-Report-CLEAN.log

Lucas F. dos Santos · Setembro 1, 2010

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

Updated by C_XX on 26/07/10 at 12:00

Contact: AdRemover.contact[AT]gmail.com

website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 21:37:05 on 31/08/2010, Normal boot

Microsoft Windows 7 Ultimate (X86)

Adm@LUCAS-PC (Gigabyte Technology Co., Ltd. VM900M)

============== ACTION(S) ==============

0,Folder deleted: C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,File deleted: C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar

0,Folder deleted: C:\Program Files\Ask.com

3,File deleted: C:\Windows\Installer\32010.msi

3,File deleted: C:\Windows\Installer\6bd6c6.msi

(!) -- Temporary files deleted.

-- File opened: C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\Prefs.js --

Line deleted: user_pref("CT2290987.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...

Line deleted: user_pref("CT2290987.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT229...

Line deleted: user_pref("CT2405726.SearchEngine", "Busca||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM...

Line deleted: user_pref("CT2405726.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240...

Line deleted: user_pref("browser.search.defaultthis.engineName", "King Net Customized Web Search");

Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2290987&Sea...

Line deleted: user_pref("browser.search.selectedEngine", "King Net Customized Web Search");

-- File closed --

1,Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

1,Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

1,Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

1,Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

1,Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd

0,Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1

0,Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL

1,Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

0,Key deleted: HKCU\Software\Ask.com

0,Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo

0,Key deleted: HKCU\Software\AppDataLow\Software\AskToolbar

3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

0,Key deleting error: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar (Error code: 1)

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{00000000-6E41-4FD3-8538-502F5495E5FC}

0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

-- C:\Users\Adm\AppData\Roaming\Mozilla\FireFox\Profiles\am9hfvq6.default\Prefs.js --

browser.startup.homepage, hxxp://www.google.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Aline_2\AppData\Roaming\Mozilla\FireFox\Profiles\t1nwgdj8.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Aline_2\\Pictures\\BFF

browser.startup.homepage, www.google.com

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Alison\AppData\Roaming\Mozilla\FireFox\Profiles\ax0sbqfi.default\Prefs.js --

browser.download.lastDir, C:\\Users\\Alison\\Desktop

browser.startup.homepage_override.mstone, rv:1.9.2.8

-- C:\Users\Lucas\AppData\Roaming\Mozilla\FireFox\Profiles\03pus5y3.default\Prefs.js --

browser.search.defaultenginename, Bing

browser.startup.homepage, hxxp://www.google.com.br/

browser.startup.homepage_override.mstone, rv:1.9.2.8

keyword.URL, hxxp://www.bing.com/search?FORM=IEFM1&q=

========================================

** Internet Explorer Version [8.0.7600.16385] **

[HKCU\Software\Microsoft\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]

AutoHide: yes

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\Windows\System32\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 12 File(s)

C:\Program Files\Ad-Remover\Backup: 16 File(s)

\Ad-Report-CLEAN[1].txt - 31/08/2010 (5648 Byte(s))

\Ad-Report-SCAN[1].txt - 31/08/2010 (5638 Byte(s))

End at: 21:40:31, 31/08/2010

============== E.O.F ==============

Lucas F. dos Santos · Setembro 1, 2010

Não deu certo continua abrindo uma pagina ---ográfica.

Oque você acha de formatar o HD??

Acho que não tem outra alternativa.

wings · Setembro 1, 2010

1.

*Execute o AD-Remover

*Clique [uninstall]

2.

*Baixe o Temp File Cleaner e salve-o no desktop

*Extraia para o desktop

*Feche o navegador

*Execute o Temp File Cleaner

*Clique [settings]

*Desmarque:

[] Delete System Restore Data

*Retorne a janela anterior

*Clique [Clean]

3.

*No Firefox, clique em [Ferramentas] > [Opções] > [Privacidade] > [Limpar todo o histórico atual] > [Limpar agora]

*Em "Avançado", clique [Rede] > [Limpar cahe agora]

Informe.

Lucas F. dos Santos · Setembro 2, 2010

Não deu certo continua aparecendo.

wings · Setembro 2, 2010

OK.....

1.

*Execute o OTL

*Em "Exames Personalizados/Correções" cole o código:

:Processes
killallprocesses

:Files

@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:8927A071

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:AE9A5120

:OTL

SRV - [2009/07/05 11:29:29 | 000,081,991 | ---- | M] (Helper) [Auto | Running] -- C:\Windows\System32\yeearmdc.exe

DRV - [2010/04/16 09:08:19 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

:Services

gdrv

:Commands

[Reboot]

*Clique em [Consertar]

*O PC será reiniciado

*Cole o relatório C:\_OTL\MovedFiles\MDA_HMS.log, onde MDA é mês/dia/ano e HMS é hora/minuto/segundos

2.

*Baixe o SystemLook e salve-o no desktop

*Execute o SystemLook

*Cole o código no espaço em branco:

:file

C:\Windows\System32\mscac-ocd.dll

C:\Windows\System32\mswan-oce.dll

C:\Windows\¬úZ

*Clique [Look]

*Cole o relatório SystemLook.txt localizado no desktop

Lucas F. dos Santos · Setembro 2, 2010

O OTL não roda no meu PC

Ele sempre trava.

Não sei se ajuda mas segue o relatorio do SystemLook

SystemLook 02.09.10 by jpshortstuff

Log created at 18:30 on 02/09/2010 by Adm

Administrator - Elevation successful

========== file ==========

C:\Windows\System32\mscac-ocd.dll - File found and opened.

MD5: D1E134C731D07B7F8C3E6DE710423276

Created at 14:45 on 09/01/2009

Modified at 14:45 on 09/01/2009

Size: 155648 bytes

Attributes: --a----

No version information available.

C:\Windows\System32\mswan-oce.dll - File found and opened.

MD5: 2075FCD488E6F2159E011ECF332FA3F3

Created at 21:26 on 07/03/2009

Modified at 21:26 on 07/03/2009

Size: 9836 bytes

Attributes: --a----

No version information available.

C:\Windows\¬úZ - File found and opened.

MD5: F9F4905664C5B42B49E78EFA12D1A6B6

Created at 00:19 on 20/04/2010

Modified at 00:19 on 20/04/2010

Size: 20 bytes

Attributes: --a----

No version information available.

-= EOF =-

wings · Setembro 2, 2010

1.

*Execute o OTL, clique [Limpeza] > [OK]

*O PC será reiniciado

2.

*Repita o procedimento do SystemLook para o arquivo:

C:\Windows\System32\yeearmdc.exe

Lucas F. dos Santos · Setembro 3, 2010

SystemLook 02.09.10 by jpshortstuff

Log created at 19:41 on 03/09/2010 by Adm

Administrator - Elevation successful

No Context: C:\Windows\System32\yeearmdc.exe

-= EOF =-

Arquivado

[Resolvido] &nbspPagina que se abre sozinha

Recommended Posts

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Mário Monteiro 179

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

Lucas F. dos Santos 0