[Arquivado] &nbspAnalise de log..

[maniagames100% 0]

Olá! Boa Tarde a todos.

 

Preciso de uma ajudinha aqui....

abaixo irei postar o log do Hijakthis..

 

É o seguinte, peguei um fdp de um virus, ja escaniei o pc, mas sempre fica aparecendo uma mensagem estranha, e o gadgets está com defeitos.. "antes desse virus tava tudo normal ... :o"

 

S.O: Windows seven ultimate 64bits

 

 

log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:29:34, on 17/11/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\nexcafe\NexServ.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\nexcafe\NexAdmin.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Servidor\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://go.microsoft.com/fwlink/?LinkId=69157'>http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

 

http://go.microsoft.com/fwlink/?LinkId=54896'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?

 

LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =

 

http://pk.msngames.info:8083/config.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {71e2a01d-715c-4c08-963a-c0b84fedadf8} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Sony Noise Gate - {20ED4EF2-F26E-4FCF-BA84-302EF546AD9B} - C:\ProgramData\{B97C0F23-196D-

 

11D1-B99B-00A0C9053912}\sfppack2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-

 

4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files

 

(x86)\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

 

\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:

 

\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

 

Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

 

\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files

 

(x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common

 

Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update

 

\jusched.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe"

 

/DelayServices

O4 - HKLM\..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU

 

\Scan2pc.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService

 

\issch.exe" -start

O4 - HKLM\..\Run: [AutoHelpDesk] C:\Users\Servidor\AppData\Local\Microsoft\Windows\Temporary

 

Internet Files\Content.IE5\JLQJFIH3\DiagnosticoBB[1].exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-

 

Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

 

'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User

 

'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft

 

Office\Office14\ONENOTEM.EXE

O4 - Global Startup: NexCafé NexServ.lnk = C:\nexcafe\NexServ.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Enviar para o OneNote - res://C:

 

\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files

 

\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files

 

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files

 

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files

 

\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:

 

\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google

 

Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O8 - Extra context menu item: SmarThru4 Capturar seleção - C:\Program Files (x86)\SmarThru

 

4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru

 

4\x64\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Salvar como HTML - C:\Program Files (x86)\SmarThru

 

4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Salvar texto selecionado - C:\Program Files (x86)\SmarThru

 

4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru

 

4\x64\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru

 

4\x64\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru

 

4\WebCapture.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 -

 

{0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion

 

\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004

 

- {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer

 

\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer

 

\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files

 

(x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no

 

file)

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:

 

\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-

 

EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files

 

(x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:

 

\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program

 

Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capturar seleção - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} -

 

C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program

 

Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Salvar como HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} -

 

C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:

 

\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Salvar texto selecionado - {F1F53366-3E11-47ab-BF84-

 

580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows

 

live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows

 

live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

 

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -

 

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

 

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

 

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{207B0D5E-BB71-4719-8BCE-770226D6F1B4}: NameServer =

 

62.151.2.8,62.151.8.100

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C32CB64-1D1A-45C2-9A14-D8787FB5B132}: NameServer =

 

201.10.128.2,201.10.120.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{207B0D5E-BB71-4719-8BCE-770226D6F1B4}: NameServer =

 

62.151.2.8,62.151.8.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{207B0D5E-BB71-4719-8BCE-770226D6F1B4}: NameServer =

 

62.151.2.8,62.151.8.100

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

 

\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live

 

\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files

 

(x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows

 

\System32\alg.exe (file missing)

O23 - Service: Serviço de estado do ASP.NET (aspnet_state) - Unknown owner - C:\Windows

 

\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows

 

\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows

 

\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common

 

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files

 

\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files

 

(x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file

 

missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file

 

missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton

 

AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows

 

\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows

 

\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:

 

\Windows\system32\lsass.exe (file missing)

O23 - Service: WPC Dumper (pwservice) - Unknown owner - C:\\pwservice.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows

 

\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows

 

\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows

 

\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows

 

\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows

 

\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows

 

\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows

 

\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows

 

\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows

 

\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows

 

\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows

 

\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:

 

\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown

 

owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 15506 bytes

[Renato Utsch 24]

Olá bom companheiro de SO!

 

Seja bem vindo à seção de Remoção de Malwares do IMasters.

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

[maniagames100% 0]

Olá bom companheiro de SO!

 

Seja bem vindo à seção de Remoção de Malwares do IMasters.

 

Por favor, siga as instruções abaixo:

 

Faça o Download do DDS e salve no Desktop (Área de trabalho).

 

• Temporariamente desative os seus programas de proteção.
  
• Duplo clique em dds.scr.
  
• Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
  
• Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
  
• Salve o resultado e cole-o no seu tópico.
  

 

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por ESTE link.

 

 

Abraços :D

 

 

Olá!

 

Aqui está o log

 

 

DDS (Ver_10-11-10.01) - NTFS_AMD64

Run by Servidor at 16:40:39,85 on 20/11/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2046.890 [GMT -3:00]

 

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\rundll32.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\nexcafe\NexServ.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\nexcafe\NexAdmin.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\msiexec.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Servidor\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page =

uStart Page = hxxp://google.com/

uSearch Bar =

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {71E2A01D-715C-4C08-963A-C0B84FEDADF8} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun

mRun: [stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe

mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start

mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

StartupFolder: C:\Users\Servidor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXCAF~1.LNK - C:\nexcafe\NexServ.exe

uPolicies-explorer: ForceStartMenuLogoff = 1 (0x1)

uPolicies-explorer: NoPrinters = 0 (0x0)

uPolicies-explorer: NoFileUrl = 0 (0x0)

uPolicies-explorer: NoSMMyPictures = 0 (0x0)

uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

uPolicies-explorer: NoWorkgroupContentes = 0 (0x0)

uPolicies-explorer: NoEntireNetwork = 0 (0x0)

uPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: ForceStartMenuLogoff = 1 (0x1)

mPolicies-explorer: NoPrinters = 0 (0x0)

mPolicies-explorer: NoFileUrl = 0 (0x0)

mPolicies-explorer: NoSMMyPictures = 0 (0x0)

mPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)

mPolicies-explorer: NoWorkgroupContentes = 0 (0x0)

mPolicies-explorer: NoEntireNetwork = 0 (0x0)

mPolicies-explorer: NoSimpleStartMenu = 0 (0x0)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Anexar a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Anexar destino do link a PDF existente - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter destino do link em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter em Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: SmarThru4 Capturar seleção - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm

IE: SmarThru4 Salvar como HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Salvar texto selecionado - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm

IE: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: {207B0D5E-BB71-4719-8BCE-770226D6F1B4} = 62.151.2.8,62.151.8.100

TCP: {9C32CB64-1D1A-45C2-9A14-D8787FB5B132} = 201.10.128.2,201.10.120.3

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399f83} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB-X64: {71E2A01D-715C-4C08-963A-C0B84FEDADF8} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook

 

============= SERVICES / DRIVERS ===============

 

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1201000.025\SymDS64.sys [2010-11-16 450096]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1201000.025\SymEFA64.sys [2010-11-16 821808]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-3 953904]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101119.001\IDSviA64.sys [2010-10-19 476720]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1201000.025\Ironx64.sys [2010-11-16 168496]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1201000.025\symnets.sys [2010-11-16 381488]

R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-2 48488]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2010-10-30 55072]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [2010-11-16 126904]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2008-10-27 11576]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-19 132656]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8023x64;Driver Realtek 10/100 NIC Family NDIS x64;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-11 136176]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-25 1436424]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]

S3 pwservice;WPC Dumper;C:\\pwservice.exe --> C:\\pwservice.exe [?]

S3 vvftav;vvftav;C:\Windows\System32\drivers\vvftav.sys [2010-5-20 300800]

S3 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-15 1255736]

S3 ZSMC30x;USB PC Camera Service ZSMC30x;C:\Windows\System32\drivers\ZS211.sys [2010-5-20 1556480]

S4 wlcrasvc;Windows Live Mesh remote connections service;"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" --> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [?]

 

=============== File Associations ===============

 

.scr=AutoCADScriptFile

 

=============== Created Last 30 ================

 

2010-11-19 19:26:29 77824 --s-a-w- C:\Windows\SysWow64\MSBIND.DLL

2010-11-19 19:24:50 644400 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2010-11-19 19:24:50 525352 ----a-w- C:\Windows\SysWow64\Dbgrid32.ocx

2010-11-19 19:24:50 299008 ----a-w- C:\Windows\SysWow64\MSDBRPTR.DLL

2010-11-19 19:24:50 275216 ----a-w- C:\Windows\SysWow64\msdatgrd.ocx

2010-11-19 19:24:50 234016 ----a-w- C:\Windows\SysWow64\Msdatlst.ocx

2010-11-19 19:24:50 118976 ----a-w- C:\Windows\SysWow64\MSADODC.OCX

2010-11-19 19:24:50 103744 ----a-w- C:\Windows\SysWow64\mscomm32.ocx

2010-11-19 19:24:50 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL

2010-11-19 19:24:46 -------- d-----w- C:\Desenvolvedores

2010-11-19 19:10:39 430080 ----a-w- C:\Windows\SysWow64\MSREPL35.DLL

2010-11-19 19:10:39 252176 ----a-w- C:\Windows\SysWow64\MSRD2X35.DLL

2010-11-19 19:10:39 24848 ----a-w- C:\Windows\SysWow64\MSJTER35.DLL

2010-11-19 19:10:39 123664 ----a-w- C:\Windows\SysWow64\MSJINT35.DLL

2010-11-19 19:10:39 1056768 ----a-w- C:\Windows\SysWow64\MSJET35.DLL

2010-11-19 19:10:38 -------- d-----w- C:\Program Files (x86)\Dígitus

2010-11-17 22:18:29 -------- d-----w- C:\Users\Servidor\AppData\Roaming\IObit

2010-11-17 22:18:29 -------- d-----w- C:\Program Files (x86)\IObit

2010-11-17 20:26:22 -------- d-----w- C:\Users\Servidor\AppData\Local\PackageAware

2010-11-16 22:37:32 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2

2010-11-16 15:37:43 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2010-11-16 15:37:42 -------- d-----w- C:\Program Files\Symantec

2010-11-16 15:37:42 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2010-11-16 15:37:04 821808 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\SymEFA64.sys

2010-11-16 15:37:04 715824 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\srtsp64.sys

2010-11-16 15:37:04 450096 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\SymDS64.sys

2010-11-16 15:37:04 40496 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\srtspx64.sys

2010-11-16 15:37:04 381488 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\symnets.sys

2010-11-16 15:37:04 168496 ----a-r- C:\Windows\System32\drivers\NAVx64\1201000.025\Ironx64.sys

2010-11-16 15:36:45 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1201000.025

2010-11-16 15:36:45 -------- d-----w- C:\Windows\System32\drivers\NAVx64

2010-11-16 15:36:42 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus

2010-11-16 15:36:01 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2010-11-15 23:50:38 17686528 ----a-w- C:\Windows\SysWow64\mkl_blueripple.dll

2010-11-15 23:50:36 809560 ----a-r- C:\Windows\SysWow64\tmp3054.tmp

2010-11-15 23:22:38 809560 ----a-r- C:\Windows\SysWow64\tmp96C2.tmp

2010-11-13 13:05:56 -------- d-----w- C:\Users\Servidor\AppData\Roaming\Windows Live Writer

2010-11-13 13:05:56 -------- d-----w- C:\Users\Servidor\AppData\Local\Windows Live Writer

2010-11-12 20:03:13 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{975F6681-C563-4E4A-844B-5A74AE5B8557}\mpengine.dll

2010-11-11 00:07:07 -------- d-----w- C:\PROGRA~3\KONAMI

2010-11-10 19:34:26 -------- d-----w- C:\Users\Servidor\AppData\Local\Scansoft

2010-11-10 19:25:14 -------- d-----w- C:\Program Files (x86)\ScanSoft

2010-11-10 19:17:59 65536 ----a-w- C:\Program Files (x86)\xerox\Xerox WorkCentre 3210\PSU\scantopc.dll

2010-11-10 19:16:56 765952 ------w- C:\Program Files (x86)\xerox\Xerox WorkCentre 3210\Install\Setup.exe

2010-11-10 19:15:59 5207832 ------w- C:\Program Files (x86)\xerox\Xerox WorkCentre 3210\Install\Application\SM\SPanel\Help\Flash_Shockwave_Full.exe

2010-11-08 01:28:05 65536 ----a-w- C:\Windows\SysWow64\IEMonitor.ocx

2010-11-08 01:28:05 203576 ----a-w- C:\Windows\SysWow64\RICHTX32.OCX

2010-11-08 01:28:05 139264 ----a-w- C:\Windows\SysWow64\vbSendMail.dll

2010-11-08 01:28:05 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2010-11-08 01:28:05 108336 ----a-w- C:\Windows\SysWow64\MSWINSCK.OCX

2010-11-08 01:28:04 -------- d-sh--w- C:\Windows\SysWow64\svdir

2010-11-07 01:34:58 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-11-07 01:34:58 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-11-07 00:56:00 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2010-11-07 00:56:00 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2010-11-07 00:56:00 552960 ----a-w- C:\Windows\System32\msdri.dll

2010-11-07 00:55:59 288256 ----a-w- C:\Windows\System32\MSNP.ax

2010-11-07 00:55:59 258560 ----a-w- C:\Windows\System32\mpg2splt.ax

2010-11-07 00:55:59 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax

2010-11-07 00:55:59 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2010-11-06 23:56:32 861184 ----a-w- C:\Windows\System32\oleaut32.dll

2010-11-06 23:56:32 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2010-11-06 23:56:00 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2010-11-06 23:48:37 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-11-06 23:48:37 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-11-06 23:34:11 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2010-11-06 23:28:27 -------- d-----w- C:\Windows\PCHEALTH

2010-11-06 23:12:57 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2010-11-05 02:47:56 -------- d-----w- C:\Users\Servidor\AppData\Local\Autodesk

2010-11-05 02:47:56 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared

2010-11-05 02:47:56 -------- d-----w- C:\Program Files\Autodesk

2010-11-05 02:43:05 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared

2010-11-05 02:43:05 -------- d-----w- C:\Program Files (x86)\Autodesk

2010-11-05 02:40:28 -------- d-----w- C:\Users\Servidor\AppData\Roaming\Autodesk

2010-11-04 00:58:09 210944 ----a-w- C:\Users\Servidor\profileuser.dll

2010-11-02 15:47:57 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2010-11-02 15:25:57 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3ef801181cb7aa205\MeshBetaRemover.exe

2010-11-02 15:25:50 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3a05a5061cb7aa204\DSETUP.dll

2010-11-02 15:25:50 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3a05a5061cb7aa204\DXSETUP.exe

2010-11-02 15:25:50 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3a05a5061cb7aa204\dsetup32.dll

2010-11-02 15:23:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f08beb511cb7aa103\DSETUP.dll

2010-11-02 15:23:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f08beb511cb7aa103\DXSETUP.exe

2010-11-02 15:23:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\f08beb511cb7aa103\dsetup32.dll

2010-11-02 15:18:50 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2010-11-02 15:18:50 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2010-11-02 15:18:50 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2010-11-02 15:18:50 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2010-11-02 15:13:58 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll

2010-11-02 15:13:58 206848 ----a-w- C:\Windows\System32\mfps.dll

2010-11-02 15:13:58 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll

2010-11-02 15:13:58 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2010-11-02 15:13:58 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2010-11-02 15:13:57 4068864 ----a-w- C:\Windows\System32\mf.dll

2010-11-02 15:13:56 3181568 ----a-w- C:\Windows\SysWow64\mf.dll

2010-11-02 15:06:40 -------- d-----w- C:\Users\Servidor\AppData\Local\Windows Live

2010-10-25 18:47:37 -------- d-----w- C:\PROGRA~3\ALM

2010-10-25 18:38:20 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2010-10-25 18:28:21 -------- d-----w- C:\Windows\SysWow64\spool

2010-10-25 18:24:58 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2010-10-25 18:20:58 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2010-10-25 14:10:04 -------- d-----w- C:\PROGRA~3\Alwil Software

2010-10-24 18:36:55 -------- d-----w- C:\PROGRA~3\Corel

2010-10-23 00:42:03 -------- d-----w- C:\Users\Servidor\AppData\Roaming\UltraVNC

 

==================== Find3M ====================

 

2010-10-26 15:41:20 183112 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2010-10-19 14:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-10-16 17:29:09 2560 ----a-w- C:\Windows\_MSRSTRT.EXE

2010-10-15 22:40:36 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx

2010-10-15 03:10:17 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-10-14 04:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll

2010-10-14 04:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

2010-09-23 03:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-23 03:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 17:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 17:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-11 10:45:28 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2010-09-11 10:45:28 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-06 17:13:12 489984 ----a-w- C:\Windows\SysWow64\dvmc.exe

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-02-10 19:18:42 2131336 ----a-w- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe

 

============= FINISH: 16:41:43,20 ===============

[maniagames100% 0]

Olha!

 

Ja formatei o pc! Agora estou com o S.O - Windwos Seven 32 Bits. PT.

Mas, agora "todos" as pastas e arquivos da unidade d: estão com "segurança", e para mim acessar preciso dar permição em "propriedades/seguraça" um por um .. affs

 

o que eu faço?

[wings 22]

Olha!

 

Ja formatei o pc! Agora estou com o S.O - Windwos Seven 32 Bits. PT.

Mas, agora "todos" as pastas e arquivos da unidade d: estão com "segurança", e para mim acessar preciso dar permição em "propriedades/seguraça" um por um .. affs

 

o que eu faço?

Parece ser este o procedimento mesmo....

 

http://www.baixaki.com.br/tecnologia/3098-dicas-do-windows-7-como-obter-permissoes-para-acessar-arquivos-e-pastas.htm

[maniagames100% 0]

Olha!

 

Ja formatei o pc! Agora estou com o S.O - Windwos Seven 32 Bits. PT.

Mas, agora "todos" as pastas e arquivos da unidade d: estão com "segurança", e para mim acessar preciso dar permição em "propriedades/seguraça" um por um .. affs

 

o que eu faço?

Parece ser este o procedimento mesmo....

 

http://www.baixaki.com.br/tecnologia/3098-dicas-do-windows-7-como-obter-permissoes-para-acessar-arquivos-e-pastas.htm

 

 

Ok,

 

É exatamente isso mesmo que estou fazendo, mas gostaria de saber se existe alguma outra maneira de liberar as permições para "todas" as pastas e arquivos da unidade de uma vez só, sem precisar dar permição pasta por pasta!!!

 

Existe alguma forma de fazer isso?

 

Desde já obrigado.

[wings 22]

Veja se desativando o UAC desaparece estes pedidos:

 

*Clique em [iniciar] > Painel de Controle (Control Panel) > Sistema e Segurança (System and Security) > Mudar Controle de Conta de Usuário (Change user account control settings)

 

*Abrirá uma janela com os níveis de controle. Deixe no nível mínimo, "Never Notify", e aperte em Ok

 

 

*Reinicie o PC

 

Caso positivo, tome cuidado ao executar arquivos desconhecidos. Esta é uma medida de segurança imposta pelo sistema. Fique ligado!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.