Meu Windows Update sumiu e a Central de Segurança do Windows não funci

[Kellison Lima 0]

Olá, Seguem os LOGS. O Log do ESET On-Line só tem 3 linhas. É assim mesmo? [A verificação foi completa. Demorou pakas. E detectou 19 virus/erros]

Tem vezes que ele dá esse erro no log e não mostra os arquivos excluidos. Mas neste caso estes 19 virus que ele encontrou foram removidos?

 

 

Sim, todos!

[Power Max 54]

:seta: Siga então, por gentileza, esta dica:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

[Kellison Lima 0]

:seta: Siga então, por gentileza, esta dica:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

 

 

Olá, não consegui realizar a verificação ON-Line. No procedimento inicial, a atualização trava. Algumas vezes, acusa erro no update. E quando peço para fazer a verificação, ele diz que não é possível.

 

No aguardo!

[Power Max 54]

Olá, não consegui realizar a verificação ON-Line. No procedimento inicial, a atualização trava. Algumas vezes, acusa erro no update. E quando peço para fazer a verificação, ele diz que não é possível.

 

No aguardo!

:seta: Siga então, por gentileza, as dicas deste tutorial:

 

Tutorial do F-Secure Easy Clean

 

Na sua próxima resposta poste um novo log do Hijackthis e nos diga se algum problema foi removido pelo F-Secure Easy Clean (de preferência tire um Print Screen da tela dele quando terminar o escaneamento para vermos quais problemas foram removidos por ele e poste esta imagem na sua próxima resposta) e nos diga como está seu PC depois disto.

 

Ficamos na espera.

[Kellison Lima 0]

Olá, não consegui realizar a verificação ON-Line. No procedimento inicial, a atualização trava. Algumas vezes, acusa erro no update. E quando peço para fazer a verificação, ele diz que não é possível.

 

No aguardo!

:seta: Siga então, por gentileza, as dicas deste tutorial:

 

Tutorial do F-Secure Easy Clean

 

Na sua próxima resposta poste um novo log do Hijackthis e nos diga se algum problema foi removido pelo F-Secure Easy Clean (de preferência tire um Print Screen da tela dele quando terminar o escaneamento para vermos quais problemas foram removidos por ele e poste esta imagem na sua próxima resposta) e nos diga como está seu PC depois disto.

 

Ficamos na espera.

 

Olá, seguem o log e o print. O pc continua na mesma.

 

--------------------

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 12:09:24, on 16/01/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\bh\BabylonToolbar.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" -H

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8456 bytes

 

---------------

 

 

---------------

 

No aguardo,

Abraços.

[Power Max 54]

:) O log do F-Secure Easy Clean está limpo.

____________________

 

Meu Windows Update não está instalado [nem instalar, dá erro] e a Central de Segurança do Windows não funfa de jeito nenhum.

:seta: Siga esta dica, por gentileza:

 

Microsoft Fix it Center: Software corrige erros básicos do seu Windows (assista o vídeo que está nesta matéria para ver como usá-lo corretamente)

_____________________

 

:seta: Depois nos diga se resolveu.

[Kellison Lima 0]

:) O log do F-Secure Easy Clean está limpo.

____________________

 

Meu Windows Update não está instalado [nem instalar, dá erro] e a Central de Segurança do Windows não funfa de jeito nenhum.

:seta: Siga esta dica, por gentileza:

 

Microsoft Fix it Center: Software corrige erros básicos do seu Windows (assista o vídeo que está nesta matéria para ver como usá-lo corretamente)

_____________________

 

:seta: Depois nos diga se resolveu.

 

Olá, o programa não detectou problemas no Windows Update. Fiz todas as verificações. O PC continua na mesma.

 

No aguardo.

[Power Max 54]

Olá, o programa não detectou problemas no Windows Update. Fiz todas as verificações. O PC continua na mesma.

Quando você tenta fazer o Windows Update, qual mensagem de erro aparece exatamente? Se aparecer um número do erro, diga qual é este número também, isto facilita para acharmos a solução.

[Kellison Lima 0]

Olá, o programa não detectou problemas no Windows Update. Fiz todas as verificações. O PC continua na mesma.

Quando você tenta fazer o Windows Update, qual mensagem de erro aparece exatamente? Se aparecer um número do erro, diga qual é este número também, isto facilita para acharmos a solução.

 

Olá, copiei e vou colar a parte do Windows Update:

 

"Windows Update Detalhes do fornecedor

 

Problemas verificados

A hora do sistema está incorretaA hora do sistema está incorreta

Uma data ou hora incorreta pode impedir que as atualizações sejam baixadas e instaladas. Verificado

Configurações de firewall ou proxy inválidasConfigurações de firewall ou proxy inválidas

As configurações de firewall ou proxy inválidas podem impedir que seu computador baixe as atualizações. Verificado

Os problemas temporários de rede estão interferindo no Windows UpdateOs problemas temporários de rede estão interferindo no Windows Update

Os problemas temporários de rede estão impedindo que seu computador examine o servidor do Windows Update e baixe as atualizações. Verificado

Os serviços do Windows Update estão desabilitadosOs serviços do Windows Update estão desabilitados

Os serviços do Windows Update devem ser habilitados para atualizações automáticas para funcionar corretamente. Verificado

Os serviços do Windows Update estão paradosOs serviços do Windows Update estão parados

Os serviços do Windows Update precisam estar em execução para as atualizações automáticas funcionarem corretamente. Verificado

 

Problemas verificados Detalhes de detecção

 

6 A hora do sistema está incorreta Verificado

 

Uma data ou hora incorreta pode impedir que as atualizações sejam baixadas e instaladas.

Verifique e ajuste as configurações de data e hora Não Executado

 

Ajustar a hora do sistema no painel de controle de data e hora pode ajudar a corrigir os problemas do Windows Update.

 

6 Configurações de firewall ou proxy inválidas Verificado

 

As configurações de firewall ou proxy inválidas podem impedir que seu computador baixe as atualizações.

Examine o computador em busca de vírus que podem causar esse erro Não Executado

 

Um vírus ou um cavalo de tróia podem estar manipulando seu computador de tal forma que as atualizações não podem ser baixadas apropriadamente.

 

6 Os problemas temporários de rede estão interferindo no Windows Update Verificado

 

Os problemas temporários de rede estão impedindo que seu computador examine o servidor do Windows Update e baixe as atualizações.

Tente executar novamente o Windows Update Não Executado

 

Em geral, o problema de rede temporário desaparece em 10 ou 15 minutos.

 

6 Os serviços do Windows Update estão desabilitados Verificado

 

Os serviços do Windows Update devem ser habilitados para atualizações automáticas para funcionar corretamente.

Habilitar e iniciar os serviços do Windows Update Não Executado

 

Habilitando e iniciando os serviços necessários do Windows Update pode resolver o problema do Windows Update.

 

6 Os serviços do Windows Update estão parados Verificado

 

Os serviços do Windows Update precisam estar em execução para as atualizações automáticas funcionarem corretamente.

Iniciar os serviços do Windows Update Não Executado

 

Os serviços do Windows Update devem estar executando durante toda a fase do Windows Update.

 

 

Detalhes de detecção

 

Arquivo de eventos do Windows Update

Anexe o arquivo Microsoft-Windows-WindowsUpdateClient%4Operational.evtx

 

 

--------------------------------------------------------------------------------

Nome do Arquivo: Microsoft-Windows-WindowsUpdateClient%4Operational.evtx

 

 

Arquivo de Registro do Windows Update

Anexe o arquivo windowsupdate.log à pasta %windir%

 

 

--------------------------------------------------------------------------------

Nome do Arquivo: WindowsUpdate.log

 

 

Arquivo de Registro de Eventos de Relatórios do Windows Update

Anexe o arquivo ReportingEvents.log à pasta %windir%\SoftwareDistribution

 

 

--------------------------------------------------------------------------------

Nome do Arquivo: ReportingEvents.log

 

 

Informações de coleta

Nome do Computador: KELLISON-PC

Versão do Windows: 6.1

Arquitetura: amd64

Hora: domingo, 16 de janeiro de 2011 19:29:16

 

Detalhes do fornecedor

 

Windows Update

Resolver problemas que o impedem de atualizar o Windows.

Versão do Pacote: 3.0

Fornecedor: Microsoft Corporation "

[Power Max 54]

Aparentemente estes problemas não estão sendo causados por malwares. Mas vamos fazer mais este teste para ver se ainda há algo que esteja infiltrado no PC:

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

• Faça o download do Superantispyware;

• Dê um duplo clique no ícone do programa e instale-o clicando em (Next > Aceite o contrato > Next > Next > escolha a opção de salvá-lo na pasta de Arquivos de Programas > Next > Next > aguarde a instalação > clique no botão Finish.

• Aparecerá uma caixa pedindo para que seja escolhida o seu idioma, escolha a opção de Portuguese (BR) e clique no botão Ok.

• Aparecerá uma mensagem perguntando: “Você quer que o SUPERAntiSpyware procure as regras e definições atuais agora (Recomendado)? Conecte o computador à Internet e clique no botão Sim. Aguarde a sua atualização

• Surgirá mais uma tela, clique no botão Avançar > – Avançar > – Avançar > - Avançar > – Concluir.

• Aparecerá uma janela perguntando se você deseja proteger a sua página inicial do Internet Explorer contra mudanças. Escolha a opção desejada.

• Reinicie o computador,em Modo de Segurança (apertando a tecla F8 (ou a tecla F5 em alguns computadores) repetidas vezes quando o computador estiver reiniciando e escolhendo a opção Modo Seguro ou Modo de Segurança);

• Caso não seja possível reiniciar o computador em Modo de segurança, faça o escaneamento no modo normal.

• Execute o SuperAntispyware e clique em: Escaneia seu PC...

• Em Local de escaneamento escolha: C:\ Fixed Drive ( NTFS ) e se você tiver outros discos a serem escaneados marque-os também;

• Marque a opção Faz Escaneamento Completo;

• Clique em Avançar. Aguarde!

• Terminando,abrir-se-à a janela: Resumo de Escaneamento SUPERAntiSpyware. Clique no botão Ok. Clique no botão Avançar > para que as ameaças sejam excluídas.

• Poderá aparecer uma mensagem perguntando se você deseja que o computador seja reiniciado para que os itens sejam excluídos. Clique em Sim.

• Após o reinício do PC, clique com o botão direito do mouse sobre o ícone do SUPERAntiSpyware ao lado do relógio do Windows e escolha a opção – Ver Centro de Controle (Preferências/Opções)... – clique na aba: Estatísticas/Arquivos de Log - Dê um duplo clique com o botão esquerdo do mouse sobre o log e será aberta uma tela com o log, então é só selecionar este Log (Clique no menu: Editar » Selecionar Tudo), depois disso volte novamente no menu: Editar » e clique na opção: Copiar).

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados.

• Ficamos no aguardo.

[Kellison Lima 0]

 

• Depois disso é só voltar aqui no fórum e postar este log do SUPERAntiSpyware juntamente com um novo log do Hijackthis para que eles possam ser analizados.

• Ficamos no aguardo.

 

Olá, fiz tudo e o PC continua na mesma.

 

Seguem os logs.

 

-------------------

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 01/17/2011 at 08:01 PM

 

Application Version : 4.48.1000

 

Core Rules Database Version : 6219

Trace Rules Database Version: 4031

 

Scan type : Complete Scan

Total Scan Time : 01:08:03

 

Memory items scanned : 330

Memory threats detected : 0

Registry items scanned : 14463

Registry threats detected : 0

File items scanned : 47253

File threats detected : 205

 

Adware.Tracking Cookie

www.99counters.com [ C:\Users\Kellison\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EVXHFSZW ]

C:\Users\Kellison\AppData\Roaming\Microsoft\Windows\Cookies\Low\kellison@ads.abril.com[1].txt

C:\Users\Kellison\AppData\Roaming\Microsoft\Windows\Cookies\Low\kellison@adserver.tudonahora.com[2].txt

.doubleclick.net [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

adserver.tudonahora.com.br [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

adserver.tudonahora.com.br [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

ads2.globo.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

adserver.dialhost.com.br [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.atdmt.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.atdmt.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.atdmt.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.atdmt.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

in.getclicky.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.statcounter.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.statcounter.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

s08.flagcounter.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.insighttemplates.googlecode.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.yadro.ru [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

banners.argohost.net [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.content.yieldmanager.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.mediaplex.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.mediaplex.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.ero-advertising.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.specificclick.net [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.media6degrees.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.media6degrees.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

flagcounter.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

accounts.pkr.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

wstat.wibiya.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

uaibanners8.uai.com.br [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.toplist.cz [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.casalemedia.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

tabelas.tripod.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.casalemedia.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.casalemedia.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.casalemedia.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.tripod.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.casalemedia.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

fl01.ct2.comclick.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

fl01.ct2.comclick.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.bs.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.serving-sys.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

tracking1.aleadpay.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.clicksor.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.clicksor.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.myroitracking.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.clicksor.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.clicksor.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.clicksor.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.imrworldwide.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

.imrworldwide.com [ C:\Users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\cookies.txt ]

C:\Users\Os Outros\AppData\Local\Temp\Cookies\os_outros@atdmt[1].txt

C:\Users\Os Outros\AppData\Local\Temp\Low\Cookies\os_outros@msnportal.112.2o7[1].txt

C:\Users\Os Outros\AppData\Local\Temp\Low\Cookies\os_outros@atdmt[1].txt

C:\Users\Os Outros\AppData\Local\Temp\Low\Cookies\os_outros@doubleclick[1].txt

banners.argohost.net [ C:\Users\Os Outros\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKCCXT3S ]

secure-us.imrworldwide.com [ C:\Users\Os Outros\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKCCXT3S ]

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@oas.adservingml[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@pointroll[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads2.globo[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@media6degrees[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ad.wsod[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@in.getclicky[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@adservingml[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ad.hardmob.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.pubmatic[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@imrworldwide[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.minhavida.com[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@adserver.jacotei.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ad.zanox[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.abril.com[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.campus-party[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.febinformatica.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.obaoba.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@ads.xpg.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@adserver.dialhost.com[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@adserver.tudonahora.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@adv.linhadefensiva.com[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@atdmt[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@banners.argohost[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@doubleclick[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@eas.apm.emediate[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@msnportal.112.2o7[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@statcounter[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@www.free-counter[1].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@www.googleadservices[2].txt

C:\Users\Os Outros\AppData\Roaming\Microsoft\Windows\Cookies\Low\os_outros@www.googleadservices[3].txt

.doubleclick.net [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.apmebf.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.mediaplex.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.mediaplex.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

ad.yieldmanager.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.bs.serving-sys.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.statcounter.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.xiti.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.adbrite.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.adbrite.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.adbrite.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.specificclick.net [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.msnportal.112.2o7.net [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.atdmt.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.atdmt.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.imrworldwide.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

.imrworldwide.com [ C:\Users\Os Outros\AppData\Roaming\Mozilla\Firefox\Profiles\shnmdo8j.default\cookies.txt ]

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@adservingml[1].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@in.getclicky[1].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@atdmt[2].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@atdmt[3].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@www6.addfreestats[1].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@oas.adservingml[1].txt

C:\Windows.old\Documents and Settings\Kellison&Dani\Cookies\kellison&dani@msnportal.112.2o7[1].txt

wwwstatic.mega---.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\TMEPUBXM ]

.doubleclick.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

banners.argohost.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.statcounter.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

in.getclicky.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

banners3.spacash.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

www.sexorkut.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.content.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.content.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

track.ozonion.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

sexomaneiro.blogspot.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

.msnportal.112.2o7.net [ C:\Windows.old\Documents and Settings\Kellison&Dani\Dados de aplicativos\Mozilla\Firefox\Profiles\anbznfnk.default\cookies.txt ]

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@ads.spaceprod.com[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@msnportal.112.2o7[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@casalemedia[2].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@serving-sys[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@content.yieldmanager[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@terra.112.2o7[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@bs.serving-sys[2].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@ad.yieldmanager[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@atdmt[2].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@adserver.tudonahora.com[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@ads.4shared[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@xiti[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@specificclick[2].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@doubleclick[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@clickjogos.uol.com[1].txt

C:\Windows.old\Documents and Settings\Robert's\Cookies\robert's@statcounter[1].txt

secure-us.imrworldwide.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\B5DF2DY9 ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.atdmt.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.questionmarket.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.questionmarket.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.clickjogos.uol.com.br [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.clickjogos.uol.com.br [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.doubleclick.net [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.statcounter.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

ad.yieldmanager.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.apmebf.com [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

adserver.tudonahora.com.br [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

.msnportal.112.2o7.net [ C:\Windows.old\Documents and Settings\Robert's\Dados de aplicativos\Mozilla\Firefox\Profiles\rfscmcky.default\cookies.txt ]

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@ads.minhavida.com[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@atdmt[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@www6.addfreestats[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@click.superpaysys[2].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@serving-sys[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@adserver.tudonahora.com[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@doubleclick[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@bs.serving-sys[1].txt

C:\Windows.old\Documents and Settings\Vera&Cicero\Cookies\vera&cicero@accounts[2].txt

secure-us.imrworldwide.com [ C:\Windows.old\Documents and Settings\Vera&Cicero\Dados de aplicativos\Macromedia\Flash Player\#SharedObjects\JQRKV3X3 ]

.doubleclick.net [ C:\Windows.old\Documents and Settings\Vera&Cicero\Dados de aplicativos\Mozilla\Firefox\Profiles\ns067at4.default\cookies.txt ]

 

Rogue.Agent/Gen-Nullo[DLL]

C:\WINDOWS\UA000011.DLL

 

Trojan.Unclassified/Loader-Suspicious

D:\KELLISøN\JOGOS\ACTUA\ACTUA_SOCCERC\LOADER.EXE

 

Trojan.Agent/CDesc[Generic]

D:\KELLISøN\PROGRAMAS\EMULADOR\PLAYSTATION 1 & 2\EPSXE160\PLUGINS\SPUIORI.DLL

 

-------------

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 20:15:09, on 17/01/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\bh\BabylonToolbar.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" -H

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8610 bytes

 

 

------------

 

No aguardo.

[Power Max 54]

:) Vários problemas foram encontrados pelo SuperAntispyware. Você removeu todos estes problemas encontrados? Caso não tenha removido, remova.

_____________________

 

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

 

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

 

 

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

 

 

* Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

 

 

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

[Kellison Lima 0]

:) Vários problemas foram encontrados pelo SuperAntispyware. Você removeu todos estes problemas encontrados? Caso não tenha removido, remova.

_____________________

 

 

Poste o log do Combofix que estará em C:\ComboFix.txt juntamente com um novo log do Hijackthis em sua próxima resposta e nos diga como está o seu PC depois disto.

 

Ficamos no aguardo.

 

Olá, segue os logs. Pc ainda com problemas.

 

-----------------

 

ComboFix 11-01-17.04 - Kellison 18/01/2011 10:26:53.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2038.1194 [GMT -3:00]

Executando de: c:\users\Kellison\Desktop\ComboFix.exe

* Criado um novo ponto de restauração

.

ADS - drivers: deleted 304 bytes in 1 streams.

 

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\rrt_is.wav

c:\windows\system32\rrt_tn.wav

c:\windows\system32\rrt_tv.wav

c:\windows\system32\rrt_vf.wav

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\rrt_is.wav

c:\windows\SysWow64\rrt_tn.wav

c:\windows\SysWow64\rrt_tv.wav

c:\windows\SysWow64\rrt_vf.wav

c:\windows\SysWow64\wpcap.dll

c:\windows\SysWow64\YHF

c:\windows\SysWow64\YHF\QJTN.001

c:\windows\SysWow64\YHF\QJTN.002

c:\windows\SysWow64\YHF\QJTN.005

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_npf

 

 

(((((((((((((((( Arquivos/Ficheiros criados de 2010-12-18 to 2011-01-18 ))))))))))))))))))))))))))))

.

 

2011-01-18 13:38 . 2011-01-18 13:38 -------- d-----w- c:\users\Os Outros\AppData\Local\temp

2011-01-18 13:38 . 2011-01-18 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-17 23:35 . 2011-01-17 23:35 -------- d-----w- c:\program files (x86)\SopCast

2011-01-17 20:57 . 2011-01-17 20:57 -------- d-----w- c:\users\Kellison\AppData\Roaming\SUPERAntiSpyware.com

2011-01-17 20:57 . 2011-01-17 20:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2011-01-17 20:57 . 2011-01-17 20:57 -------- d-----w- c:\programdata\!SASCORE

2011-01-17 20:57 . 2011-01-17 20:57 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-01-16 21:46 . 2011-01-16 21:46 -------- d-----w- c:\users\Kellison\AppData\Local\FixItCenter

2011-01-16 21:28 . 2011-01-16 21:28 -------- d-----w- c:\windows\MATS

2011-01-16 21:28 . 2011-01-16 21:28 -------- d-----w- c:\program files\Microsoft Fix it Center

2011-01-16 14:55 . 2011-01-16 14:55 42664 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys

2011-01-16 00:11 . 2011-01-16 03:00 -------- d-----w- c:\windows\BDOSCAN8

2011-01-13 19:51 . 2011-01-13 19:51 -------- d-----w- C:\3c31dac6fad9dafc60f8825a0e

2011-01-13 14:04 . 2011-01-13 14:04 -------- d-----w- c:\program files (x86)\ESET

2011-01-12 21:08 . 2005-08-04 21:54 40960 ------w- c:\windows\SysWow64\Ulead Photo Express ScreenSaver.scr

2011-01-12 16:10 . 2011-01-12 18:21 -------- d-----w- c:\programdata\Kaspersky Lab

2011-01-12 16:09 . 2009-10-22 15:54 40464 ----a-w- c:\windows\system32\drivers\98438142.sys

2011-01-12 16:09 . 2009-10-10 01:30 352784 ----a-w- c:\windows\system32\drivers\9843814.sys

2011-01-12 16:09 . 2009-09-25 19:59 157712 ----a-w- c:\windows\system32\drivers\98438141.sys

2011-01-12 02:29 . 2011-01-12 02:29 -------- d-----w- c:\users\Kellison\AppData\Roaming\Ulead Systems

2011-01-12 02:18 . 2011-01-12 21:05 -------- d-----w- c:\program files (x86)\Ulead Systems

2011-01-11 21:40 . 2011-01-12 13:19 -------- d-----w- c:\programdata\Ulead Systems

2011-01-11 21:19 . 2011-01-11 21:19 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems

2011-01-11 21:19 . 2003-06-20 23:00 27200 ------w- c:\windows\SysWow64\ctl3dv2.dll

2011-01-11 18:02 . 2011-01-11 18:02 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2011-01-11 17:40 . 2011-01-11 18:03 -------- d-----w- c:\program files (x86)\Spyware Doctor

2011-01-11 17:40 . 2011-01-11 17:40 -------- d-----w- c:\users\Kellison\AppData\Roaming\PC Tools

2011-01-11 17:40 . 2011-01-11 17:40 -------- d-----w- c:\programdata\PC Tools

2011-01-11 16:55 . 2011-01-11 16:55 -------- d-----w- C:\PenClean

2011-01-10 22:30 . 2011-01-10 22:44 -------- d-----w- C:\UsbFix

2011-01-08 16:42 . 2011-01-08 16:42 -------- d-----w- c:\users\Os Outros\IGC

2011-01-08 16:42 . 2011-01-08 16:42 -------- d-----w- c:\users\Os Outros\AppData\Roaming\IGC

2011-01-04 03:19 . 2011-01-04 03:19 -------- d-----w- c:\program files (x86)\Quality Capture

2011-01-03 23:02 . 2011-01-03 23:02 -------- d-----w- C:\3a16e324bcfe7f73422ea1

2011-01-03 23:02 . 2011-01-03 23:02 -------- d-----w- C:\80f43168f034cb0d5c

2011-01-02 22:09 . 2011-01-02 22:09 -------- d-----w- c:\users\Kellison\AppData\Roaming\Boilsoft

2011-01-02 22:09 . 2011-01-02 22:09 -------- d-----w- c:\program files (x86)\Boilsoft Video Splitter

2010-12-31 01:34 . 2010-12-31 01:34 -------- d-----w- c:\users\Kellison\AppData\Roaming\Malwarebytes

2010-12-31 01:34 . 2010-12-20 21:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-31 01:34 . 2010-12-31 01:34 -------- d-----w- c:\programdata\Malwarebytes

2010-12-31 01:34 . 2010-12-31 01:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-12-31 01:34 . 2010-12-20 21:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-30 14:23 . 2010-12-30 14:24 -------- d-----w- C:\71aec7b93e9171de1cc4

2010-12-30 07:05 . 2010-12-30 07:41 -------- d-----w- c:\program files (x86)\Unlocker

2010-12-30 06:29 . 2011-01-18 13:42 -------- d-----w- c:\windows\system32\wbem\repository

2010-12-30 06:28 . 2010-12-30 06:28 -------- d-----w- c:\windows\system32\wbem\Logs

2010-12-30 05:54 . 2009-08-07 02:24 38112 ----a-w- c:\windows\system32\wups.dll

2010-12-30 05:54 . 2009-08-07 02:23 700640 ----a-w- c:\windows\system32\wuapi.dll

2010-12-30 05:54 . 2009-08-07 01:59 98816 ----a-w- c:\windows\system32\wudriver.dll

2010-12-30 05:54 . 2009-08-06 22:23 185416 ----a-w- c:\windows\system32\wuwebv.dll

2010-12-30 05:54 . 2009-08-06 21:59 36864 ----a-w- c:\windows\system32\wuapp.exe

2010-12-30 05:53 . 2009-08-07 02:24 43744 ----a-w- c:\windows\system32\wups2.dll

2010-12-30 05:53 . 2009-08-07 02:24 57560 ----a-w- c:\windows\system32\wuauclt.exe

2010-12-30 05:53 . 2009-08-07 01:59 2621440 ----a-w- c:\windows\system32\wucltux.dll

2010-12-30 05:53 . 2009-08-07 02:24 2424024 ----a-w- c:\windows\system32\wuaueng.dll

2010-12-30 05:52 . 2010-12-30 05:54 -------- d-----w- C:\af91fe3ffff0461ff79ba40ce9c1f465

2010-12-30 04:56 . 2003-08-07 18:19 49152 ----a-w- c:\windows\amcap.exe

2010-12-30 04:56 . 2004-02-24 19:00 49152 ----a-w- c:\windows\Vm_sti.exe

2010-12-30 04:56 . 2003-05-15 20:17 61440 ----a-w- c:\windows\SysWow64\VM31bSTI.dll

2010-12-30 04:56 . 2000-10-31 15:00 307200 ----a-w- c:\windows\vidcap32.Exe

2010-12-30 04:56 . 2010-12-30 04:56 -------- d-----w- c:\windows\CatRoot

2010-12-30 04:56 . 2010-12-30 04:56 -------- d-----w- c:\program files (x86)\Vimicro

2010-12-30 04:56 . 2004-08-31 16:26 233539 ----a-w- c:\windows\SysWow64\VM31bPrp.Ax

2010-12-30 04:56 . 2004-08-17 14:44 91263 ----a-w- c:\windows\SysWow64\drivers\usbVM31b.sys

2010-12-30 04:56 . 2002-08-22 20:02 53248 ----a-w- c:\windows\StillCap.exe

2010-12-30 04:56 . 2002-08-22 19:34 147456 ----a-w- c:\windows\VMCap.exe

2010-12-24 05:03 . 2010-12-24 05:03 -------- d-----w- c:\users\Kellison\AppData\Local\QuickStores

2010-12-24 05:03 . 2010-12-24 05:03 -------- d-----w- c:\program files (x86)\aTube Catcher

2010-12-21 14:19 . 2010-12-21 14:19 176488 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10136.bin

 

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-10 22:35 . 2011-01-10 22:35 2994246 ----a-w- C:\UsbFix_Upload_Me_KELLISON-PC.zip

2010-12-03 10:57 . 2010-12-12 20:11 47008 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2010-11-22 22:27 . 2010-08-01 05:36 737280 ----a-w- c:\windows\iun6002.exe

2010-11-21 17:16 . 2010-11-21 17:17 49152 ----a-w- c:\windows\system32\npptools.dll

.

 

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

 

c:\users\Os Outros\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2010-7-23 2081792]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" -H

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarsrv.exe" /md I

"Babylon Client"=c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart

"RRT-Auto"=d:\kellisøn\Programas\AdwareSpyware e Otimizador de PC\RRT\RRT.exe auto

"Ulead Calendar Checker"=c:\program files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

"Ulead AutoDetector"=c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

 

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-04 953904]

R3 DCamUSBVM;Lenovo Q350 USB PC Camera;c:\windows\system32\Drivers\usbVM31b.sys [2005-09-19 142336]

R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-11-16 343856]

R3 smsbda;SMS Digital Video;c:\windows\system32\drivers\smsbda.sys [2009-09-03 63392]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2008-11-11 33264]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1255736]

R3 ZTEusbdvbh;ZTE HS-USB DVBH-RF Service;c:\windows\system32\DRIVERS\ZTEusbdvbh.sys [2009-03-09 150656]

S0 98438142;98438142 Boot Guard Driver;c:\windows\system32\DRIVERS\98438142.sys [2009-10-22 40464]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-20 834544]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [2009-11-05 433200]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [2010-04-22 221232]

S1 98438141;98438141;c:\windows\system32\DRIVERS\98438141.sys [2009-09-25 157712]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [2010-02-26 615040]

S1 Foxdrv;Foxdrv;c:\windows\system32\DRIVERS\9843814.sys [2009-10-10 352784]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110114.002\IDSvia64.sys [2010-11-09 476792]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [2010-04-29 150064]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [2010-05-06 451120]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x64.sys [2009-06-10 34304]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-16 132656]

 

.

Conteúdo da pasta 'Tarefas Agendadas'

 

2011-01-18 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-05-20 02:01]

.

 

--------- x86-64 -----------

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF4292.cfxxe" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 385560]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 363544]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.orkut.com/

mLocal Page = c:\windows\SYSTEM32\blank.htm

uInternet Settings,ProxyOverride = local

IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: {58305993-CB1E-4330-8152-D75D320BED7A} = 200.165.132.155,200.165.132.148

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

FF - ProfilePath - c:\users\Kellison\AppData\Roaming\Mozilla\Firefox\Profiles\s6oov2rc.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=

FF - user.js: network.http.pipelining - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

 

ShellExecuteHooks-{E37CB5F0-51F5-4395-A808-5FA49E399008} - (no file)

 

 

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

 

[HKEY_USERS\S-1-5-21-3158845836-1785378977-1291958421-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8DDB5A17-D564-CFC6-0B19-D02A85C3B192}*]

"magpfohkbdhplhnbkpedkhhlek"=hex:6f,61,68,6e,70,62,62,67,6f,63,66,6b,65,6b,69,

62,69,6e,68,6f,64,6d,6c,66,6b,66,6a,6d,65,6c,00,6a

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

.

**************************************************************************

.

Tempo para conclusão: 2011-01-18 11:01:51 - Máquina reiniciou

ComboFix-quarantined-files.txt 2011-01-18 14:01

 

Pré-execução: 14.401.966.080 bytes disponíveis

Pós execução: 14.085.332.992 bytes disponíveis

 

- - End Of File - - C6AD3D84876AAA1D068F13599F484965

 

--------------------------

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 11:10:06, on 18/01/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orkut.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\bh\BabylonToolbar.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarTlbr.dll

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" -H

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm

O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://bankline.itau.com.br/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS1\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O17 - HKLM\System\CS2\Services\Tcpip\..\{58305993-CB1E-4330-8152-D75D320BED7A}: NameServer = 200.165.132.155,200.165.132.148

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8352 bytes

 

 

------------------------------

 

No aguardo!

[Power Max 54]

:) Vários outros problemas foram removidos pelo Combofix.

__________________

 

:seta: Baixe o Spyware Terminator:

http://www.baixaki.com.br/download/spyware-terminator.htm

 

Mas na hora de instalá-lo, recuse a instalação do antivirus que ele oferece (instale somente o antispyware dele). Desmarque também a opção "Instalar o Web Security Guard (WSG)". Se aceitar a instalação do WSG, vai instalar também a Barra de Ferramentas Crawler Toolbar, no Internet Explorer e no Firefox.

 

Depois de instalar ele, faça uma atualização (update) dele, faça uma verificação completa com ele e remova os problemas que ele encontrar. Depois disto nos diga se ele removeu mais problemas do PC e como está depois disto.

[Kellison Lima 0]

:) Vários outros problemas foram removidos pelo Combofix.

__________________

 

Depois de instalar ele, faça uma atualização (update) dele, faça uma verificação completa com ele e remova os problemas que ele encontrar. Depois disto nos diga se ele removeu mais problemas do PC e como está depois disto.

 

Olá, segue o log. PC na mesma!

 

-----------------

 

Logfile of Spyware Terminator v2.8.2.192 (db:5.001.018.000)

Scan Time: 18/01/2011 16:40:03 length: 3377 s

Platform: W7 (6.1.0.7600)

User: Admin

Boot Mode: Normal

Scan type: Full_Spyware_Scan

Scanned Objects: 86459 (Critical:8)

Filter: No System items, No Safe items, No Invalid items

 

Running Processes

smss.exe [Microsoft Corporation] : C:\Windows\sysnative\smss.exe

csrss.exe [Microsoft Corporation] : C:\Windows\sysnative\csrss.exe

csrss.exe [Microsoft Corporation] : C:\Windows\sysnative\csrss.exe

services.exe [Microsoft Corporation] : C:\Windows\sysnative\services.exe

winlogon.exe [Microsoft Corporation] : C:\Windows\sysnative\winlogon.exe

lsm.exe [Microsoft Corporation] : C:\Windows\sysnative\lsm.exe

spoolsv.exe [Microsoft Corporation] : C:\Windows\sysnative\spoolsv.exe

SASCore64.exe [sUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASCore64.exe

NBService.exe [Nero AG] : C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

ccsvchst.exe [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

WLIDSVC.EXE [Microsoft Corp.] : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

WLIDSVCM.EXE [Microsoft Corp.] : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

ccsvchst.exe [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

taskhost.exe [Microsoft Corporation] : C:\Windows\sysnative\taskhost.exe

dwm.exe [Microsoft Corporation] : C:\Windows\sysnative\dwm.exe

hkcmd.exe [intel Corporation] : C:\Windows\sysnative\hkcmd.exe

igfxpers.exe [intel Corporation] : C:\Windows\sysnative\igfxpers.exe

igfxsrvc.exe [intel Corporation] : C:\Windows\sysnative\igfxsrvc.exe

UnlockerAssistant.exe : C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

wmpnetwk.exe [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe

 

Internet Settings

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://fr.msn.com/

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = local

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (64-bit)

R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm (64-bit)

R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm (64-bit)

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain = (64-bit)

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName = (64-bit)

 

BHO

02 - BHO: CescrtHlpr Object - {2EECD738-5844-4a99-B4B6-146BF802613B} - [babylon BHO] : C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\bh\BabylonToolbar.dll

02 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

02 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL

02 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - [babylon Ltd.] : C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll

02 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - [Microsoft Corp.] : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (64-bit)

 

Toolbars

03 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll

03 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - [babylon Ltd.] : C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.1\BabylonToolbarTlbr.dll

 

StartUps

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UnlockerAssistant : : C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, IgfxTray : [intel Corporation] : C:\Windows\sysnative\igfxtray.exe (64-bit)

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HotKeysCmds : [intel Corporation] : C:\Windows\sysnative\hkcmd.exe (64-bit)

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Persistence : [intel Corporation] : C:\Windows\sysnative\igfxpers.exe (64-bit)

 

Shell Extensions

Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll

NeroDigitalIconHandler Class - {1CA6BBC9-E9FA-4021-822B-075DF1837B63} - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll

NeroDigitalPropSheetHandler Class - {846083A4-BFC6-4447-985C-6578B466A7D7} - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll

NeroDigitalColumnHandler Class - {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll

NeroDigitalInfoHandler Class - {4FBFFA8D-F390-471a-AE46-FEB93623AD63} - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll

NeroDigitalThumbnailHandler Class - {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll

RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files (x86)\Real\RealPlayer\rpshell.dll

ARARCtxMenu Class - {51A64D28-F937-4045-A420-065CEFBD8A76} - [DataNumen, Inc.] : C:\Program Files (x86)\ARAR\ARARSHL.dll

- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files (x86)\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files (x86)\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files (x86)\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE

Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - : C:\Program Files (x86)\Unlocker\UnlockerCOM.dll

Nokia Phone Browser - {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} - [Nokia] : C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PhoneBrowser64.dll (64-bit)

 

Protocol Handler

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL

Album Download IE Asynchronous Pluggable Protocol Interface - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - [Microsoft Corporation] : C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 

Services

23 - [sUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASCore64.exe

23 - [Kaspersky Lab] : C:\Windows\sysnative\DRIVERS\98438141.sys

23 - [Kaspersky Lab] : C:\Windows\sysnative\DRIVERS\98438142.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\ACPI.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\afd.sys

23 - [Advanced Micro Devices] : C:\Windows\sysnative\DRIVERS\amdxata.sys

23 - [Atheros Communications, Inc.] : C:\Windows\sysnative\DRIVERS\l260x64.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\bowser.sys

23 - [symantec Corporation] : C:\Windows\sysnative\drivers\NISx64\1108000.005\ccHPx64.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\Drivers\dfsc.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\discache.sys

23 - [symantec Corporation] : C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

23 - [symantec Corporation] : C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\fltmgr.sys

23 - [Kaspersky Lab] : C:\Windows\sysnative\DRIVERS\9843814.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\HTTP.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\i8042prt.sys

23 - [symantec Corporation] : C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110117.001\IDSvia64.sys

23 - [intel Corporation] : C:\Windows\sysnative\DRIVERS\igdkmd64.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\kbdclass.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\luafv.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\mouclass.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\mountmgr.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\mrxsmb10.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\mssmbios.sys

23 - [symantec Corporation] : C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20110118.003\ENG64.SYS

23 - [symantec Corporation] : C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20110118.003\EX64.SYS

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\ndis.sys

23 - [Nero AG] : C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

23 - [symantec Corporation] : C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\parport.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\pci.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\pacer.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\rdbss.sys

23 - [sUPERAdBlocker.com and SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

23 - [sUPERAdBlocker.com and SUPERAntiSpyware.com] : C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\serial.sys

23 - : C:\Windows\sysnative\Drivers\sptd.sys

23 - [symantec Corporation] : C:\Windows\sysnative\Drivers\NISx64\1108000.005\SRTSP64.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\drivers\NISx64\1108000.005\SRTSPX64.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\drivers\NISx64\1108000.005\SYMDS64.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\drivers\NISx64\1108000.005\SYMEFA64.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\Drivers\SYMEVENT64x86.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\drivers\NISx64\1108000.005\Ironx64.SYS

23 - [symantec Corporation] : C:\Windows\sysnative\Drivers\NISx64\1108000.005\SYMTDIV.SYS

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\tcpip.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\tunnel.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\vdrvroot.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\volmgrx.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\DRIVERS\volsnap.sys

23 - [Microsoft Corporation] : C:\Windows\sysnative\drivers\Wdf01000.sys

23 - [Microsoft Corp.] : C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23 - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpnetwk.exe

23 - [Windows ® Win 7 DDK provider] : C:\Windows\sysnative\DRIVERS\stflt.sys

 

Winlogon Notify

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [intel Corporation] : C:\Windows\sysnative\igfxdev.dll (64-bit)

 

Threat Files

<Trojan.Downloader.Dadobra.bru> : C:\Windows.old\Windows\system32\Tools\Regexe.exe

<RiskTool.Reboot.j> : C:\Windows.old\Windows\system32\Tools\Restart.exe

<APPL/NirCmd.C> : d:\Kellisøn\Programas\AdwareSpyware e Otimizador de PC\Flash Desinfector\Flash_Disinfector.exe

<Worm.Anilogo.K> : d:\Kellisøn\Programas\WebCam\A4Tech PK935 WIN7\a4tech-pkserie\xp32&2000\SetupFilter.exe

 

Advanced Files Report

%WINDIR%\sysnative\smss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=1911A3356FA3F77CCC825CCBAC038C2A SIZE=112640

%WINDIR%\sysnative\smss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=1911A3356FA3F77CCC825CCBAC038C2A SIZE=112640

%WINDIR%\sysnative\csrss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=60C2862B4BF0FD9F582EF344C2B1EC72 SIZE=7680

%WINDIR%\sysnative\csrss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=60C2862B4BF0FD9F582EF344C2B1EC72 SIZE=7680

%WINDIR%\sysnative\csrss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=60C2862B4BF0FD9F582EF344C2B1EC72 SIZE=7680

%WINDIR%\sysnative\csrss.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=60C2862B4BF0FD9F582EF344C2B1EC72 SIZE=7680

%WINDIR%\sysnative\services.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=24ACB7E5BE595468E3B9AA488B9B4FCB SIZE=328704

%WINDIR%\sysnative\services.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=24ACB7E5BE595468E3B9AA488B9B4FCB SIZE=328704

%WINDIR%\sysnative\winlogon.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=DA3E2A6FA9660CC75B471530CE88453A SIZE=389632

%WINDIR%\sysnative\winlogon.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=DA3E2A6FA9660CC75B471530CE88453A SIZE=389632

%WINDIR%\sysnative\lsass.exe [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0793F40B9B8A1BDD266296409DBD91EA SIZE=31232

%WINDIR%\sysnative\lsm.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=04FCA22B77A2E37332CC8226187AF87B SIZE=333312

%WINDIR%\sysnative\lsm.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=04FCA22B77A2E37332CC8226187AF87B SIZE=333312

%WINDIR%\sysnative\spoolsv.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F8E1FA03CB70D54A9892AC88B91D1E7B SIZE=558592

%WINDIR%\sysnative\spoolsv.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F8E1FA03CB70D54A9892AC88B91D1E7B SIZE=558592

%SystemDiskRoot%\Program Files\SUPERAntiSpyware\SASCore64.exe [sUPERAntiSpyware.com] [Core Service] MD5=A0709B82FA3B5AFAD1467E565B8B3BA0 SIZE=128752

%COMMONFILES%\Nero\Nero BackItUp 4\NBService.exe [Nero AG] [Nero BackItUp] MD5=C7F5C284B6F46FCAF6910EA4E644700B SIZE=935208

%COMMONFILES%\Nero\Nero BackItUp 4\NB.dll [Nero AG] [Nero BackItUp] MD5=A2FF2A9A3099C1C2F0392746AA55E933 SIZE=1152296

%COMMONFILES%\Nero\Nero BackItUp 4\LBFC.dll [Nero AG] [Nero BackItUp] MD5=82E139A863734C238AF57A20359F980C SIZE=451880

%COMMONFILES%\Nero\Nero BackItUp 4\NBBurn.dll [Nero AG] [Nero BackItUp] MD5=6DB2004232DD9F21C6BED8AD2AFDC48A SIZE=275752

%COMMONFILES%\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll [Nero AG] [NeroAPIGlueLayerUnicode] MD5=8BC19EF0C11DE279DD93D809B6404BF8 SIZE=165160

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe [symantec Corporation] [symantec Security Technologies] MD5=8E643FD5F38FA9A2EDA27268A1E9499F SIZE=126392

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccL90U.dll [symantec Corporation] [symantec Security Technologies] MD5=70B834C14EE11EAF3F1A5475FFF409B1 SIZE=646008

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccVrTrst.dll [symantec Corporation] [symantec Security Technologies] MD5=F223446C3BC21D63E97D09B5127EA20D SIZE=85880

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\EFACli.dll [symantec Corporation] [EFA] MD5=41822FDEA09302CA3020D0F0031DC2D2 SIZE=66408

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\SymNeti.dll [symantec Corporation] [symantec Security Drivers] MD5=32B509D52C72E81CD6D393EF6413AEE5 SIZE=221576

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccSvc.dll [symantec Corporation] [symantec Security Technologies] MD5=B751FD7B9E2EB4CA4D0C6853F510BCD0 SIZE=135032

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\srtsp32.dll [symantec Corporation] [AutoProtect] MD5=3D920BBAA141FF272425EEB251E1B37A SIZE=301936

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccIPC.dll [symantec Corporation] [symantec Security Technologies] MD5=465C64F662729C095E672BAC9D49CE70 SIZE=152952

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\DIMASTER.DLL [symantec Corporation] [DING] MD5=170109E2300E716F5436C01FF504B574 SIZE=135032

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccSet.dll [symantec Corporation] [symantec Security Technologies] MD5=C8C2707F529047362093122FA0067B30 SIZE=268152

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\IPSPLUG.DLL [symantec Corporation] [symantec Intrusion Detection] MD5=2FD127A996C5F6493B996BC003526408 SIZE=78200

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CCJOBMGR.DLL [symantec Corporation] [symantec Security Technologies] MD5=04A3CC2971562FD62DDE645B49F23E14 SIZE=380792

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\FWCORE.DLL [symantec Corporation] [symantec Shared Component] MD5=4152DF019867365560A37C418020A032 SIZE=153456

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\NCW.DLL [symantec Corporation] [symantec Shared Component] MD5=6BF837C11C88C9C59130CA40EB2FAB55 SIZE=2161520

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccGEvt.dll [symantec Corporation] [symantec Security Technologies] MD5=B231C2DF918887805E175C907C44D9F1 SIZE=284536

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\AVPSVC32.DLL [symantec Corporation] [symantec Shared Component] MD5=C40F97F7D659E9DD4FD5CB6B9764F36F SIZE=261488

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\BHSVCPLG.DLL [symantec Corporation] [bHSvcPlg] MD5=E03E7F886EB427E2FEC608F9F42B7DB3 SIZE=107408

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CCEMLPXY.DLL [symantec Corporation] [symantec Security Technologies] MD5=A7E0552000F3823A4E8D7F04FA28F9A3 SIZE=221560

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccGLog.dll [symantec Corporation] [symantec Security Technologies] MD5=E9B78068E2552DC4917D87DD389DF66B SIZE=199544

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CCSUBENG.DLL [symantec Corporation] [symantec Security Technologies] MD5=CAB9CDAA6176009B11F6534BE1EED15B SIZE=262008

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\SNDSVC.DLL [symantec Corporation] [symantec Security Drivers] MD5=AC5C16E9F41F42045A05C8D8F4CB3B91 SIZE=310152

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\COSVCPLG.DLL [symantec Corporation] [Norton Confidential] MD5=2B7A227D347C7AF3B55AB7847FFEF3BA SIZE=586096

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ISDATAPR.DLL [symantec Corporation] [symantec Shared Component] MD5=5B4D72599D87CB72095B3234B7F96BCE SIZE=534896

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ISDATASV.DLL [symantec Corporation] [symantec Shared Component] MD5=EDDA3605E3FF99C7E2A5D273923C90F5 SIZE=268144

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CLTLMC.DLL [symantec Corporation] [symantec Shared Components] MD5=3A809D7048BF42EDB971838B90F649B9 SIZE=91528

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CLTLMS.DLL [symantec Corporation] [symantec Shared Components] MD5=85160E8682FA5609DAE3F40C5DC80633 SIZE=533384

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\SYMRDRSV.DLL [symantec Corporation] [symantec Security Drivers] MD5=60F5D43400BDD94649FB94608C84CF87 SIZE=41352

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\APPMGR32.DLL [symantec Corporation] [symantec Shared Component] MD5=FC70AF25788C4D5A344DF954CD07FF08 SIZE=268656

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\FWGenPlg.dll [symantec Corporation] [symantec Shared Component] MD5=A6450BB83FEC7E38196EDC479E706526 SIZE=90992

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\HNCORE.DLL [symantec Corporation] [symantec Shared Component] MD5=4EEBC33232A50FD9FAA7568690493947 SIZE=474480

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\avModule.dll [symantec Corporation] [symantec Shared Component] MD5=7CECB6BEF1BA147FECD1AEECEA4F14BB SIZE=1453936

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\DSCli.dll [symantec Corporation] [symDS] MD5=0BD5460E37BCFA7F8BC5592EAE3E5863 SIZE=298336

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20101104.001\BHEngine.dll [symantec Corporation] [bHEngine] MD5=7FBC5065BAA0AF4F8330E05A411C5B9C SIZE=1426832

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\IRON.DLL [symantec Corporation] [iron] MD5=2D2A4D1878511D964F2AF9CFAD7BE14F SIZE=597336

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ISERROR.DLL [symantec Corporation] [symantec Shared Component] MD5=2B31CD03B6A7D1F26A08F2B5AB9F4FEB SIZE=301936

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\FWSetup.dll [symantec Corporation] [symantec Shared Component] MD5=E37C4F37FC033F1127EFD29C9BE629A4 SIZE=101744

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\FWHelper.dll [symantec Corporation] [symantec Shared Component] MD5=C6DF3A8D8FBAF32F90699CAF3FEA8DA8 SIZE=107888

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\BHClient.dll [symantec Corporation] [bHClient] MD5=B4761DF40A39B4C60F1091928B8EB869 SIZE=143760

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\AVIfc.dll [symantec Corporation] [symantec Shared Component] MD5=E7DAB27AAD98ABEEAF2BC6403C9722BE SIZE=462704

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\SymRedir.dll [symantec Corporation] [symantec Security Drivers] MD5=1B9C2BE34244752430F67481E62E6B03 SIZE=53128

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\asEngine.dll [symantec Corporation] [symantec Shared Component] MD5=A986C53858AD3ED0982D1992CF63D0EB SIZE=3637104

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\AVMail.dll [symantec Corporation] [symantec Shared Component] MD5=F628E2B046D646E98E1101E94AC35D8D SIZE=97648

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\AVPAPP32.dll [symantec Corporation] [symantec Shared Component] MD5=A691244A64CEBE06B7451645F5F6D3D8 SIZE=288624

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\QBackup.dll [symantec Corporation] [symantec Shared Component] MD5=2712EBFB422C1071C15675561AD0105B SIZE=111984

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\coDataPr.dll [symantec Corporation] [Norton Confidential] MD5=D9A7B8584DF600C40CF0F7F22AA463C3 SIZE=322416

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\cltElPrv.dll [symantec Corporation] [symantec Shared Components] MD5=8996BD7E594DA511B9A060AE59E346A3 SIZE=48008

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\IMCfg.dll [symantec Corporation] [symantec Shared Component] MD5=D440DA817CDE91C8C982137A48B25ABD SIZE=68464

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\NUMEng.dll [symantec Corporation] [Norton Protection Center] MD5=C52051B96CDF533D7FCEB8710FF7586E SIZE=134000

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\LUE.DLL [symantec Corporation] [symantec LiveUpdate Technologies] MD5=D79CA3928599BC70665C287208518786 SIZE=969056

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\asHelper.dll [symantec Corporation] [symantec Shared Component] MD5=1B97727A841B43C71C34AA6D840FA1C2 SIZE=383856

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ccScanw.dll [symantec Corporation] [symantec Security Technologies] MD5=AEF612AA88B1E916CDE507DD8EA4559F SIZE=393592

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\ecmldr32.DLL [symantec Corporation] [ECOM Loader] MD5=A41029D8DE0D708DCE617D16CED5F39D SIZE=54640

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\msl.dll [symantec Corporation] [symantec Security Technologies] MD5=5267D45CF6C3680EA9154697EEAD5B8A SIZE=271736

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110117.001\IDSxpx86.dll [symantec Corporation] [symantec Intrusion Detection] MD5=6DAEFB0699E86A0BADFEBBE6E1DE85FA SIZE=504760

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\NAVLOGV.dll [symantec Corporation] [symantec Shared Component] MD5=60B09943053442B4286F65FC44F2C9C1 SIZE=462192

%SystemDiskRoot%\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Microsoft Corp.] [Microsoft® CoReXT] MD5=7E47C328FC4768CB8BEAFBCFAFA70362 SIZE=2286976

%SystemDiskRoot%\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [Microsoft Corp.] [Microsoft® CoReXT] MD5=70A176BF2ED362862944C371838262F8 SIZE=222592

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\UIHOST.DLL [symantec Corporation] [Norton Protection Center] MD5=0E116F4AACA32438457A9B523212C410 SIZE=97136

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\NPCTRAY.DLL [symantec Corporation] [Norton Protection Center] MD5=F8CA81376E3A0B64EC639C12C68B6FDE SIZE=251760

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ASOEHOOK.DLL [symantec Corporation] [symantec Shared Component] MD5=333357A31E94100ED4DC44AD503CA9A9 SIZE=415088

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\CLTALDIS.DLL [symantec Corporation] [symantec Shared Components] MD5=D50EFAAA861B2B229883B545EC0BB782 SIZE=698248

%PROGRAMFILES%\Norton Internet Security\MUI\17.6.0.32\16\01\cltRes.loc [symantec Corporation] [symantec Shared Components] MD5=8CA3813A7C22BBF86B3E695821E7F821 SIZE=20336

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\FWSESAL.DLL [symantec Corporation] [symantec Shared Component] MD5=15621ACDCC2A2D5A4CC0FB082C37BBD1 SIZE=179056

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\isPwd.dll [symantec Corporation] [symantec Shared Component] MD5=5CFC00274E507F4D3F68FCAA79F3D2A7 SIZE=113008

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\ACCTMGR.DLL [symantec Corporation] [Norton Confidential] MD5=DF9478973ABC2799050A70C242AC2BE2 SIZE=1132984

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\SDKCMN.DLL [symantec Corporation] [Norton Security Status Provider] MD5=D18E40AF658C65B7E39213550D836023 SIZE=334192

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\UIALERT.DLL [symantec Corporation] [Norton Protection Center] MD5=95A8BB80C4C0ABBF322534D05EC92095 SIZE=529776

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\NPCStatus.dll [symantec Corporation] [Norton Protection Center] MD5=2D3EC6DBBB94911B35B9C7EC7CCE41CC SIZE=521584

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\hsui.dll [symantec Corporation] [Norton Protection Center] MD5=6BDEAFCCA0A9451A238A6CB0E1AB98A8 SIZE=108912

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\cltWzHlp.dll [symantec Corporation] [symantec Shared Components] MD5=4B07391D6C2BBD0FFAB81D9028E86C91 SIZE=25480

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll [symantec Corporation] [symantec Shared Components] MD5=89520D20A854221DF1A9DBE9B6F045C7 SIZE=893296

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\RuleUI.dll [symantec Corporation] [symantec Shared Component] MD5=38AF9D3E9ADB3CF504B55AD21749214C SIZE=489328

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\SYMHTML.DLL [symantec Corporation] [symHTML] MD5=166CC93A2D4EA96EADD5EE47BE4FACD7 SIZE=2374488

%PROGRAMFILES%\Norton Internet Security\Engine\17.8.0.5\cltui.dll [symantec Corporation] [Norton Protection Center] MD5=0D4B7E50C0E4AA467712F76FB0DCE1C4 SIZE=318832

%SYSDIR%\igdumdx32.dll [intel Corporation] [intel Graphics Accelerator Drivers for Windows Vista®] MD5=55D6494C2311707FD0AF7DB63DA4D656 SIZE=536576

%SYSDIR%\igdumd32.dll [intel Corporation] [intel Graphics Accelerator Drivers for Windows Vista®] MD5=39C3B2EEBEE102ADDA573C346FF5F3B7 SIZE=3829760

%PROGRAMFILES%\NORTON INTERNET SECURITY\ENGINE\17.8.0.5\Settings.dll [symantec Corporation] [symantec Shared Component] MD5=0C92BAEA7EA4CD79B8A2C42C9B4E2831 SIZE=754544

%WINDIR%\sysnative\taskhost.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3EEFB971D61EF9638FD21F14C703CA11 SIZE=69120

%WINDIR%\sysnative\taskhost.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3EEFB971D61EF9638FD21F14C703CA11 SIZE=69120

%WINDIR%\sysnative\dwm.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC SIZE=120320

%WINDIR%\sysnative\dwm.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F162D5F5E845B9DC352DD1BAD8CEF1BC SIZE=120320

%WINDIR%\sysnative\hkcmd.exe [intel Corporation] [intel® Common User Interface] MD5=23A6AE66AA4BEF792649736385BB51BA SIZE=385560

%WINDIR%\sysnative\hkcmd.exe [intel Corporation] [intel® Common User Interface] MD5=23A6AE66AA4BEF792649736385BB51BA SIZE=385560

%WINDIR%\sysnative\igfxpers.exe [intel Corporation] [intel® Common User Interface] MD5=F6FA1865978214FB7FCD80149BBF1C13 SIZE=363544

%WINDIR%\sysnative\igfxpers.exe [intel Corporation] [intel® Common User Interface] MD5=F6FA1865978214FB7FCD80149BBF1C13 SIZE=363544

%WINDIR%\sysnative\igfxsrvc.exe [intel Corporation] [intel® Common User Interface] MD5=6C0587F59A3CF4C4D17295A0E3B62B15 SIZE=491032

%WINDIR%\sysnative\igfxsrvc.exe [intel Corporation] [intel® Common User Interface] MD5=6C0587F59A3CF4C4D17295A0E3B62B15 SIZE=491032

%PROGRAMFILES%\Unlocker\UnlockerHook.dll MD5=ABBEE3E367F6E6ED415D33C78121FFA9 SIZE=4608

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll [symantec Corporation] [symantec Intrusion Detection] MD5=31DC8EDBC98069F128985425EC8FFD30 SIZE=164216

%SYSDIR%\Macromed\Flash\NPSWF32.dll [Adobe Systems, Inc.] [shockwave Flash] MD5=6291009FF02C67C1957194C798E0FDCE SIZE=3885984

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110117.001\Scxpx86.dll [symantec Corporation] [symantec Intrusion Detection] MD5=0576E95EC1B96C2C3938F481A7077A7E SIZE=817080

%SystemDiskRoot%\Program Files\Windows Media Player\wmpnetwk.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=9BF014C20F91D97055532F2F5496E7BD SIZE=1525248

%WINDIR%\sysnative\igfxtray.exe [intel Corporation] [intel® Common User Interface] MD5=92FDB0658CA16974B4AE80E248A5B118 SIZE=165912

%WINDIR%\sysnative\hkcmd.exe [intel Corporation] [intel® Common User Interface] MD5=23A6AE66AA4BEF792649736385BB51BA SIZE=385560

%WINDIR%\sysnative\igfxpers.exe [intel Corporation] [intel® Common User Interface] MD5=F6FA1865978214FB7FCD80149BBF1C13 SIZE=363544

%SystemDiskRoot%\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Microsoft Corp.] [Microsoft® CoReXT] MD5=1FDF3D08ABDB54C9A0F14E31BA66EE0F SIZE=529280

%PROGRAMFILES%\Nokia\Nokia PC Suite 7\PhoneBrowser.dll [Nokia] [Phone Browser] MD5=DDF5324E0F3065846E9B65FF3AFD379E SIZE=614400

%PROGRAMFILES%\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=9773310152596C693B6AEC905B59AE82 SIZE=2135336

%COMMONFILES%\Nero\SMC\NeroDigitalExt.dll [Nero AG] [Nero Digital Tools] MD5=7A50918425B2CE138157AE127448DA76 SIZE=2061608

%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=9AC5A66C293FEF3858F442589E4B33EB SIZE=49198

%PROGRAMFILES%\ARAR\ARARSHL.dll [DataNumen, Inc.] [shellExt Module] MD5=5729EECE4F1F0A1B907B303B006739F2 SIZE=64000

%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=BF1946977BB3D29CA631E64F7B02C792 SIZE=246640

%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=6050163F304F75A924BCC887EA40EBD0 SIZE=43376

%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=D44E70997EEE96F05A4226A8F51E1D78 SIZE=131440

%PROGRAMFILES%\Unlocker\UnlockerCOM.dll MD5=49B6AF547ED4BA1FB07BF6F384FDA841 SIZE=10752

%PROGRAMFILES%\Nokia\Nokia PC Suite 7\PhoneBrowser64.dll [Nokia] [Phone Browser] MD5=8AD7DA9E93B2E18F8BCBC82D032778AF SIZE=888832

%WINDIR%\sysnative\igfxdev.dll [intel Corporation] [intel® Common User Interface] MD5=E788B5D0224A9A1499428CBD08EB22B7 SIZE=261120

%WINDIR%\sysnative\igfxdev.dll [intel Corporation] [intel® Common User Interface] MD5=E788B5D0224A9A1499428CBD08EB22B7 SIZE=261120

%WINDIR%\sysnative\DRIVERS\98438141.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=6C5461EEB3FFA1B1DCF9A07F8C3B3AFE SIZE=157712

%WINDIR%\sysnative\DRIVERS\98438141.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=6C5461EEB3FFA1B1DCF9A07F8C3B3AFE SIZE=157712

%WINDIR%\sysnative\DRIVERS\98438142.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=3EC7DFDA521B4FB22CE9F76DF15DB099 SIZE=40464

%WINDIR%\sysnative\DRIVERS\98438142.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=3EC7DFDA521B4FB22CE9F76DF15DB099 SIZE=40464

%WINDIR%\sysnative\DRIVERS\ACPI.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=6F11E88748CDEFD2F76AA215F97DDFE5 SIZE=334416

%WINDIR%\sysnative\DRIVERS\ACPI.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=6F11E88748CDEFD2F76AA215F97DDFE5 SIZE=334416

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\drivers\afd.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=B9384E03479D2506BC924C16A3DB87BC SIZE=500224

%WINDIR%\sysnative\drivers\afd.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=B9384E03479D2506BC924C16A3DB87BC SIZE=500224

%WINDIR%\sysnative\DRIVERS\amdxata.sys [Advanced Micro Devices] [storage Filter Driver] MD5=B4AD0CACBAB298671DD6F6EF7E20679D SIZE=28752

%WINDIR%\sysnative\DRIVERS\amdxata.sys [Advanced Micro Devices] [storage Filter Driver] MD5=B4AD0CACBAB298671DD6F6EF7E20679D SIZE=28752

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\atapi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=02062C0B390B7729EDC9E69C680A6F3C SIZE=24128

%WINDIR%\sysnative\DRIVERS\l260x64.sys [Atheros Communications, Inc.] [Atheros L2 Fast Ethernet Controller] MD5=B63168E23AF172DD728C60F270F30D48 SIZE=34304

%WINDIR%\sysnative\DRIVERS\l260x64.sys [Atheros Communications, Inc.] [Atheros L2 Fast Ethernet Controller] MD5=B63168E23AF172DD728C60F270F30D48 SIZE=34304

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\DRIVERS\blbdrive.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=61583EE3C3A17003C4ACD0475646B4D3 SIZE=45056

%WINDIR%\sysnative\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=91CE0D3DC57DD377E690A2D324022B08 SIZE=90624

%WINDIR%\sysnative\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=91CE0D3DC57DD377E690A2D324022B08 SIZE=90624

%WINDIR%\sysnative\drivers\NISx64\1108000.005\ccHPx64.sys [symantec Corporation] [symantec Security Technologies] MD5=DA66E851E76766D2C84502FE682AB175 SIZE=615040

%WINDIR%\sysnative\drivers\NISx64\1108000.005\ccHPx64.sys [symantec Corporation] [symantec Security Technologies] MD5=DA66E851E76766D2C84502FE682AB175 SIZE=615040

%WINDIR%\sysnative\DRIVERS\cdrom.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=83D2D75E1EFB81B3450C18131443F7DB SIZE=147456

%WINDIR%\sysnative\CLFS.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=FE1EC06F2253F691FE36217C592A0206 SIZE=367696

%WINDIR%\sysnative\Drivers\cng.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F95FD4CB7DA00BA2A63CE9F6B5C053E1 SIZE=460504

%WINDIR%\sysnative\DRIVERS\CompositeBus.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F26B3A86F6FA87CA360B879581AB4123 SIZE=38912

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\drivers\csc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4A6173C2279B498CD8F57CAE504564CB SIZE=514048

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=3F1DC527070ACB87E40AFE46EF6DA749 SIZE=102400

%WINDIR%\sysnative\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=3F1DC527070ACB87E40AFE46EF6DA749 SIZE=102400

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\drivers\discache.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=13096B05847EC78F0977F2C0F79E9AB3 SIZE=40448

%WINDIR%\sysnative\drivers\discache.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=13096B05847EC78F0977F2C0F79E9AB3 SIZE=40448

%WINDIR%\sysnative\DRIVERS\disk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9819EEE8B5EA3784EC4AF3B137A5244C SIZE=73280

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\drivers\dxgkrnl.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=EBCE0B0924835F635F620D19F0529DCE SIZE=982600

%COMMONFILES%\Symantec Shared\EENGINE\eeCtrl64.sys [symantec Corporation] [ERASER ENGINE] MD5=066108AE4C35835081598827A1A7D08D SIZE=475696

%COMMONFILES%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [symantec Corporation] [ERASER ENGINE] MD5=12866876E3851F1E5D462B2A83E25578 SIZE=132656

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalServiceAndNoImpersonation

%WINDIR%\sysnative\svchost.exe -k LocalServiceAndNoImpersonation

%WINDIR%\sysnative\drivers\fileinfo.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=655661BE46B5F5F3FD454E2C3095B930 SIZE=70224

%WINDIR%\sysnative\drivers\fltmgr.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F7866AF72ABBAF84B1FA5AA195378C59 SIZE=290368

%WINDIR%\sysnative\drivers\fltmgr.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F7866AF72ABBAF84B1FA5AA195378C59 SIZE=290368

%WINDIR%\sysnative\DRIVERS\9843814.sys [Kaspersky Lab] [Kaspersky™ Anti-Virus ®] MD5=8423DB42808E94847EC4E53EFDA6BEE2 SIZE=352784

%WINDIR%\sysnative\DRIVERS\9843814.sys [Kaspersky Lab] [Kaspersky™ Anti-Virus ®] MD5=8423DB42808E94847EC4E53EFDA6BEE2 SIZE=352784

%WINDIR%\sysnative\DRIVERS\fvevol.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=AE87BA80D0EC3B57126ED2CDC15B24ED SIZE=223448

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\drivers\HdAudio.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=6410F6F415B2A5A9037224C41DA8BF12 SIZE=350208

%WINDIR%\sysnative\DRIVERS\HDAudBus.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0A49913402747A0B67DE940FB42CBDBB SIZE=122368

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\drivers\HTTP.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=CEE049CAC4EFA7F4E1E4AD014414A5D4 SIZE=751616

%WINDIR%\sysnative\drivers\HTTP.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=CEE049CAC4EFA7F4E1E4AD014414A5D4 SIZE=751616

%WINDIR%\sysnative\drivers\hwpolicy.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F17766A19145F111856378DF337A5D79 SIZE=14416

%WINDIR%\sysnative\DRIVERS\i8042prt.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 SIZE=105472

%WINDIR%\sysnative\DRIVERS\i8042prt.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 SIZE=105472

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20110117.001\IDSvia64.sys [symantec Corporation] [symantec Intrusion Detection] MD5=6F9B281BC4AFFF5FE784D7DA699D347F SIZE=476792

%WINDIR%\sysnative\DRIVERS\igdkmd64.sys [intel Corporation] [intel Graphics Accelerator Drivers for Windows Vista®] MD5=24CC43ECDEEFD4C19FBBEE4951B647F1 SIZE=6180832

%WINDIR%\sysnative\DRIVERS\igdkmd64.sys [intel Corporation] [intel Graphics Accelerator Drivers for Windows Vista®] MD5=24CC43ECDEEFD4C19FBBEE4951B647F1 SIZE=6180832

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\intelide.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F00F20E70C6EC3AA366910083A0518AA SIZE=16960

%WINDIR%\sysnative\DRIVERS\intelppm.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=ADA036632C664CAA754079041CF1F8C1 SIZE=62464

%WINDIR%\sysnative\svchost.exe -k NetSvcs

%WINDIR%\sysnative\svchost.exe -k NetSvcs

%WINDIR%\sysnative\DRIVERS\kbdclass.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=BC02336F1CBA7DCC7D1213BB588A68A5 SIZE=50768

%WINDIR%\sysnative\DRIVERS\kbdclass.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=BC02336F1CBA7DCC7D1213BB588A68A5 SIZE=50768

%WINDIR%\sysnative\lsass.exe [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0793F40B9B8A1BDD266296409DBD91EA SIZE=31232

%WINDIR%\sysnative\Drivers\ksecdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E8B6FCC9C83535C67F835D407620BD27 SIZE=95312

%WINDIR%\sysnative\Drivers\ksecpkg.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=A8C63880EF6F4D3FEC7B616B9C060215 SIZE=153160

%WINDIR%\sysnative\drivers\ksthunk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=6869281E78CB31A43E969F06B57347C4 SIZE=20992

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\DRIVERS\lltdio.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=1538831CF8AD2979A04C423779465827 SIZE=60928

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\drivers\luafv.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=43D0F98E1D56CCDDB0D5254CFF7B356E SIZE=113152

%WINDIR%\sysnative\drivers\luafv.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=43D0F98E1D56CCDDB0D5254CFF7B356E SIZE=113152

%WINDIR%\sysnative\DRIVERS\monitor.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=B03D591DC7DA45ECE20B3B467E6AADAA SIZE=30208

%WINDIR%\sysnative\DRIVERS\mouclass.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=7D27EA49F3C1F687D357E77A470AEA99 SIZE=49216

%WINDIR%\sysnative\DRIVERS\mouclass.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=7D27EA49F3C1F687D357E77A470AEA99 SIZE=49216

%WINDIR%\sysnative\drivers\mountmgr.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=791AF66C4D0E7C90A3646066386FB571 SIZE=94784

%WINDIR%\sysnative\drivers\mountmgr.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=791AF66C4D0E7C90A3646066386FB571 SIZE=94784

%WINDIR%\sysnative\drivers\mpsdrv.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=6C38C9E45AE0EA2FA5E551F2ED5E978F SIZE=77312

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\svchost.exe -k LocalServiceNoNetwork

%WINDIR%\sysnative\DRIVERS\mrxsmb.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=767A4C3BCF9410C286CED15A2DB17108 SIZE=157696

%WINDIR%\sysnative\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=920EE0FF995FCFDEB08C41605A959E1C SIZE=286720

%WINDIR%\sysnative\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=920EE0FF995FCFDEB08C41605A959E1C SIZE=286720

%WINDIR%\sysnative\DRIVERS\mrxsmb20.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=740D7EA9D72C981510A5292CF6ADC941 SIZE=125952

%WINDIR%\sysnative\DRIVERS\msisadrv.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D916874BBD4F8B07BFB7FA9B3CCAE29D SIZE=15424

%WINDIR%\sysnative\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0EED230E37515A0EAEE3C2E1BC97B288 SIZE=32320

%WINDIR%\sysnative\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0EED230E37515A0EAEE3C2E1BC97B288 SIZE=32320

%WINDIR%\sysnative\Drivers\mup.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F9A18612FD3526FE473C1BDA678D61C8 SIZE=60496

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20110118.003\ENG64.SYS [symantec Corporation] [symantec Antivirus Engine] MD5=7BE93DBB02B66E72872FF76D8A92E662 SIZE=117880

%ALLUSERS_APPDATA%\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20110118.003\EX64.SYS [symantec Corporation] [symantec Antivirus Engine] MD5=BE99EDBBA322CA59B3F2FE17B9BF987A SIZE=1791096

%WINDIR%\sysnative\drivers\ndis.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=CAD515DBD07D082BB317D9928CE8962C SIZE=947776

%WINDIR%\sysnative\drivers\ndis.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=CAD515DBD07D082BB317D9928CE8962C SIZE=947776

%WINDIR%\sysnative\DRIVERS\ndistapi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=30639C932D9FEF22B31268FE25A1B6E5 SIZE=24064

%WINDIR%\sysnative\DRIVERS\ndiswan.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=557DFAB9CA1FCB036AC77564C010DAD3 SIZE=164352

%WINDIR%\sysnative\DRIVERS\netbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=86743D9F5D2B1048062B14B1D84501C4 SIZE=44544

%WINDIR%\sysnative\DRIVERS\netbt.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9162B273A44AB9DCE5B44362731D062A SIZE=259072

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\drivers\nsiproxy.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E7F5AE18AF4168178A642A9247C63001 SIZE=24576

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\DRIVERS\parport.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=0086431C29C35BE1DBC43F52CC273887 SIZE=97280

%WINDIR%\sysnative\DRIVERS\parport.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=0086431C29C35BE1DBC43F52CC273887 SIZE=97280

%WINDIR%\sysnative\drivers\partmgr.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=7DAA117143316C4A1537E074A5A9EAF0 SIZE=75840

%WINDIR%\sysnative\DRIVERS\pci.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F36F6504009F2FB0DFD1B17A116AD74B SIZE=183872

%WINDIR%\sysnative\DRIVERS\pci.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F36F6504009F2FB0DFD1B17A116AD74B SIZE=183872

%WINDIR%\sysnative\drivers\pcw.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D6B9C2E1A11A3A4B26A182FFEF18F603 SIZE=50768

%WINDIR%\sysnative\drivers\peauth.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=68769C3356B3BE5D1C732C97B9A80D6E SIZE=651264

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\svchost.exe -k LocalServicePeerNet

%WINDIR%\sysnative\svchost.exe -k NetworkServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k NetworkServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\svchost.exe -k DcomLaunch

%WINDIR%\sysnative\DRIVERS\raspptp.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=27CC19E81BA5E3403C48302127BDA717 SIZE=111616

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\pacer.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=EE992183BD8EAEFD9973F352E587A299 SIZE=131584

%WINDIR%\sysnative\DRIVERS\pacer.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=EE992183BD8EAEFD9973F352E587A299 SIZE=131584

%WINDIR%\sysnative\DRIVERS\AgileVpn.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=7ECFF9B22276B73F43A99A15A6094E90 SIZE=60416

%WINDIR%\sysnative\DRIVERS\rasl2tp.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=87A6E852A22991580D6D39ADC4790463 SIZE=130048

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\raspppoe.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=855C9B1CD4756C5E9A2AA58A15F58C25 SIZE=92672

%WINDIR%\sysnative\DRIVERS\rassstp.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E8B1E447B008D07FF47D016C2B0EEECB SIZE=83968

%WINDIR%\sysnative\DRIVERS\rdbss.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3BAC8142102C15D59A87757C1D41DCE5 SIZE=309248

%WINDIR%\sysnative\DRIVERS\rdbss.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3BAC8142102C15D59A87757C1D41DCE5 SIZE=309248

%WINDIR%\sysnative\DRIVERS\rdpbus.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=302DA2A0539F2CF54D7C6CC30C1F2D8D SIZE=24064

%WINDIR%\sysnative\DRIVERS\RDPCDD.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=CEA6CC257FC9B7715F1C2B4849286D24 SIZE=7680

%WINDIR%\sysnative\drivers\rdpencdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=BB5971A4F00659529A5C44831AF22365 SIZE=7680

%WINDIR%\sysnative\drivers\rdprefmp.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=216F3FA57533D98E1F74DED70113177A SIZE=8192

%WINDIR%\sysnative\drivers\rdyboost.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=634B9A2181D98F15941236886164EC8B SIZE=214096

%WINDIR%\sysnative\svchost.exe -k RPCSS

%WINDIR%\sysnative\svchost.exe -k RPCSS

%WINDIR%\sysnative\svchost.exe -k rpcss

%WINDIR%\sysnative\svchost.exe -k rpcss

%WINDIR%\sysnative\DRIVERS\rspndr.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=DDC86E4F8E7456261E637E3552E804FF SIZE=76800

%WINDIR%\sysnative\lsass.exe [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0793F40B9B8A1BDD266296409DBD91EA SIZE=31232

%SystemDiskRoot%\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [sUPERAdBlocker.com and SUPERAntiSpyware.com] [sUPERAntiSpyware] MD5=99DF79C258B3342B6C8A5F802998DE56 SIZE=14920

%SystemDiskRoot%\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [sUPERAdBlocker.com and SUPERAntiSpyware.com] [sUPERAntiSpyware] MD5=2859C35C0651E8EB0D86D48E740388F2 SIZE=12360

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\serenum.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=CB624C0035412AF0DEBEC78C41F5CA1B SIZE=23552

%WINDIR%\sysnative\DRIVERS\serial.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 SIZE=94208

%WINDIR%\sysnative\DRIVERS\serial.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 SIZE=94208

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\spoolsv.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=F8E1FA03CB70D54A9892AC88B91D1E7B SIZE=558592

%WINDIR%\sysnative\Drivers\sptd.sys SIZE=834544

%WINDIR%\sysnative\Drivers\sptd.sys SIZE=834544

%WINDIR%\sysnative\Drivers\NISx64\1108000.005\SRTSP64.SYS [symantec Corporation] [AutoProtect] MD5=96BABC4906ECDB1C69D1176F8647AD8E SIZE=505392

%WINDIR%\sysnative\Drivers\NISx64\1108000.005\SRTSP64.SYS [symantec Corporation] [AutoProtect] MD5=96BABC4906ECDB1C69D1176F8647AD8E SIZE=505392

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SRTSPX64.SYS [symantec Corporation] [AutoProtect] MD5=C7F491A290E0E4222F5CDCD50EEB8167 SIZE=32304

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SRTSPX64.SYS [symantec Corporation] [AutoProtect] MD5=C7F491A290E0E4222F5CDCD50EEB8167 SIZE=32304

%WINDIR%\sysnative\DRIVERS\srv.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=DE6F5658DA951C4BC8E498570B5B0D5F SIZE=463360

%WINDIR%\sysnative\DRIVERS\srv2.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4D33D59C0B930C523D29F9BD40CDA9D2 SIZE=402944

%WINDIR%\sysnative\DRIVERS\srvnet.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=5A663FD67049267BC5C3F3279E631FFB SIZE=161792

%WINDIR%\sysnative\svchost.exe -k LocalServiceAndNoImpersonation

%WINDIR%\sysnative\svchost.exe -k LocalServiceAndNoImpersonation

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k imgsvc

%WINDIR%\sysnative\svchost.exe -k imgsvc

%WINDIR%\sysnative\DRIVERS\vmstorfl.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=FFD7A6F15B14234B5B0E5D49E7961895 SIZE=46672

%WINDIR%\sysnative\DRIVERS\swenum.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D01EC09B6711A5F8E7E6564A4D0FBC90 SIZE=12496

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SYMDS64.SYS [symantec Corporation] [symDS] MD5=659B227A72B76115975A6A9491B2FE1F SIZE=433200

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SYMDS64.SYS [symantec Corporation] [symDS] MD5=659B227A72B76115975A6A9491B2FE1F SIZE=433200

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SYMEFA64.SYS [symantec Corporation] [EFA] MD5=42C952D131EFF724A9959BB6D78C1B63 SIZE=221232

%WINDIR%\sysnative\drivers\NISx64\1108000.005\SYMEFA64.SYS [symantec Corporation] [EFA] MD5=42C952D131EFF724A9959BB6D78C1B63 SIZE=221232

%WINDIR%\sysnative\Drivers\SYMEVENT64x86.SYS [symantec Corporation] [sYMEVENT] MD5=3F9D5FE52585E2653E59FDBFDF09A94C SIZE=173104

%WINDIR%\sysnative\Drivers\SYMEVENT64x86.SYS [symantec Corporation] [sYMEVENT] MD5=3F9D5FE52585E2653E59FDBFDF09A94C SIZE=173104

%WINDIR%\sysnative\drivers\NISx64\1108000.005\Ironx64.SYS [symantec Corporation] [iron] MD5=F57588546E738DB1583981D8F44E9BC2 SIZE=150064

%WINDIR%\sysnative\drivers\NISx64\1108000.005\Ironx64.SYS [symantec Corporation] [iron] MD5=F57588546E738DB1583981D8F44E9BC2 SIZE=150064

%WINDIR%\sysnative\Drivers\NISx64\1108000.005\SYMTDIV.SYS [symantec Corporation] [symantec Security Drivers] MD5=8ABB6E5B7D75CD3F0A988695D0D9186A SIZE=451120

%WINDIR%\sysnative\Drivers\NISx64\1108000.005\SYMTDIV.SYS [symantec Corporation] [symantec Security Drivers] MD5=8ABB6E5B7D75CD3F0A988695D0D9186A SIZE=451120

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\svchost.exe -k NetworkService

%WINDIR%\sysnative\drivers\tcpip.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=90A2D722CF64D911879D6C4A4F802A4D SIZE=1896832

%WINDIR%\sysnative\drivers\tcpip.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=90A2D722CF64D911879D6C4A4F802A4D SIZE=1896832

%WINDIR%\sysnative\drivers\tcpipreg.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=76D078AF6F587B162D50210F761EB9ED SIZE=44544

%WINDIR%\sysnative\DRIVERS\tdx.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=079125C4B17B01FCAEEBCE0BCB290C0F SIZE=99840

%WINDIR%\sysnative\DRIVERS\termdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C448651339196C0E869A355171875522 SIZE=62544

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\DRIVERS\tunnel.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3836171A2CDF3AF8EF10856DB9835A70 SIZE=125440

%WINDIR%\sysnative\DRIVERS\tunnel.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=3836171A2CDF3AF8EF10856DB9835A70 SIZE=125440

%WINDIR%\sysnative\DRIVERS\umbus.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=EAB6C35E62B1B0DB0D1B48B671D3A117 SIZE=48640

%WINDIR%\sysnative\DRIVERS\usbehci.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2EA4AFF7BE7EB4632E3AA8595B0803B5 SIZE=51200

%WINDIR%\sysnative\DRIVERS\usbhub.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4C9042B8DF86C1E8E6240C218B99B39B SIZE=343040

%WINDIR%\sysnative\DRIVERS\usbprint.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=73188F58FB384E75C4063D29413CEE3D SIZE=25088

%WINDIR%\sysnative\DRIVERS\usbuhci.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=81FB2216D3A60D1284455D511797DB3D SIZE=30720

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\DRIVERS\vdrvroot.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=C5C876CCFC083FF3B128F933823E87BD SIZE=36432

%WINDIR%\sysnative\DRIVERS\vdrvroot.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=C5C876CCFC083FF3B128F933823E87BD SIZE=36432

%WINDIR%\sysnative\drivers\vga.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=53E92A310193CB3C03BEA963DE7D9CFC SIZE=29184

%WINDIR%\sysnative\DRIVERS\volmgr.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=2B1A3DAE2B4E70DBBA822B7A03FBD4A3 SIZE=71760

%WINDIR%\sysnative\drivers\volmgrx.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=99B0CBB569CA79ACAED8C91461D765FB SIZE=363584

%WINDIR%\sysnative\drivers\volmgrx.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=99B0CBB569CA79ACAED8C91461D765FB SIZE=363584

%WINDIR%\sysnative\DRIVERS\volsnap.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=58F82EED8CA24B461441F9C3E4F0BF5C SIZE=294992

%WINDIR%\sysnative\DRIVERS\volsnap.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=58F82EED8CA24B461441F9C3E4F0BF5C SIZE=294992

%WINDIR%\sysnative\DRIVERS\wanarp.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=47CA49400643EFFD3F1C9A27E1D69324 SIZE=88576

%WINDIR%\sysnative\drivers\Wdf01000.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=441BD2D7B4F98134C3A4F9FA570FD250 SIZE=654928

%WINDIR%\sysnative\drivers\Wdf01000.sys [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=441BD2D7B4F98134C3A4F9FA570FD250 SIZE=654928

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k LocalService

%WINDIR%\sysnative\svchost.exe -k WerSvcGroup

%WINDIR%\sysnative\svchost.exe -k WerSvcGroup

%WINDIR%\sysnative\DRIVERS\wfplwf.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=611B23304BF067451A9FDEE01FBDD725 SIZE=12800

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k netsvcs

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalServiceNetworkRestricted

%WINDIR%\sysnative\SearchIndexer.exe \Embedding

%WINDIR%\sysnative\SearchIndexer.exe \Embedding

%WINDIR%\sysnative\drivers\WudfPf.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=7CADC74271DD6461C452C271B30BD378 SIZE=112128

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\svchost.exe -k LocalSystemNetworkRestricted

%WINDIR%\sysnative\DRIVERS\stflt.sys [Windows ® Win 7 DDK provider] [spyware Terminator] MD5=A340ABC480C43C30CABC943E78AC631E SIZE=50696

%WINDIR%\sysnative\DRIVERS\stflt.sys [Windows ® Win 7 DDK provider] [spyware Terminator] MD5=A340ABC480C43C30CABC943E78AC631E SIZE=50696

%PROGRAMFILES%\Windows Live\Messenger\msgrapp.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=DFB036D0C5AD7B96C809CB3E32A6E3E8 SIZE=65912

%COMMONFILES%\microsoft shared\Web Components\10\OWC10.DLL [Microsoft Corporation] [Microsoft Office XP] MD5=CD87D4396557AA897952B0ED890DF91E SIZE=7255872

%PROGRAMFILES%\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [Microsoft Corporation] [Windows Live? Photo Gallery] MD5=FDA40F2BEC7490A81F0F644474090447 SIZE=42864

%SystemDiskRoot%\Program Files\Windows Sidebar\sidebar.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=8FC6C4EE0A2D3EBAA70FA38F99141BCE SIZE=1475072

 

End of Report

 

------------------------

 

No aguardo!!

 

O programa já removeu tudo!

[Power Max 54]

O programa já removeu tudo!

Este log do Spyware Terminator que você postou é um que ele gera no estilo Hijackthis, mas nele não se incluem os problemas removidos por ele. Ele removeu vários? Eram de que tipo? você se lembra? (como por exemplo: trojans, spywares, cookies, etc.)

[Kellison Lima 0]

O programa já removeu tudo!

Este log do Spyware Terminator que você postou é um que ele gera no estilo Hijackthis, mas nele não se incluem os problemas removidos por ele. Ele removeu vários? Eram de que tipo? você se lembra? (como por exemplo: trojans, spywares, cookies, etc.)

 

Olá, dentre os arquivos corrigidos/removidos estavam esses abaixo e alguns cookies.

 

Threat Files

<Trojan.Downloader.Dadobra.bru> : C:\Windows.old\Windows\system32\Tools\Regexe.exe

<RiskTool.Reboot.j> : C:\Windows.old\Windows\system32\Tools\Restart.exe

<APPL/NirCmd.C> : d:\Kellisøn\Programas\AdwareSpyware e Otimizador de PC\Flash Desinfector\Flash_Disinfector.exe

<Worm.Anilogo.K> : d:\Kellisøn\Programas\WebCam\A4Tech PK935 WIN7\a4tech-pkserie\xp32&2000\SetupFilter.exe

[Power Max 54]

:) Mais problemas removidos pelo Spyware Terminator.

______________________

 

:seta: Acesse o site http://virscan.org/ e envie estes arquivos destacados em vermelho abaixo para serem analisados (um de cada vez) e assim que análise de cada um deles for concluida copie o endereço (link) que aparecerá na barra de endereços de seu navegador e poste estes links com o resultado das análises em sua próxima resposta juntamente com os outros logs pedidos abaixo:

 

c:\windows\SysWow64\Ulead Photo Express ScreenSaver.scr

c:\windows\system32\drivers\98438142.sys

c:\windows\system32\drivers\9843814.sys

c:\windows\system32\drivers\98438141.sys

c:\windows\amcap.exe

c:\windows\iun6002.exe

c:\windows\system32\npptools.dll

c:\windows\system32\DRIVERS\98438142.sys

 

Envie também para análise os arquivos que estejam dentro destas pastas destacadas em vermelho abaixo:

 

C:\71aec7b93e9171de1cc4

C:\3a16e324bcfe7f73422ea1

C:\80f43168f034cb0d5c

C:\af91fe3ffff0461ff79ba40ce9c1f465

C:\3c31dac6fad9dafc60f8825a0e

 

Obs: Caso o site Virscan esteja muito sobrecarregado ou com algum problema, é só enviar os arquivos acima para serem analisados em algum destes sites abaixo:

http://www.virustotal.com/

http://virusscan.jotti.org/

http://www.viruschief.com/

_______________________

 

:seta: Pode desinstalar o Spyware Terminator, o SuperAntispyware e o Spyware Doctor.

_______________________

 

:seta: Faça o download do Spybot.

 

Para instalá-lo e usá-lo corretamente siga as dicas deste tutorial:

http://www.safer-networking.org/pt/tutorial/index.html

 

Depois nos diga, por gentileza, quais problemas foram removidos pelo Spybot e poste os links das análises dos arquivos pedidos acima e nos diga como está seu PC depois disto.

[Kellison Lima 0]

Olá, O Spybot não detectou qualquer ameaça no PC. O PC continua na mesma. Segue abaixo o resultado da análise do site. Alguns arquivos do PC os sites não conseguiram localizar (como se os arquivos não existissem).

 

----------------------------------

c:\windows\SysWow64\Ulead Photo Express ScreenSaver.scr

 

http://virscan.org/report/f066de4251704bdf3d479c52d80ef55d.html

 

Informações do Arquivo

Nome do Arquivo : Ulead Photo Express ScreenSaver.scr

Tamanho do Arquivo : 40960 byte

Tipo do Arquivo : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 286ddfaaab213d2bdee5676f8a6ec6b5

SHA1 : c991b824b6ace5f9dbc5af9b1a7d2accd3ce18ba

 

Resultado da Verificação

Resultado da Verificação : Todos os softwares reportaram que não encontraram códigos

 

maliciosos!

Tempo : 2011/01/21 09:34:44 (CST)

 

 

---------------------

c:\windows\system32\drivers\98438142.sys

 

Site não localizou o arquivo no meu PC.

 

 

--------------------------

c:\windows\system32\drivers\9843814.sys

 

 

Site não localizou o arquivo no meu PC.

 

---------------------

c:\windows\system32\drivers\98438141.sys

 

 

Site não localizou o arquivo no meu PC.

 

--------------

c:\windows\amcap.exe

 

http://virscan.org/report/b418182cd8a5a4e30515b4ccdb13df13.html

 

Informações do Arquivo

Nome do Arquivo : amcap.exe

Tamanho do Arquivo : 49152 byte

Tipo do Arquivo : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 91ff7fa2a81f2c16487dc2c3aea3f3a8

SHA1 : 72f027d7857f90e061b6ef66bc435ccdbe36e8cf

Resultado da Verificação

Resultado da Verificação : 6% Software(2/36) encontrou código malicioso!

Tempo : 2011/01/21 09:49:32 (CST)

 

Software Versão Versão Ass. Data Ass. Resultado da verificação Tempo

AVAST! 4.7.4 110120-2 2011-01-20 Win32:Injected-AZ 0.007

GData 21.1607/21.631 20110121 2011-01-21 Win32:Injected-AZ [Engine:B] 8.120

 

 

-------------

c:\windows\iun6002.exe

 

http://virscan.org/report/09b1538d6d205d52f5fb6c4398f8f3a8.html

 

Informações do Arquivo

Nome do Arquivo : iun6002.exe

Tamanho do Arquivo : 737280 byte

Tipo do Arquivo : PE32 executable for MS Windows (GUI) Intel 80386 32-bit

MD5 : 456462905091db042141487fe030e3c9

SHA1 : bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7

Resultado da Verificação

Resultado da Verificação : 3% Software(1/36) encontrou código malicioso!

Tempo : 2011/01/21 09:57:38 (CST)

 

The Hacker 6.7.0.1 v00116 2011-01-18 W32/AutoRun.blcc 0.816

 

 

---------------

c:\windows\system32\npptools.dll

 

 

Site não localizou o arquivo no meu PC.

 

-------------------

c:\windows\system32\DRIVERS\98438142.sys

 

 

Site não localizou o arquivo no meu PC.

 

-------------------

C:\71aec7b93e9171de1cc4

 

Pasta Vazia

 

 

---------------

C:\3a16e324bcfe7f73422ea1

 

 

Pasta Vazia

 

 

----------------

C:\80f43168f034cb0d5c

 

 

Pasta Vazia

 

--------------

C:\af91fe3ffff0461ff79ba40ce9c1f465

 

 

Pasta Vazia

 

 

----------

C:\3c31dac6fad9dafc60f8825a0e

 

Pasta Vazia

 

-------------------------------------------

 

No aguardo!

[Power Max 54]

O Spybot não detectou qualquer ameaça no PC

:seta: Pode desinstalar o Spybot do seu PC.

___________________

 

O PC continua na mesma

Meu Windows Update não está instalado [nem instalar, dá erro] e a Central de Segurança do Windows não funfa de jeito nenhum.

:seta: Creio que estes problemas não estejam sendo causados por virus ou malwares, já que fizemos as limpezas com vários programas diferentes e na última análise nada de errado foi encontrado. Os arquivos que enviamos para análise também em sua enorme maioria não estão contaminados e em outros casos só uma mínima quantidade de antivirus detectou alguma coisa (o que normalmente indica um falso-positivo, ou seja: um engano por parte destes antivirus). Diante disto, estarei movendo seu tópico para uma outra área do fórum para que os colegas daquela área possam dar outras dicas de como restaurar seu Windows update e a Central de Segurança que não estão funcionando corretamente.