Weick 1 Denunciar post Postado Janeiro 20, 2012 Pessoal, bom dia. Logo quando ligo o PC, ele funciona normalmente, mas depois de algumas horas começa a apresentar esse problema: eu digito um texto qualquer e, em determinado momento, a digitação congela por um ou dois segundos e, quando as letras surgem, elas estão completamente invertidas. Por exemplo: Este é um exolpme de como os meus textos tem fodaci quando o problame acontece. Não sei se é alguma falha de hw/sw ou se trata-se de infecção. Segue log do Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:06:39, on 20/1/2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Win\lsass.exe C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LGScsiCommandService.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnect.exe C:\Arquivos de programas\UTORRENT\utorrent.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gsfs-america.lge.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Windows Media Player Sharing Plugin - {7380C6A8-9ACD-4EBA-8C76-2D170B5C08BB} - C:\ProgramData\Windows\nporbit.dll O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TwebstBHO Class - {F533E300-85E2-46FA-9CD9-5358BF11EE42} - C:\ProgramData\Codecentrix\Twebst\TwebstBHO.dll O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://meugadget.blogspot.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTextAreaU.cab O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://136.166.4.85:8110/sys/cabfiles/Potential.cab O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://136.166.4.85:8110/sys/cabfiles/MxBinderU.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMenuU.cab O16 - DPF: {46DE705F-D294-4688-A12D-5E06FEFDEE2C} (LocalDBU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLocalDBU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://136.166.4.85:8110/sys/cabfiles/MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-america.lge.com/sys/cabfiles/MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://136.166.4.85:8110/sys/cabfiles/MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://136.166.4.85:8110/sys/cabfiles/MxReportU.cab O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://136.166.4.85:8110/sys/cabfiles/MxRSSAdaptor.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxDataSetU.cab O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMGridU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://136.166.4.85:8110/sys/cabfiles/MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTreeU.cab O16 - DPF: {D14E96C4-2AD2-4954-A242-85CFDA64E0A4} (BinVerCheckAx Control) - http://csmg.lgmobile.com:9002/client/app/BinVerCheckAx.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMaskEditU.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://136.166.4.85:8110/sys/cabfiles/MxRadioU.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 9049 bytes Agradeço de antemão Weick Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 20, 2012 Bom Dia! Weick |- Baixe: < > ( ...by sUBs ) |- Salve-o no desktop! ( Área de trabalho! ) |- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! ) |- Feche algum programa/arquivo que esteja aberto. |- Ps: Esteja conectado(a) à Internet. |- Execute ComboFix.exe,com um duplo clique. |- Ps: Lhe será pedido a instalação do "Console de Recuperação". |- Ps: Ficará,portanto,à seu critério optar por sua instalação. |- Ps: Caso aconteça a notificação de: Aplicativo Win32 não-válido,delete a ferramenta e faça,novamente,o download. |- Salve-a no desktop,renomeada como: Kombo.exe |- Nomeie durante o salvamento,e não após salvá-la! |- Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança. |- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. |- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança." |- Abrir-se-á a janela Auto Scan. |- Aguarde a finalização de todas as Etapas. |- Durante o scan,evite utilizar o mouse ou teclado! |- Concluindo,poste: C:\ComboFix.txt + HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 20, 2012 Obrigado DigRam. Seguem logs: ComboFix 12-01-19.02 - Administrador 20/01/2012 17:24:39.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1983.1636 [GMT -3:00] Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe AV: ESET NOD32 sistema antivírus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrador\Dados de aplicativos\PriceGong c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\1.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\a.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\b.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\c.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\d.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\e.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\f.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\g.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\h.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\i.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\J.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\k.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\l.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\m.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\mru.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\n.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\o.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\p.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\q.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\r.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\s.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\t.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\u.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\v.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\w.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\x.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\y.xml c:\documents and settings\Administrador\Dados de aplicativos\PriceGong\Data\z.xml c:\documents and settings\Administrador\WINDOWS c:\documents and settings\All Users\Dados de aplicativos\TEMP c:\recycler\S-1-5-21-1707869569-1056649527-838619358-3270\wingn.exe C:\Thumbs.db C:\Win c:\win\lsass.exe c:\win\names.txt c:\windows\iun6002.exe c:\windows\system32\msconfig.exe c:\windows\system32\uninstall.exe c:\windows\Tasks\startt.job . . (((((((((((((((( Arquivos/Ficheiros criados de 2011-12-20 to 2012-01-20 )))))))))))))))))))))))))))) . . 2012-01-20 20:31 . 2012-01-20 20:31 -------- d-----w- c:\windows\system32\wbem\snmp 2012-01-20 20:31 . 2012-01-20 20:31 -------- d-----w- c:\windows\system32\xircom 2012-01-20 20:31 . 2012-01-20 20:31 -------- d-----w- c:\arquivos de programas\microsoft frontpage 2012-01-20 12:04 . 2012-01-20 12:05 388608 ----a-w- C:\HiJackThis.exe 2012-01-19 11:03 . 2012-01-19 11:05 -------- d-----w- C:\LGDP 2012-01-09 16:56 . 2012-01-09 16:56 19416 ----a-w- c:\arquivos de programas\Mozilla Firefox\AccessibleMarshal.dll 2012-01-05 18:01 . 2012-01-05 18:01 119296 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\WebEx\1224\PsImgStrm.dll 2012-01-05 18:00 . 2012-01-05 18:00 574264 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\WebEx\1224\atgpcext.dll 2012-01-05 18:00 . 2012-01-05 18:00 113976 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\WebEx\1224\atgpcdec.dll 2012-01-05 18:00 . 2012-01-05 18:00 176952 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\npatgpc.dll 2012-01-03 19:22 . 2012-01-03 19:22 -------- d-----w- c:\windows\system32\windows media 2012-01-03 19:20 . 2012-01-03 19:22 -------- d--h--w- c:\windows\msdownld.tmp 2012-01-03 17:17 . 2012-01-03 17:17 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\AnvSoft 2012-01-03 11:22 . 2012-01-03 11:22 103864 ----a-w- c:\arquivos de programas\Mozilla Firefox\plugins\nppdf32.dll 2012-01-03 11:22 . 2012-01-03 11:22 103864 ----a-w- c:\arquivos de programas\Internet Explorer\PLUGINS\nppdf32.dll 2012-01-02 19:23 . 2012-01-19 17:08 -------- d-----w- c:\arquivos de programas\Soulseek 2012-01-02 19:12 . 2012-01-02 19:12 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DVDVideoSoft 2012-01-02 19:11 . 2012-01-19 17:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\DVDVideoSoft 2011-12-30 11:49 . 2011-12-30 11:49 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\CrashRpt 2011-12-30 11:40 . 2006-06-29 16:07 14048 ------w- c:\windows\system32\spmsg2.dll 2011-12-30 11:37 . 2011-12-30 11:37 -------- d-----w- c:\windows\system32\XPSViewer 2011-12-30 11:36 . 2011-12-30 11:36 -------- d-----w- c:\arquivos de programas\Reference Assemblies 2011-12-30 11:36 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2011-12-30 11:36 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2011-12-30 11:36 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2011-12-30 11:36 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2011-12-30 11:36 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2011-12-30 11:36 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2011-12-30 11:36 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2011-12-30 11:36 . 2011-12-30 11:36 -------- d-----w- C:\dc7c5204af4f17b269c8181c31 2011-12-30 11:36 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2011-12-30 11:36 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2011-12-30 11:31 . 2011-12-30 11:31 -------- d-----w- c:\arquivos de programas\MSXML 6.0 2011-12-30 11:09 . 2012-01-19 17:05 -------- d-sh--w- c:\windows\system32\AI_RecycleBin 2011-12-30 11:08 . 2012-01-19 17:05 -------- d-----w- c:\arquivos de programas\RapidSolution 2011-12-30 11:08 . 2011-12-30 11:08 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\RapidSolution 2011-12-30 11:07 . 2011-12-30 11:07 -------- d-----w- c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution 2011-12-27 17:16 . 2011-12-27 17:16 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Last.fm 2011-12-27 17:16 . 2008-05-13 20:23 417792 ----a-w- c:\arquivos de programas\Windows Media Player\Plugins\wmp_scrobbler.dll 2011-12-27 17:15 . 2011-12-27 17:15 -------- d-----w- c:\arquivos de programas\Last.fm . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-26 11:01 . 2011-06-09 13:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-12 11:17 . 2011-11-09 18:50 2560 --sh--r- C:\w.cpl 2012-01-05 18:01 . 2012-01-05 18:01 302904 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ieatgpc.dll 2012-01-09 16:56 . 2012-01-09 16:56 121816 ----a-w- c:\arquivos de programas\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7380C6A8-9ACD-4EBA-8C76-2D170B5C08BB}] 2011-02-28 22:35 1489920 ----a-w- c:\programdata\Windows\nporbit.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "B2B_AGENT"="c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" [2012-01-11 121936] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2011-09-26 21:15 87424 ----a-w- c:\windows\system32\LMIinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verificador do sistema] cssrs [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-02 13:07 843712 ----a-r- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-01-04 01:51 37296 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2BFileUpdate_AGENT] 2011-10-25 02:59 158824 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LiveUpdateAgent\B2BFileUpdateAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT] 2010-09-27 08:05 391096 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog303] 2005-10-25 15:56 61440 -c--a-w- c:\windows\VM303_STI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-04 05:45 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-27 03:47 31016 -c--a-w- c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 04:54 417792 ----a-w- c:\arquivos de programas\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 14:44 248552 -c--a-w- c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "Wmi"=3 (0x3) "WmdmPmSN"=3 (0x3) "Themes"=2 (0x2) "TapiSrv"=3 (0x3) "stisvc"=2 (0x2) "srservice"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\UltraVNC\\winvnc.exe"= "c:\\Arquivos de programas\\Motorola\\MotoConnect\\SWDL.exe"= "c:\\Arquivos de programas\\VideoLAN\\VLC\\vlc.exe"= "c:\\GVS\\GVS.exe"= "c:\\WINDOWS\\system32\\dllhost.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\uTorrent\\uTorrent.exe"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/7/2011 18:04 436792] R2 LGScsiCommandService;LG SCSI command service;c:\windows\system32\LGScsiCommandService.exe [21/7/2011 08:20 47616] R2 MotoConnect Service;MotoConnect Service;c:\arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe [25/8/2010 16:00 91456] R2 WnsDrvr;WnsDrvr;c:\windows\system32\drivers\wnsdrvr.sys [16/8/2009 18:58 25952] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [29/9/2009 08:11 12160] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [29/9/2009 08:11 10496] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [29/9/2009 08:11 12928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/3/2010 13:16 130384] S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [24/10/2010 18:20 136176] S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\arquivos de programas\LogMeIn\x86\RaInfo.sys --> c:\arquivos de programas\LogMeIn\x86\RaInfo.sys [?] S3 Andbus;LGE Android Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [24/9/2010 08:36 14336] S3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [24/9/2010 08:36 20864] S3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [24/9/2010 08:36 19968] S3 ANDModem;LGE Android USB Modem;c:\windows\system32\drivers\lgandmodem.sys [24/9/2010 08:36 24960] S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [23/8/2010 16:01 25856] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [23/8/2010 16:01 6016] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys --> c:\windows\system32\DRIVERS\ew_hwusbdev.sys [?] S3 FlashUSB;Flash Loader utility driver;c:\windows\system32\drivers\FlashUSB.sys [18/1/2011 14:52 16896] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys --> c:\windows\system32\DRIVERS\ew_jubusenum.sys [?] S3 LGE_GSM_USB_OMAPV1030;LGE GSM Device Driver OMAPV1030;c:\windows\system32\DRIVERS\LGE_GSM_USB_OMAPV1030.sys --> c:\windows\system32\DRIVERS\LGE_GSM_USB_OMAPV1030.sys [?] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys --> c:\windows\system32\drivers\massfilter.sys [?] S3 meflash;Mobile Equipment USB Flash driver;c:\windows\system32\Drivers\meflash.sys --> c:\windows\system32\Drivers\meflash.sys [?] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [23/8/2010 16:01 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [23/8/2010 16:01 8320] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [23/8/2010 16:01 42752] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [23/8/2010 16:01 23424] S3 mstrgen;MCCI® Firmware Update Driver for MTK;c:\windows\system32\drivers\mstrgen.sys [18/1/2011 14:54 62080] S3 Usbatos;LGE SP DL USB Serial Port;c:\windows\system32\drivers\lgusbatos.sys [4/8/2011 08:30 22016] S3 usbcorobus;LGE Corona Composite USB Device;c:\windows\system32\DRIVERS\lgcorobus.sys --> c:\windows\system32\DRIVERS\lgcorobus.sys [?] S3 UsbcoroDiag;LGE Corona USB Serial Port;c:\windows\system32\DRIVERS\lgcorodiag.sys --> c:\windows\system32\DRIVERS\lgcorodiag.sys [?] S3 USBcoroModem;LGE Corona USB Modem;c:\windows\system32\DRIVERS\lgcoromdm.sys --> c:\windows\system32\DRIVERS\lgcoromdm.sys [?] S3 UTS2pl;Foxlink Serial port driver;c:\windows\system32\drivers\UTS2pl.sys [25/5/2004 16:48 43264] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/3/2010 13:16 753504] . Conteúdo da pasta 'Tarefas Agendadas' . 2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-24 21:20] . 2011-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-24 21:20] . . ------- Scan Suplementar ------- . uStart Page = hxxp://gsfs-america.lge.com/ mStart Page = hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d IE: &Download All using 4shared Desktop - c:\arquivos de programas\4shared Desktop\down_all.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html Trusted Zone: blogspot.com\meugadget TCP: Interfaces\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - c:\windows\Downloaded Program Files\Potential.dll Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - c:\windows\Downloaded Program Files\Potential.dll DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} - hxxp://136.166.4.85:8110/sys/cabfiles/MxTextAreaU.cab DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} - hxxp://136.166.4.85:8110/sys/cabfiles/Potential.cab DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} - hxxp://136.166.4.85:8110/sys/cabfiles/MxLogicalTRU.cab DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} - hxxp://136.166.4.85:8110/sys/cabfiles/MxBinderU.cab DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} - hxxp://136.166.4.85:8110/sys/cabfiles/MxMenuU.cab DPF: {46DE705F-D294-4688-A12D-5E06FEFDEE2C} - hxxp://136.166.4.85:8110/sys/cabfiles/MxLocalDBU.cab DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} - hxxp://136.166.4.85:8110/sys/cabfiles/MxFileControlU.cab DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} - hxxp://gsfs-america.lge.com/sys/cabfiles/MxGridU.cab DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} - hxxp://136.166.4.85:8110/sys/cabfiles/MxResourceMngU.cab DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} - hxxp://136.166.4.85:8110/sys/cabfiles/MxTabU.cab DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} - hxxp://136.166.4.85:8110/sys/cabfiles/MxReportU.cab DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} - hxxp://136.166.4.85:8110/sys/cabfiles/MxRSSAdaptor.cab DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} - hxxp://136.166.4.85:8110/sys/cabfiles/MxImageSetU.cab DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} - hxxp://136.166.4.85:8110/sys/cabfiles/MxDataSetU.cab DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} - hxxp://136.166.4.85:8110/sys/cabfiles/MxMGridU.cab DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} - hxxp://136.166.4.85:8110/sys/cabfiles/MxComboU.cab DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} - hxxp://136.166.4.85:8110/sys/cabfiles/MxTreeU.cab DPF: {D14E96C4-2AD2-4954-A242-85CFDA64E0A4} - hxxp://csmg.lgmobile.com:9002/client/app/BinVerCheckAx.cab DPF: {D7779973-9954-464E-9708-DA774CA50E13} - hxxp://136.166.4.85:8110/sys/cabfiles/MxMaskEditU.cab DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} - hxxp://136.166.4.85:8110/sys/cabfiles/MxRadioU.cab FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q= . - - - - ORFÃOS REMOVIDOS - - - - . HKLM-Run-run32 - c:\win\lsass.exe HKU-Default-Run-MsnMsgr - c:\arquivos de programas\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-egui - c:\arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe MSConfigStartUp-eSnips_Downloader - c:\arquivos de programas\Logia\eSnipsDownloader\eSnips_Downloader.exe MSConfigStartUp-fuwop - c:\documents and settings\Administrador\fuwop.exe MSConfigStartUp-PC Connection Agent - c:\arquivos de programas\Microsoft ActiveSync\wcescomm.exe MSConfigStartUp-LogMeIn GUI - c:\arquivos de programas\LogMeIn\x86\LogMeInSystray.exe AddRemove-RemoteScan - c:\windows\iun6002.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-01-20 17:32 Windows 5.1.2600 Service Pack 2 NTFS . Procurando processos ocultos ... . Procurando entradas auto inicializáveis ocultas ... . Procurando ficheiros/arquivos ocultos ... . Varredura completada com sucesso arquivos/ficheiros ocultos: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- . - - - - - - - > 'winlogon.exe'(468) c:\windows\system32\LMIinit.dll c:\windows\system32\LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(604) c:\windows\system32\LMIRfsClientNP.dll c:\windows\system32\msi.dll c:\arquivos de programas\Scpad\scpLIB.dll c:\arquivos de programas\Scpad\scpMIB.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE c:\arquivos de programas\Motorola\MotoConnectService\MotoConnect.exe . ************************************************************************** . Tempo para conclusão: 2012-01-20 17:36:00 - Máquina reiniciou ComboFix-quarantined-files.txt 2012-01-20 20:35 . Pré-execução: 5.792.555.008 bytes disponíveis Pós execução: 5.753.290.752 bytes disponíveis . WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 02FE9A007B89C1AA083436C0A6ED5F83 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:39:41, on 20/1/2012 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\LGScsiCommandService.exe C:\Arquivos de programas\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnect.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gsfs-america.lge.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Windows Media Player Sharing Plugin - {7380C6A8-9ACD-4EBA-8C76-2D170B5C08BB} - C:\ProgramData\Windows\nporbit.dll O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TwebstBHO Class - {F533E300-85E2-46FA-9CD9-5358BF11EE42} - C:\ProgramData\Codecentrix\Twebst\TwebstBHO.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [b2B_AGENT] "C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL O15 - Trusted Zone: http://meugadget.blogspot.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTextAreaU.cab O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://136.166.4.85:8110/sys/cabfiles/Potential.cab O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://136.166.4.85:8110/sys/cabfiles/MxBinderU.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMenuU.cab O16 - DPF: {46DE705F-D294-4688-A12D-5E06FEFDEE2C} (LocalDBU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLocalDBU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://136.166.4.85:8110/sys/cabfiles/MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-america.lge.com/sys/cabfiles/MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://136.166.4.85:8110/sys/cabfiles/MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://136.166.4.85:8110/sys/cabfiles/MxReportU.cab O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://136.166.4.85:8110/sys/cabfiles/MxRSSAdaptor.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxDataSetU.cab O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMGridU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://136.166.4.85:8110/sys/cabfiles/MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTreeU.cab O16 - DPF: {D14E96C4-2AD2-4954-A242-85CFDA64E0A4} (BinVerCheckAx Control) - http://csmg.lgmobile.com:9002/client/app/BinVerCheckAx.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMaskEditU.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://136.166.4.85:8110/sys/cabfiles/MxRadioU.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} - C:\WINDOWS\Downloaded Program Files\Potential.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LG SCSI command service (LGScsiCommandService) - Mobile Leader Co.,Ltd. - C:\WINDOWS\system32\LGScsiCommandService.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe -- End of file - 8352 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 21, 2012 Boa Tarde! Weick |- Baixe: < AdwCleaner > ( ... de Xplode ) |- Salve-o no deskop! |- Dê início ao scan,clicando em "Suppression". |- Clique em Quitter,para sair. |- Poste: C:\AdwCleaner[S].txt |- Ps: Caso tenha erros ao executar a ferramenta,baixe-a pelo Badongo. |- Link opcional: < adwcleaner0.zip > |- Estando na página,entre com o texto e clique em "Faça o download do seu fich..." |- Clique em "Faça o download do seu ficheiro aqui". |- Aguarde,até que apareça a janela: "Opening adwcleaner0.zip" |- Marque: Save file -> OK. |- Ps: Ao executar AdwCleaner0.exe,segundo instruções,não esqueça de tirá-la do zip. ////°°°°//// |- Baixe: < > < > ( ...par Nicolas Coolman ) |- Estando na página,clique em: < > |- Salve-o em Arquivos de programas. |- Ps: Descompacte-o em Arquivos de programas. |- Abra a ferramenta ZHPDiag e habilite todas as opções de diagnóstico,clicando em ( Ícone da chave de fenda ) |- Clique em All. |- Dê início ao diagnóstico ( Diag ),clicando no ícone da lupa. |- Ao concluir,clique em "Save Report",para dispormos do relatório. |- Salve-o em um local conveniente! |- Poste-o,na sua resposta: ZHPDiag.txt |- Ps: Caso tenha problemas ao postar esse relatório,acesse < > |- Maiores informações: |Aqui!| ou |pjjoint.malekal.com| Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 21, 2012 Olá. Segui as orientações, seguem logs: # AdwCleaner v1.407 - Logfile created 01/21/2012 at 12:03:43 # Updated 18/01/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Administrador - LABORATORIO (Administrator) # Running from : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon Folder Found : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon Folder Found : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Folder Found : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\Conduit Folder Found : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\extensions\ffxtlbr@babylon.com File Found : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703 Key Found : HKCU\Software\Conduit Key Found : HKLM\SOFTWARE\Babylon Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\Description Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Microsoft\RFC1156Agent Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2} Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.5730.13 [OK] Registry is clean. -\\ Mozilla Firefox v9.0.1 (pt-BR) Profile : i2g6hsss.default File : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\prefs.js Found : user_pref("CT2233703..clientLogIsEnabled", false); Found : user_pref("CT2233703..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2233703..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2233703.CTID", "CT2233703"); Found : user_pref("CT2233703.CurrentServerDate", "3-11-2010"); Found : user_pref("CT2233703.DialogsAlignMode", "LTR"); Found : user_pref("CT2233703.DownloadReferralCookieData", ""); Found : user_pref("CT2233703.EMailNotifierPollDate", "Mon Nov 01 2010 09:38:21 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT2233703.FirstServerDate", "3-11-2010"); Found : user_pref("CT2233703.FirstTime", true); Found : user_pref("CT2233703.FirstTimeFF3", true); Found : user_pref("CT2233703.FixPageNotFoundErrors", true); Found : user_pref("CT2233703.GroupingServerCheckInterval", 1440); Found : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2233703.HasUserGlobalKeys", true); Found : user_pref("CT2233703.Initialize", true); Found : user_pref("CT2233703.InitializeCommonPrefs", true); Found : user_pref("CT2233703.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2233703.InstallationType", "UnknownIntegration"); Found : user_pref("CT2233703.InstalledDate", "Mon Nov 01 2010 09:38:21 GMT-0300 (Hora oficial do Brasil)"); Found : user_pref("CT2233703.InvalidateCache", false); Found : user_pref("CT2233703.IsGrouping", false); Found : user_pref("CT2233703.IsMulticommunity", false); Found : user_pref("CT2233703.IsOpenThankYouPage", true); Found : user_pref("CT2233703.IsOpenUninstallPage", false); Found : user_pref("CT2233703.LanguagePackLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hora oficial do[...] Found : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2233703.LastLogin_3.2.1.3", "Mon Nov 01 2010 09:38:20 GMT-0300 (Hora oficial do Brasil)[...] Found : user_pref("CT2233703.LatestVersion", "2.7.2.0"); Found : user_pref("CT2233703.Locale", "en"); Found : user_pref("CT2233703.MCDetectTooltipHeight", "83"); Found : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2233703.MCDetectTooltipWidth", "295"); Found : user_pref("CT2233703.RadioIsPodcast", false); Found : user_pref("CT2233703.RadioLastCheckTime", "Wed Nov 03 2010 10:49:53 GMT-0300 (Hora oficial do Brasil[...] Found : user_pref("CT2233703.RadioLastUpdateIPServer", "3"); Found : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000"); Found : user_pref("CT2233703.RadioMediaID", "11027882"); Found : user_pref("CT2233703.RadioMediaType", "Media Player"); Found : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT223370311027882"); Found : user_pref("CT2233703.RadioStationName", "DANCE%20radio"); Found : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx"); Found : user_pref("CT2233703.SavedHomepage", "hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=o[...] Found : user_pref("CT2233703.SearchFromAddressBarIsInit", true); Found : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...] Found : user_pref("CT2233703.SearchInNewTabEnabled", true); Found : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Mon Nov 01 2010 09:38:22 GMT-0300 (Hora oficial [...] Found : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2233703.SearchInNewTabUserEnabled", false); Found : user_pref("CT2233703.ServiceMapLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficial do B[...] Found : user_pref("CT2233703.SettingsLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficial do Bra[...] Found : user_pref("CT2233703.SettingsLastUpdate", "1287764901"); Found : user_pref("CT2233703.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficia[...] Found : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2233703.UserID", "UN16006715125756987"); Found : user_pref("CT2233703.WeatherNetwork", ""); Found : user_pref("CT2233703.WeatherPollDate", "Mon Nov 01 2010 09:38:22 GMT-0300 (Hora oficial do Brasil)")[...] Found : user_pref("CT2233703.WeatherUnit", "C"); Found : user_pref("CT2233703.alertChannelId", "631527"); Found : user_pref("CT2233703.myStuffEnabled", true); Found : user_pref("CT2233703.myStuffPublihserMinWidth", 400); Found : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2233703.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2233703.testingCtid", ""); Found : user_pref("CT2233703.toolbarAppMetaDataLastCheckTime", "Mon Nov 01 2010 09:38:20 GMT-0300 (Hora ofic[...] Found : user_pref("CT2233703.toolbarContextMenuLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hora ofic[...] Found : user_pref("CT2233703.usagesFlag", 1); Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=631527&fid=627389", "\"0\""[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2233703", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63423110335950[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2233703&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Found : user_pref("CommunityToolbar.EngineOwner", "CT2233703"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "4shared.com"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2233703"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "4shared.com"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://eis.esnips.com/page/search_provid[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2233703"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703"); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 720); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Nov 01 2010 10:38:22 GMT-0300 (Hora [...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora ofic[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "284a3ae7-e164-4246-b223-ba09f2a7c2df"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hor[...] Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2233703"); Found : user_pref("browser.search.defaultthis.engineName", "4shared Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea[...] Found : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Found : user_pref("extensions.BabylonToolbar.bbDpng", 9); Found : user_pref("extensions.BabylonToolbar.lastDP", 9); Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Found : user_pref("extensions.BabylonToolbar.propectorlck", 59396428); Found : user_pref("extensions.BabylonToolbar.smplGrp", "free"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q="); ************************* AdwCleaner[R1].txt - [12578 octets] - [21/01/2012 12:03:43] ########## EOF - C:\AdwCleaner[R1].txt - [12707 octets] ########## Rapport de ZHPDiag v1.28.313 par Nicolas Coolman, Update du 18/01/2012 Run by Administrador at 21/1/2012 12:09:51 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ State : Your version is update. ---\\ Web Browser MSIE: Internet Explorer v7.0.5730.13 (Defaut) MFIE: Mozilla Firefox 9.0.1 v9.0.1 ---\\ Windows Product Information ~ Langage: Anglais Windows XP Professional Service Pack 2 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System Information ~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1983 MB (74% free) System Restore: Activé (Enable) System drive C: has 5 GB (7%) free of 75 GB ---\\ Logged in mode ~ Computer Name: LABORATORIO ~ User Name: Administrador ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\ ~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\ ~ %Favorites% : C:\Documents and Settings\Administrador\Favorites\ ~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\ ~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 75 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK ~ Scan Security Center in 00mn 00s ---\\ Search Generic System Files [MD5.FA61A19050AE14BEC1A26DE82390DD65] - (.Microsoft Corporation - Windows Explorer.) (.4/8/2004 - 02:45:34.) -- C:\WINDOWS\Explorer.exe [1034240] [MD5.730EAD05B1FC178629F437F8A1D76E27] - (.Microsoft Corporation - Executa uma DLL como um aplicativo.) (.4/8/2004 - 02:45:42.) -- C:\WINDOWS\system32\rundll32.exe [33280] [MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 18:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688] [MD5.6F7BDE7A1126DEBF0CC359A54953EFC1] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.4/8/2004 - 02:45:46.) -- C:\WINDOWS\system32\Winlogon.exe [504320] [MD5.5AC495F4CB807B2B98AD2AD591E6D92E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.4/8/2004 - 01:14:16.) -- C:\WINDOWS\system32\drivers\AFD.sys [138496] [MD5.CDFE4411A69C224BD1D11B2DA92DAC51] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.4/8/2004 - 00:59:44.) -- C:\WINDOWS\system32\drivers\atapi.sys [95360] [MD5.CD7D5152DF32B47F4E36F710B35AAE02] - (.Microsoft Corporation - CD-ROM File System Driver.) (.4/8/2004 - 01:14:12.) -- C:\WINDOWS\system32\drivers\Cdfs.sys [63744] [MD5.AF9C19B3100FE010496B1A27181FBF72] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.4/8/2004 - 00:59:54.) -- C:\WINDOWS\system32\drivers\Cdrom.sys [49536] [MD5.8EC0D923CD6128DE73DDA0DF082BB985] - (.Microsoft Corporation - FIPS Crypto Driver.) (.28/10/2001 - 09:06:32.) -- C:\WINDOWS\system32\drivers\Fips.sys [35072] [MD5.FCAD1D4A4724B6FA6F05A5DB7F89443C] - (.Microsoft Corporation - Driver de porta i8042.) (.4/8/2004 - 02:37:16.) -- C:\WINDOWS\system32\drivers\i8042prt.sys [53760] [MD5.F8AA320C6A0409C0380E5D8A99D76EC6] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.4/8/2004 - 01:00:16.) -- C:\WINDOWS\system32\drivers\Imapi.sys [41856] [MD5.B5A8E215AC29D24D60B4D1250EF05ACE] - (.Microsoft Corporation - IP Network Address Translator.) (.4/8/2004 - 01:04:52.) -- C:\WINDOWS\system32\drivers\IpNat.sys [134912] [MD5.64537AA5C003A6AFEEE1DF819062D0D1] - (.Microsoft Corporation - IPSec Driver.) (.4/8/2004 - 01:14:30.) -- C:\WINDOWS\system32\drivers\IPSec.sys [74752] [MD5.1FD607FC67F7F7C633C3DA65BFC53D18] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/8/2004 - 01:15:18.) -- C:\WINDOWS\system32\drivers\MRxSmb.sys [451456] [MD5.0C80E410CD2F47134407EE7DD19CC86B] - (.Microsoft Corporation - MBT Transport driver.) (.4/8/2004 - 01:14:38.) -- C:\WINDOWS\system32\drivers\netBT.sys [162816] [MD5.B78BE402C3F63DD55521F73876951CDD] - (.Microsoft Corporation - NT File System Driver.) (.4/8/2004 - 01:15:10.) -- C:\WINDOWS\system32\drivers\ntfs.sys [574592] [MD5.8B225D87CBE08A5CB090BBF9F7DE1D30] - (.Microsoft Corporation - Driver de porta paralela.) (.1/11/2004 - 04:23:46.) -- C:\WINDOWS\system32\drivers\Parport.sys [80384] [MD5.98FAEB4A4DCF812BA1C6FCA4AA3E115C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.4/8/2004 - 01:14:24.) -- C:\WINDOWS\system32\drivers\Rasl2tp.sys [51328] [MD5.A2CAE2C60BC37E0751EF9DDA7CEAF4AD] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.1/11/2004 - 04:14:22.) -- C:\WINDOWS\system32\drivers\rdpdr.sys [196864] [MD5.DDD1A19CD2EDA2D6AE5AB61BAAEB4278] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.1/11/2004 - 01:14:22.) -- C:\WINDOWS\system32\drivers\redbook.sys [57984] [MD5.EB2F82AAEADCC9BAAC66CBA4D714E338] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.4/8/2004 - 02:37:30.) -- C:\WINDOWS\system32\drivers\volsnap.sys [53248] ~ Scan Generic Processes in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 2/3 ~ Mes musiques (My Musics) : 2/4 Mes Videos (My Videos) : 2/2 (Modified) ~ Mes Favoris (My Favorites) : Non accessible (Not found) ~ Mes Documents (My Documents) : 134/947 ~ Mon Bureau (My Desktop) : 3/59 ~ Menu demarrer (Programs) : 6/36 ~ Scan Hidden Files in 00mn 04s ---\\ Running Processes [MD5.501A13B896B653B38EDAE2E080AEE552] - (.LG Electronics - B2B Notification Agent.) -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe [121936] [PID.1376] [MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.] [MD5.A193F8FDC130D8BA65E444FACD75AB05] - (.Mobile Leader Co.,Ltd. - No comment.) -- C:\WINDOWS\system32\LGScsiCommandService.exe [47616] [PID.] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [322120] [PID.] [MD5.9B2923C59D49672D1205C391A1296525] - (...) -- C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe [91456] [PID.] [MD5.38CB57C6AC08EB796669614D3ABF5075] - (.Motorola - Motorola Phone Service Application.) -- C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnect.exe [279360] [PID.224] [MD5.276AC7BAE1F596A3A1D4B6D43AEF099C] - (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\UTORRENT\utorrent.exe [399736] [PID.1192] [MD5.E83BD12A62FDFBC08DDF1C97AD8651C0] - (.Microsoft Corporation - Windows Media Player.) -- C:\Arquivos de programas\Windows Media Player\wmplayer.exe [73728] [PID.2804] [MD5.FC7C9B4EEAF26B4F59D2AD455FD039B2] - (.Last.fm - Last.fm.) -- C:\Arquivos de programas\Last.fm\LastFM.exe [1155072] [PID.3064] [MD5.11CCA710674739E3DB8F7450A5B650B6] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [924632] [PID.3136] [MD5.0619C9E7A3682C54BD226A831897CD06] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [16856] [PID.344] [MD5.ED570E740CB5E987E8BCDB1EA393C3E2] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [2210304] [PID.320] [MD5.379C7AC3EBCB636ECDB704E188A96A13] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.] ~ Scan Processes Running in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (...) -- C:\Arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll (.not file.) P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gsfs-america.lge.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.5730.13 (longhorn(wmbla).070711-1130)) -- C:\WINDOWS\system32\ieframe.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Scopus Tecnologia Ltda - scpsssh2 Module.) -- C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Media Player Sharing Plugin - {7380C6A8-9ACD-4EBA-8C76-2D170B5C08BB} . (.Unknown owner - Windows Media Player Sharing Plugin.) -- C:\ProgramData\Windows\nporbit.dll O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} Orphean Key O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TwebstBHO Class - {F533E300-85E2-46FA-9CD9-5358BF11EE42} . (.Codecentrix Software - Twebst Library Browser Plugin.) -- C:\ProgramData\Codecentrix\Twebst\TwebstBHO.dll ~ Scan BHO in 00mn 00s ---\\ Internet Explorer toolbars (O3) O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} . (...) -- (.not file.) ~ Scan Toolbar in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [b2B_AGENT] . (.LG Electronics - B2B Notification Agent.) -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1993962763-1715567821-682003330-500\..\Run: [b2B_AGENT] . (.LG Electronics - B2B Notification Agent.) -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe O4 - HKUS\S-1-5-21-1993962763-1715567821-682003330-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Scan Application in 00mn 00s ---\\ Extra items in the IE right-click menu (O8) O8 - Extra context menu item: &Download All using 4shared Desktop - (.not file.) - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\ARQUIV~1\MICROS~1\Office12\EXCEL.exe O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: &Enviar para o OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\WINDOWS\system32\wshbth.dll ~ Scan Winsock in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL="http://www.msn.com" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ Scan IE Paramètres WEB in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} () - http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTextAreaU.cab O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://136.166.4.85:8110/sys/cabfiles/Potential.cab O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://136.166.4.85:8110/sys/cabfiles/MxBinderU.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMenuU.cab O16 - DPF: {46DE705F-D294-4688-A12D-5E06FEFDEE2C} (LocalDBU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLocalDBU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://136.166.4.85:8110/sys/cabfiles/MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-america.lge.com/sys/cabfiles/MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://136.166.4.85:8110/sys/cabfiles/MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://136.166.4.85:8110/sys/cabfiles/MxReportU.cab O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://136.166.4.85:8110/sys/cabfiles/MxRSSAdaptor.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxDataSetU.cab O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMGridU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://136.166.4.85:8110/sys/cabfiles/MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTreeU.cab O16 - DPF: {D14E96C4-2AD2-4954-A242-85CFDA64E0A4} (BinVerCheckAx Control) - http://csmg.lgmobile.com:9002/client/app/BinVerCheckAx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMaskEditU.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://136.166.4.85:8110/sys/cabfiles/MxRadioU.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} . (.Microsoft Corporation - GrooveSystemServices Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} . (.SHIFT Infomation & Communication Co., Ltd. - Prodigy Potential 1.0 070430.) -- C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} . (.SHIFT Infomation & Communication Co., Ltd. - Prodigy Potential 1.0 070430.) -- C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: LMIinit . (.LogMeIn, Inc. - LogMeIn Remote Control Helper.) -- C:\WINDOWS\system32\LMIinit.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Scan Winlogon in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ~ Scan SSODL in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll ~ Scan STS/SSO in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LG SCSI command service (LGScsiCommandService) . (.Mobile Leader Co.,Ltd. - No comment.) - C:\WINDOWS\system32\LGScsiCommandService.exe O23 - Service: MotoConnect Service (MotoConnect Service) . (...) - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s ---\\ O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ Scan Keys in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe ~ Scan Scheduled Task in 00mn 00s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: IE7 Uninstall Stub - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitário de Instalação do Microsoft Windows Media Player.) -- C:\WINDOWS\inf\unregmp2.exe O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Microsoft Corporation - Microsoft® VM.) -- C:\WINDOWS\system32\msjava.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: Microsoft Windows Media Player 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extensão shell da pasta FTP do Microsoft Internet Explorer.) -- C:\WINDOWS\system32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp10.inf O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.1 r102.) -- C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx ~ Scan Active Setup in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys O41 - Driver: (i8042prt) . (.Microsoft Corporation - Driver de porta i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys O41 - Driver: (intelppm) . (.Microsoft Corporation - Driver de dispositivo de processador.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Driver de classe teclado.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys O41 - Driver: (Mouclass) . (.Microsoft Corporation - Driver de classe modem.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys O41 - Driver: (redbook) . (.Microsoft Corporation - Redbook Audio Filter Driver.) - C:\WINDOWS\system32\DRIVERS\redbook.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Driver de dispositivo serial.) - C:\WINDOWS\system32\DRIVERS\serial.sys O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys O41 - Driver: Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) . (.Microsoft Corporation - Winsock2 IFS Layer.) - C:\WINDOWS\system32\drivers\ws2ifsl.sys ~ Scan Drivers in 00mn 00s ---\\ Software installed (O42) O42 - Logiciel: ACDSee - (.Unknown owner.) [HKLM] -- ACDSee O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 9.5.0 - Português - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1046-7B44-A95000000001} O42 - Logiciel: Arquivo do WinRAR - (.Unknown owner.) [HKLM] -- WinRAR archiver O42 - Logiciel: Corona USB Driver - (.LG Electronics.) [HKLM] -- {761C00F8-617F-4A37-AB38-33B4F43A69CA} O42 - Logiciel: FTDI USB Serial Converter Drivers - (.FTDI Ltd.) [HKLM] -- FTDICOMM O42 - Logiciel: Firebird 2.0.3 - (.Firebird Project.) [HKLM] -- FBDBServer_2_0_is1 O42 - Logiciel: GSMULTI V3.0 - (.Unknown owner.) [HKLM] -- GSMULTI O42 - Logiciel: GVS-SC 2.6 - (.Unknown owner.) [HKLM] -- GVS-SC_is1 O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595 O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5 O42 - Logiciel: Infineon USB driver 1.0.0.6 - (.Infineon.) [HKLM] -- Infineon USB driver_is1 O42 - Logiciel: Java 6 Update 21 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216021FF} O42 - Logiciel: LAME v3.98.2 for Audacity - (.Unknown owner.) [HKLM] -- LAME for Audacity_is1 O42 - Logiciel: LEO - (.LEO Download Tool.) [HKLM] -- {1134CD7B-CEC1-4912-A266-35E26A298E7B} O42 - Logiciel: LG Android Driver - (.LG Electronics.) [HKLM] -- {4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB} O42 - Logiciel: LG Bluetooth Drivers - (.LG Electronics.) [HKLM] -- {AC7EE5F1-0DE4-4256-8E43-92B73C8E6019} O42 - Logiciel: LG SP USB Driver - (.LG Electronics.) [HKLM] -- {E2AE8456-CCFE-46C0-8629-71CC507660FC} O42 - Logiciel: LG USB Modem Driver - (.LG Electronics.) [HKLM] -- {C3ABE126-2BB2-4246-BFE1-6797679B3579} O42 - Logiciel: LG USB Modem Driver-MDMS - (.LG Electronics.) [HKLM] -- {4B141C08-51E5-4224-81BD-5FC967195734} O42 - Logiciel: LG United Mobile Driver - (.LG Electronics.) [HKLM] -- {2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA} O42 - Logiciel: LGE GSM Device Driver OMAPV1030 - (.LG Electronics.) [HKLM] -- {C2979637-6A5A-4CF3-876C-AA2F199E3750} O42 - Logiciel: Last.fm 1.5.4.27091 - (.Last.fm.) [HKLM] -- LastFM_is1 O42 - Logiciel: M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1 - (.Softpointer Inc.) [HKLM] -- M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1 O42 - Logiciel: MCCI®Firmware Update Driver for MTK - (.MCCI.) [HKLM] -- {13E92303-C1AC-4012-9E22-54EACBF54888} O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94} O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK - (.Microsoft Corporation.) [HKLM] -- {716E0306-8318-4364-8B8F-0CC4E9376BAC} O42 - Logiciel: MSXML 6.0 Parser (KB933579) - (.Microsoft Corporation.) [HKLM] -- {0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Microsoft.) [HKLM] -- {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} O42 - Logiciel: Microsoft .NET Framework 1.1 - (.Unknown owner.) [HKLM] -- Microsoft .NET Framework 1.1 (1033) O42 - Logiciel: Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack - (.Microsoft.) [HKLM] -- {0CBADDF4-2CF6-4CDB-B4F5-29B8FCA7FE07} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB - (.Microsoft Corporation.) [HKLM] -- {3F31F3B5-C1FF-3708-8611-869DE39C0CB6} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB - (.Microsoft Corporation.) [HKLM] -- {B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE} O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - ptb - (.Microsoft Corporation.) [HKLM] -- {1438B41C-658C-35B7-9253-780F2E0A0B8E} O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1 O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6} O42 - Logiciel: Microsoft .NET Framework 4 Client Profile PTB Language Pack - (.Microsoft Corporation.) [HKLM] -- {20A15757-4AE4-3C82-9711-863C84AFE6AA} O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {0A0CADCF-78DA-33C4-A350-CD51849B9702} O42 - Logiciel: Microsoft .NET Framework 4 Extended PTB Language Pack - (.Microsoft Corporation.) [HKLM] -- {98ADF875-648F-3E73-8F3B-010C2464C948} O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570} O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005 O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 - (.Microsoft Corporation.) [HKLM] -- Wdf01007 O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 - (.Microsoft Corporation.) [HKLM] -- Wdf01009 O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping O42 - Logiciel: Microsoft Office Access MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- ENTERPRISE O42 - Logiciel: Microsoft Office Enterprise 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0030-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00BA-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM] -- PROR O42 - Logiciel: Microsoft Office Professional 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-0014-0000-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Proofing (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft Office Word MUI (Portuguese (Brazil)) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-0416-0000-0000000FF1CE} O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- Wudf01000 O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d} O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475} O42 - Logiciel: Motorola Driver Installation 4.6.5 - (.Motorola Inc..) [HKLM] -- {53454A1C-26F6-4599-A410-847B6AAD0009} O42 - Logiciel: Mozilla Firefox 9.0.1 (x86 pt-BR) - (.Mozilla.) [HKLM] -- Mozilla Firefox 9.0.1 (x86 pt-BR) O42 - Logiciel: Pacote de Driver do Windows - Infineon Technologies (FlashUSB) USB (04/16/2009 1.0.0.6) - (.Infineon Technologies.) [HKLM] -- 7D6D030B3D73FCCA3D4E45319380F315DFBE7A54 O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - ptb O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile PTB Language Pack O42 - Logiciel: Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended PTB Language Pack O42 - Logiciel: PrimoPDF -- brought to you by Nitro PDF Software - (.Nitro PDF Software.) [HKLM] -- PrimoPDF O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {A429C2AE-EBF1-4F81-A221-1C115CAADDAD} O42 - Logiciel: RSD NetConnected 1.13.10 - (.Motorola.) [HKLM] -- {30038D4C-6BB6-470B-AB8D-021297A7C3FB} O42 - Logiciel: SIGEP - (.Unknown owner.) [HKLM] -- {0BA7EABD-ADB9-4E04-BB44-A6A852D1AAB3} O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} O42 - Logiciel: USB Flash Port Driver - (.Infineon Technologies.) [HKLM] -- {065D5505-3821-4C2E-BB6C-FE66A7E7CB4F} O42 - Logiciel: Ultr@VNC Release 1.0.0 RC 18 - Win32 - (.Ultra@VNC.) [HKLM] -- {A8AD990E-355A-4413-8647-A9B168978423}_is1 O42 - Logiciel: VIA Platform Device Manager - (.VIA Technologies, Inc..) [HKLM] -- InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} O42 - Logiciel: VLC media player 1.0.1 - (.VideoLAN Team.) [HKLM] -- VLC media player O42 - Logiciel: WebEx - (.Cisco WebEx LLC.) [HKLM] -- ActiveTouchMeetingClient O42 - Logiciel: Windows Essentials Media Codec Pack 1.0 - (.Media Codec.) [HKLM] -- Windows Essentials Media Codec Pack O42 - Logiciel: Windows Imaging Component - (.Microsoft Corporation.) [HKLM] -- WIC O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7 O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {590035D9-BFA0-406A-A7F0-479C72C0DDB2} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1} O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3 O42 - Logiciel: Windows Live Essentials - (.Microsoft Corporation.) [HKLM] -- {0FFEA8EE-7BC7-4C9D-8CC6-5B8C891BA3F2} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {9ADC3E4F-34DA-48CD-8727-BB26D90257BD} O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11 O42 - Logiciel: Windows Media Format 11 runtime - (.Unknown owner.) [HKLM] -- Windows Media Format Runtime O42 - Logiciel: Windows Media Player 10 - (.Unknown owner.) [HKLM] -- Windows Media Player O42 - Logiciel: Windows XP Hotfix - KB834707 - (.Microsoft Corporation.) [HKLM] -- KB834707 O42 - Logiciel: Windows XP Hotfix - KB884020 - (.Microsoft Corporation.) [HKLM] -- KB884020 O42 - Logiciel: Windows XP Hotfix - KB885626 - (.Microsoft Corporation.) [HKLM] -- KB885626 O42 - Logiciel: Windows XP Hotfix - KB886677 - (.Microsoft Corporation.) [HKLM] -- KB886677 O42 - Logiciel: Windows XP Hotfix - KB887742 - (.Microsoft Corporation.) [HKLM] -- KB887742 O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP O42 - Logiciel: ffdshow [rev 3055] [2009-08-16] - (.Unknown owner.) [HKLM] -- ffdshow_is1 O42 - Logiciel: mRouterRunTime - (.Unknown owner.) [HKLM] -- {A2092B2A-A4FB-4464-A4C0-023D2C9993F8} O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM] -- uTorrent ---\\ HKCU & HKLM Software Keys [HKCU\Software\ACD Systems] [HKCU\Software\Adobe] [HKCU\Software\AnalogX] [HKCU\Software\AnvSoft] [HKCU\Software\AppDataLow\Software\Macromedia] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Audacity] [HKCU\Software\BVRP Software] [HKCU\Software\BearShare] [HKCU\Software\Big Fish Games] [HKCU\Software\BitTorrent] [HKCU\Software\CapeSoft] [HKCU\Software\Classes] [HKCU\Software\Conduit] [HKCU\Software\DVDVideoSoft] [HKCU\Software\ESTsoft] [HKCU\Software\Emulators] [HKCU\Software\Eset] [HKCU\Software\GAP] [HKCU\Software\GNU] [HKCU\Software\Gabest] [HKCU\Software\GbPlugin] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\IM Providers] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\LG Electronics Inc] [HKCU\Software\LG Media Player] [HKCU\Software\LG PC Suite2] [HKCU\Software\Last.fm] [HKCU\Software\Licenses] [HKCU\Software\LizardTech] [HKCU\Software\Local AppWizard-Generated Applications] [HKCU\Software\Logia] [HKCU\Software\LowRegistry] [HKCU\Software\MLSync] [HKCU\Software\Macromedia] [HKCU\Software\MarineCat] [HKCU\Software\Mobisys] [HKCU\Software\Motorola Inc.] [HKCU\Software\Motorola] [HKCU\Software\MozillaPlugins] [HKCU\Software\Mozilla] [HKCU\Software\Mystik Media] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\ORL] [HKCU\Software\Policies] [HKCU\Software\RapidSolution] [HKCU\Software\SSPrint] [HKCU\Software\Seagate Software] [HKCU\Software\Skype] [HKCU\Software\Softpointer] [HKCU\Software\Sysinternals] [HKCU\Software\Trolltech] [HKCU\Software\UpdateStar] [HKCU\Software\WECP] [HKCU\Software\WebEx] [HKCU\Software\Wget] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKCU\Software\system_key] [HKLM\Software\A4 TECH Corporation] [HKLM\Software\ACD Systems] [HKLM\Software\ActiveTouch] [HKLM\Software\Adobe] [HKLM\Software\AdwCleaner] [HKLM\Software\AppDataLow] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Avg] [HKLM\Software\BVRP Software] [HKLM\Software\Babylon] [HKLM\Software\Big Fish Games] [HKLM\Software\C07ft5Y] [HKLM\Software\CDDB] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Conduit] [HKLM\Software\DARUMA] [HKLM\Software\Description] [HKLM\Software\ECT] [HKLM\Software\ESET] [HKLM\Software\ESTsoft] [HKLM\Software\Firebird Project] [HKLM\Software\GAP Informática] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Gemplus] [HKLM\Software\Google] [HKLM\Software\HajeSoft] [HKLM\Software\Hewlett-Packard] [HKLM\Software\IFXApps] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\Intuwave Ltd] [HKLM\Software\Intuwave] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\Kodak] [HKLM\Software\LG Electronics Inc.] [HKLM\Software\LG Electronics] [HKLM\Software\LG HK] [HKLM\Software\LG Line Monitoring] [HKLM\Software\Lame for Audacity] [HKLM\Software\Last.fm] [HKLM\Software\Licenses] [HKLM\Software\LogMeIn, Inc.] [HKLM\Software\Macromedia] [HKLM\Software\MimarSinan] [HKLM\Software\Motorola] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\ORL] [HKLM\Software\Policies] [HKLM\Software\Program Groups] [HKLM\Software\RapidSolution] [HKLM\Software\RegisteredApplications] [HKLM\Software\Schlumberger] [HKLM\Software\Secure] [HKLM\Software\SevenCs] [HKLM\Software\Soeperman Enterprises Ltd.] [HKLM\Software\SoftShape] [HKLM\Software\Swearware] [HKLM\Software\Symbian] [HKLM\Software\TrendMicro] [HKLM\Software\UltraVnc] [HKLM\Software\VIA Technologies, Inc] [HKLM\Software\VideoLAN] [HKLM\Software\WECP] [HKLM\Software\WebEx] [HKLM\Software\WinRAR] [HKLM\Software\Windows 3.1 Migration Status] [HKLM\Software\ZSMC] [HKLM\Software\mozilla.org] ~ Scan Softwares in 00mn 01s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 25/8/2010 - 15:59:58 - [0,011] ----D- C:\Program Files\Common Files O43 - CFD: 14/8/2009 - 13:07:42 - [0,216] ----D- C:\Program Files\DWD O43 - CFD: 13/7/2011 - 11:19:52 - [0] ----D- C:\Program Files\LizardTech O43 - CFD: 25/8/2010 - 15:59:58 - [0,011] ----D- C:\Program Files\Common Files\Motorola Shared O43 - CFD: 28/2/2011 - 19:35:56 - [5,436] ----D- C:\ProgramData\Codecentrix O43 - CFD: 1/3/2011 - 07:54:28 - [2,062] ----D- C:\ProgramData\Windows O43 - CFD: 2/1/2012 - 13:36:48 - [4,469] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Adobe O43 - CFD: 3/1/2012 - 14:17:30 - [0,018] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\AnvSoft O43 - CFD: 16/10/2009 - 14:53:34 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Apple Computer O43 - CFD: 4/10/2009 - 16:28:00 - [0,001] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Audacity O43 - CFD: 10/10/2011 - 12:41:32 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon O43 - CFD: 10/10/2011 - 12:42:28 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\BabylonToolbar O43 - CFD: 29/11/2011 - 13:32:32 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\dvdcss O43 - CFD: 2/1/2012 - 16:12:34 - [0,029] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\DVDVideoSoft O43 - CFD: 12/10/2009 - 12:25:38 - [0,001] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Enki Games O43 - CFD: 28/7/2011 - 18:02:32 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\ESTsoft O43 - CFD: 24/10/2010 - 18:24:34 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Google O43 - CFD: 29/9/2010 - 17:09:54 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Help O43 - CFD: 5/8/2009 - 14:33:26 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Identities O43 - CFD: 12/12/2011 - 11:23:46 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield O43 - CFD: 12/1/2012 - 09:36:58 - [0,002] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\LG Electronics O43 - CFD: 19/1/2011 - 10:02:42 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Logia O43 - CFD: 5/8/2009 - 21:21:28 - [2,782] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Macromedia O43 - CFD: 19/1/2012 - 13:18:06 - [0] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic O43 - CFD: 6/9/2011 - 17:02:34 - [11,048] -S--D- C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft O43 - CFD: 4/10/2009 - 09:46:24 - [24,601] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla O43 - CFD: 13/10/2011 - 08:14:34 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Philipp Winterberg O43 - CFD: 21/11/2011 - 16:07:58 - [0,001] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\PrimoPDF O43 - CFD: 1/4/2010 - 12:54:16 - [5,172] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\RemoteScanClient O43 - CFD: 9/7/2011 - 08:53:10 - [0,091] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\ScummVM O43 - CFD: 9/11/2009 - 06:50:08 - [0,209] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM O43 - CFD: 21/4/2010 - 17:35:22 - [15,732] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\Sun O43 - CFD: 21/1/2012 - 12:09:56 - [2,978] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent O43 - CFD: 18/1/2012 - 10:11:16 - [0,495] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\vlc O43 - CFD: 5/1/2012 - 17:02:52 - [0,199] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\webex O43 - CFD: 11/8/2009 - 19:51:20 - [0,000] ----D- C:\Documents and Settings\Administrador\Dados de aplicativos\WinRAR O43 - CFD: 16/1/2012 - 10:12:56 - [0,312] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe O43 - CFD: 15/10/2009 - 20:20:18 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Apple O43 - CFD: 15/10/2009 - 20:19:54 - [0,009] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Apple Computer O43 - CFD: 5/8/2009 - 14:33:48 - [0,001] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\ApplicationHistory O43 - CFD: 10/10/2011 - 12:41:34 - [3,853] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon O43 - CFD: 2/11/2010 - 07:21:54 - [0,021] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit O43 - CFD: 9/10/2009 - 23:12:26 - [0,030] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Cooliris O43 - CFD: 30/12/2011 - 08:49:02 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\CrashRpt O43 - CFD: 9/2/2011 - 16:19:42 - [0,406] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Downloaded Installations O43 - CFD: 3/5/2010 - 07:05:20 - [1,799] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\ESET O43 - CFD: 29/10/2010 - 15:05:38 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google O43 - CFD: 29/9/2010 - 17:09:54 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Help O43 - CFD: 8/8/2009 - 11:18:28 - [0,508] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Identities O43 - CFD: 16/1/2012 - 14:51:50 - [2,558] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Last.fm O43 - CFD: 12/12/2011 - 11:17:46 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\LG Electronics O43 - CFD: 17/11/2011 - 12:26:20 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\LogMeIn O43 - CFD: 3/1/2012 - 09:56:10 - [1010,521] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft O43 - CFD: 4/2/2011 - 20:45:50 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft Help O43 - CFD: 4/10/2009 - 09:46:18 - [43,259] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla O43 - CFD: 30/12/2011 - 08:07:08 - [3,844] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution O43 - CFD: 30/10/2010 - 21:01:32 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Temp O43 - CFD: 7/7/2010 - 21:30:18 - [0] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\WMTools Downloaded Files ~ Scan Program Folder in 00mn 02s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.C94CC1BE7B90899283EFDA1005859F2D] - 11/1/2012 - 09:44:47 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1231968] O44 - LFC:[MD5.AE6C951843D7B799D49CEFBD78E1C2D7] - 11/1/2012 - 09:44:47 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [85958] O44 - LFC:[MD5.A04845B540AA6DED6429F62BD29BF903] - 11/1/2012 - 09:44:47 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [498440] O44 - LFC:[MD5.FC79F6F320A412C29DF57BC832B18F9C] - 11/1/2012 - 09:44:48 ---A- . (...) -- C:\WINDOWS\system32\perfc016.dat [96030] O44 - LFC:[MD5.622E04EB94433BCE658F9A12E0CFC30B] - 11/1/2012 - 09:44:48 ---A- . (...) -- C:\WINDOWS\system32\perfh016.dat [532854] O44 - LFC:[MD5.CB4FA8D8FC6FAB1C4290E3B75A57611A] - 11/1/2012 - 13:09:20 ---A- . (...) -- C:\Modelo OS Manual.xls [25088] O44 - LFC:[MD5.453DEB856E618BAA252BC56F871B1CAE] - 16/1/2012 - 07:14:22 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2184] O44 - LFC:[MD5.9CC662191CB8A386C894FAC4DDF31A64] - 18/1/2012 - 09:17:21 ---A- . (...) -- C:\BROM_DLL.log [190914] O44 - LFC:[MD5.8900BCA647073A7E6CC52D3405D90DD3] - 18/1/2012 - 09:17:21 ---A- . (...) -- C:\META_DLL.log [1495738] O44 - LFC:[MD5.776004B623AC11B58567D2208D709FFA] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software - Crpaig80.) -- C:\WINDOWS\system32\Crpaig80.dll [618496] O44 - LFC:[MD5.B4E01ADBACAAA4932ACE0A45E5553C63] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports 32-bit Physical Server Quer.) -- C:\WINDOWS\system32\p3lorpt.dll [24576] O44 - LFC:[MD5.39B386BA091FDA8B94ADF219D962E8F1] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Database DLL for B.) -- C:\WINDOWS\system32\p3dbtpt.dll [32768] O44 - LFC:[MD5.D8848D23DA3805E958BCA91DF88D422A] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Database DLL for D.) -- C:\WINDOWS\system32\p2bbnd.dll [23040] O44 - LFC:[MD5.1C94780CDF911F40F0CFD710B3DEFFF3] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Database DLL for M.) -- C:\WINDOWS\system32\p2bdao.dll [94208] O44 - LFC:[MD5.46F26B99ADB8EF6757E7281171B7A058] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Dictionary DLL for.) -- C:\WINDOWS\system32\p2ctdao.dll [53248] O44 - LFC:[MD5.074F0B625ED3DAC1958331162DE91BA9] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Dictionary DLL for.) -- C:\WINDOWS\system32\p3tbtpt.dll [32768] O44 - LFC:[MD5.140B755D3137566A0387AEEFC399A029] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Directory DLL for.) -- C:\WINDOWS\system32\p2irdao.dll [65536] O44 - LFC:[MD5.A5A1B5B0395CEAB653BA003DAD9273DD] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Mic.) -- C:\WINDOWS\system32\p3lsqpt.dll [24576] O44 - LFC:[MD5.157DABB1899A1961FA4A88AB5D2ADCCA] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for ODB.) -- C:\WINDOWS\system32\p2sodbc.dll [286720] O44 - LFC:[MD5.15CD6F6FFF8B4480F9D801D5F7B39224] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for ODB.) -- C:\WINDOWS\system32\p3lifpt.dll [24576] O44 - LFC:[MD5.B38253BC2E2686C94B70B32217AE792D] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server Query DLL f.) -- C:\WINDOWS\system32\p3ld2pt.dll [20480] O44 - LFC:[MD5.1031C21A243534D9CC4D88BE0206A22B] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software Information Management Gro - Seagate Crystal Reports Physical Database D.) -- C:\WINDOWS\system32\p3datpt.dll [11776] O44 - LFC:[MD5.F4968F24AEA6018889F5D23F46D28010] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc - Active Data Reporting DLL for Crystal Repor.) -- C:\WINDOWS\system32\P2smon.dll [163840] O44 - LFC:[MD5.4E29F78E4768B786E25C9DA4FA72EFC2] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc. - Crystal Reports Physical Database DLL for x.) -- C:\WINDOWS\system32\p3ixbpt.dll [28672] O44 - LFC:[MD5.D1160C0F5BCE56EB81757FAB331DF203] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc. - Crystal Reports Physical Server DLL for ODB.) -- C:\WINDOWS\system32\p3lodpt.dll [24576] O44 - LFC:[MD5.45A985AB772F810366F108D2A789F1DC] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc. - Crystal Reports Print Engine.) -- C:\WINDOWS\system32\crpe32.dll [4587577] O44 - LFC:[MD5.0F46E7A5E3B4CD2441B946C0C5EBDD9F] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc. - HTML translator DLL for Crystal Reports.) -- C:\WINDOWS\system32\exlate32.dll [663609] O44 - LFC:[MD5.6C61FD28D6434F55BC15A08E82D95654] - 18/1/2012 - 10:10:40 ---A- . (.Seagate Software, Inc. - Seagate Crystal Reports Physical Database D.) -- C:\WINDOWS\system32\p3dxbpt.dll [28672] O44 - LFC:[MD5.9A595A9D3FB5F0B93AD8E8C006A8613F] - 18/1/2012 - 10:10:40 ---A- . (.Three |D| Graphics, Inc. - Chart Engine DLL.) -- C:\WINDOWS\system32\sscsdk80.dll [1163264] O44 - LFC:[MD5.7CFC06A4F2252CEDF566FD78C2F733B4] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Inc. - Crystal Reports Physical Server DLL for Syb.) -- C:\WINDOWS\system32\p2ssyb10.dll [159744] O44 - LFC:[MD5.B9933173E36B798571D1DE34E50D9463] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Inc. - Seagate Crystal Reports Physical Server DLL.) -- C:\WINDOWS\system32\p3sstpt.dll [40960] O44 - LFC:[MD5.59251917834D2A1CBBAF2722A8CDB26E] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - 32-bit UFL to calculate financial ratios.) -- C:\WINDOWS\system32\u3lfrpt.dll [24576] O44 - LFC:[MD5.7FD15DE74B51DFAEBA6E348D8BAA524D] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Application Export Destination DLL for Seag.) -- C:\WINDOWS\system32\u2dapp.dll [28672] O44 - LFC:[MD5.1BB71E378BFF0F597EFDAA8A79CE8F6E] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Application Export Destination DLL for Seag.) -- C:\WINDOWS\system32\x3dappt.dll [20480] O44 - LFC:[MD5.9BC06E563FDBA82EDC4DBE5736E27BD6] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Database DLL for B.) -- C:\WINDOWS\system32\p2bbtrv.dll [77824] O44 - LFC:[MD5.69838BD5CD455E35A54CB166A23124B2] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Dictionary DLL for.) -- C:\WINDOWS\system32\p2ctbtrv.dll [53248] O44 - LFC:[MD5.CA23F95637C5E8D9A671ABDC07477497] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Lot.) -- C:\WINDOWS\system32\p3slnpt.dll [32768] O44 - LFC:[MD5.F426675015E988ADC7AE42B17C86AA44] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Mic.) -- C:\WINDOWS\system32\p3ssqpt.dll [40960] O44 - LFC:[MD5.B11CA01AB8996CDB00CFFE4A1B860673] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Ora.) -- C:\WINDOWS\system32\p3so7pt.dll [40960] O44 - LFC:[MD5.23F8A8CA28A7C94ED59E2D1739563CC1] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Syb.) -- C:\WINDOWS\system32\p3lsypt.dll [24576] O44 - LFC:[MD5.767D452F36985228FCF52FF736908B67] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - DIF Export Format DLL for Seagate Crystal R.) -- C:\WINDOWS\system32\x3fdfpt.dll [20480] O44 - LFC:[MD5.765AA344F34066CA101E2B90D1F6EF11] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Database DLL for ACT! 3 databases..) -- C:\WINDOWS\system32\p3ra3pt.dll [15360] O44 - LFC:[MD5.1683E9EFCDD9621B8792B0EC2985CC52] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Disk Export Destination DLL for Seagate Cry.) -- C:\WINDOWS\system32\x3ddkpt.dll [20480] O44 - LFC:[MD5.80F8EA2B47200B0AC35886EFB3F38598] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Excel Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\x3fxlpt.dll [24576] O44 - LFC:[MD5.3C2FE1129DB90D49E98B047A10642C0B] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - HTML Format DLL for Seagate Crystal Reports.) -- C:\WINDOWS\system32\x3fhtpt.dll [24576] O44 - LFC:[MD5.846A96602A11CDAC21CBCDE4F2EC579C] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Lotus Domino Export Destination DLL for Sea.) -- C:\WINDOWS\system32\u2dnotes.dll [53248] O44 - LFC:[MD5.74EED8DE3CE333EF520803308B304F5E] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Lotus Domino Export Destination DLL for Sea.) -- C:\WINDOWS\system32\x3dntpt.dll [20480] O44 - LFC:[MD5.64DC0300D3DB3CD2699C67B50F097249] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Lotus WK? Export Format DLL for Seagate Cry.) -- C:\WINDOWS\system32\u2fwks.dll [40960] O44 - LFC:[MD5.1588E89C7C70DDA8D6FC041E4989A2A1] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Lotus WK? Export Format DLL for Seagate Cry.) -- C:\WINDOWS\system32\x3fwkpt.dll [20480] O44 - LFC:[MD5.D28F6938EFFBE42A56692371389B48E8] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - MAPI Export Destination DLL for Seagate Cry.) -- C:\WINDOWS\system32\u2dmapi.dll [40960] O44 - LFC:[MD5.B049948C3B35966321DED4A1C4F406D6] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - MAPI Export Destination DLL for Seagate Cry.) -- C:\WINDOWS\system32\x3dmppt.dll [20480] O44 - LFC:[MD5.4D98D214393932589B9B81CC9DD311CA] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - ODBC Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\x3fodpt.dll [20480] O44 - LFC:[MD5.B2C7CFE0B8EF5BBBE9342C156041C6BA] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - P2SACL.) -- C:\WINDOWS\system32\p3sacpt.dll [19968] O44 - LFC:[MD5.DEED455ADE43CA5750CD84348F003C89] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - P2SExSr.) -- C:\WINDOWS\system32\p3sxspt.dll [22016] O44 - LFC:[MD5.56A2085081421C5C35EDA1A31066CC6C] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - P2SOutlk.) -- C:\WINDOWS\system32\p3soupt.dll [73728] O44 - LFC:[MD5.7E6A7A23D6A59833880EA34762C05B78] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - P2SREPL.) -- C:\WINDOWS\system32\p3srppt.dll [19456] O44 - LFC:[MD5.195BAE1D392CA630848D9B7D3E41C987] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - P2STrack.) -- C:\WINDOWS\system32\p3stkpt.dll [20480] O44 - LFC:[MD5.E160EFDCB3AF6AAFD95BCEEE75C0ECDF] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - PDSMAPI.) -- C:\WINDOWS\system32\p3smppt.dll [18432] O44 - LFC:[MD5.BE877D406EAAA24BD5DC8A5BA4AC0EEE] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Portable Document Format DLL for Crystal Re.) -- C:\WINDOWS\system32\crxf_pdf.dll [270336] O44 - LFC:[MD5.AB857B089E0C508C369E668F707C2468] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Records Export Format DLL for Seagate Cryst.) -- C:\WINDOWS\system32\x3frcpt.dll [20480] O44 - LFC:[MD5.1AD596F12E84640784BA1DC21ABF0168] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Report Definition DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2frdef.dll [65536] O44 - LFC:[MD5.91608C990509769C10C5F17BA972BDC5] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Report Definition DLL for Crystal Reports.) -- C:\WINDOWS\system32\x3frdpt.dll [28672] O44 - LFC:[MD5.108B6FC5AF018BC6DBE1A938E10E6D25] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Report Export Format DLL for Seagate Crysta.) -- C:\WINDOWS\system32\x3fcrpt.dll [20480] O44 - LFC:[MD5.46CF9C681424B8791A2354EAE54090D5] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Rich Text Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\x3frtpt.dll [20480] O44 - LFC:[MD5.7C140DDCF8825F4EB5C5B976B896CD52] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Rich Text and MSWord Format DLL for Crystal.) -- C:\WINDOWS\system32\crxf_rtf.dll [200755] O44 - LFC:[MD5.738CC2AD1153B96A446943FEB658371F] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Seagate Crystal Reports Physical Database D.) -- C:\WINDOWS\system32\p3da3pt.dll [15360] O44 - LFC:[MD5.8F751CC2D769767E5B424CEAEE3B5CF3] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Seagate Crystal Reports Physical Directory.) -- C:\WINDOWS\system32\p3ratpt.dll [4608] O44 - LFC:[MD5.639CADF65346676941732A4FD0E88C43] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Seagate Crystal Reports Physical Server DLL.) -- C:\WINDOWS\system32\p3sd2pt.dll [36864] O44 - LFC:[MD5.918BB084880F5914BB0D71DB08F45023] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Separated-Values Export Format DLL for Seag.) -- C:\WINDOWS\system32\u2fsepv.dll [36864] O44 - LFC:[MD5.3C6EB470F9AB817F325F6A9AF59A9B2E] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Separated-Values Export Format DLL for Seag.) -- C:\WINDOWS\system32\x3fsvpt.dll [20480] O44 - LFC:[MD5.D443D356B32C106F94CFD07CE914620C] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Text Export Format DLL for Seagate Crystal.) -- C:\WINDOWS\system32\x3ftxpt.dll [20480] O44 - LFC:[MD5.74DE95C65B1BD6ECDCF04DB1A054C758] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - UXDPOST.) -- C:\WINDOWS\system32\u2dpost.dll [102400] O44 - LFC:[MD5.91E2643CB03F844085954D39CF47C394] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - UXDPOST.) -- C:\WINDOWS\system32\x3dptpt.dll [24576] O44 - LFC:[MD5.AEAB5EF33FBB341B583EA84052210401] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - VIM Export Destination DLL for Seagate Crys.) -- C:\WINDOWS\system32\u2dvim.dll [57344] O44 - LFC:[MD5.962989006DE13ACD43B84FCD89A7045D] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - VIM Export Destination DLL for Seagate Crys.) -- C:\WINDOWS\system32\x3dvmpt.dll [24576] O44 - LFC:[MD5.09E1A3DBC16C681881B64F72424FBFB9] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software Information Management Gro - Word for Windows Export Format DLL for Crys.) -- C:\WINDOWS\system32\x3fwdpt.dll [20480] O44 - LFC:[MD5.88DE399DBBCA26BE5F881C015573DEB6] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc - Resource DLL for p2sfs.) -- C:\WINDOWS\system32\p3sfspt.dll [32768] O44 - LFC:[MD5.C7CE6B62CC9E0E3570C7375DCAF3FBF4] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc - Resource DLL for p2soledb.) -- C:\WINDOWS\system32\p3solpt.dll [45056] O44 - LFC:[MD5.8D742337A50CCAF205AD3674AE245BC3] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Crystal Reports Physical Database DLL for x.) -- C:\WINDOWS\system32\p2bxbse.dll [249856] O44 - LFC:[MD5.F248BF12278C699FE32CD65AB791C682] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - DIF Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2fdif.dll [36864] O44 - LFC:[MD5.3461560181CA480790BCC6C1AA3AD2BA] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Disk Export Destination DLL for Crystal Rep.) -- C:\WINDOWS\system32\u2ddisk.dll [28672] O44 - LFC:[MD5.BC1405804C2BA8C0A642BD4462141486] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Excel Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2fxls.dll [212992] O44 - LFC:[MD5.53A2AADC2CA0107D3698FD988ECFF461] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - HTML Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2fhtml.dll [45056] O44 - LFC:[MD5.3266F0C082873F792EB34B6763578694] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - ODBC Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2fodbc.dll [49152] O44 - LFC:[MD5.2779D4B5FB0AB63B70AB66572061D72E] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Records Export Format DLL for Crystal Repor.) -- C:\WINDOWS\system32\u2frec.dll [36864] O44 - LFC:[MD5.070DA7909880016173F88891E538CC8C] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Report Export Format DLL for Crystal Report.) -- C:\WINDOWS\system32\u2fcr.dll [28672] O44 - LFC:[MD5.FA8E1DCBFF65499FF3463D37E26E8AF5] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Sample User Function Library.) -- C:\WINDOWS\system32\u3ls1pt.dll [20480] O44 - LFC:[MD5.C2119C88879F1BEAEFDCBA5B0869FD1B] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Seagate Crystal Reports ToWords DLL.) -- C:\WINDOWS\system32\Crxlat32.dll [24576] O44 - LFC:[MD5.C1D4A54D897BB8944B4ECB6255DA6221] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Text Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2ftext.dll [90112] O44 - LFC:[MD5.5D7CE7EB07B9DCDA4CA088B9F54CA121] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - UF5 to convert 20th century dates to 21st c.) -- C:\WINDOWS\system32\u3520pt.dll [20480] O44 - LFC:[MD5.E6CEB926223E35253F73F2DF94B0FDA8] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - UFL to convert 20th century dates to 21st c.) -- C:\WINDOWS\system32\u3l20pt.dll [20480] O44 - LFC:[MD5.827C25A7333B64A5501C0EEADE376F4F] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - User Function Library for Exchange.) -- C:\WINDOWS\system32\u3lxcpt.dll [20480] O44 - LFC:[MD5.B7D896CD4F24E19BDB345E87253C02CD] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - Word for Windows Export Format DLL for Crys.) -- C:\WINDOWS\system32\u2fwordw.dll [106496] O44 - LFC:[MD5.D9FE72D14436C02B1541E8F37D3360D1] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Inc. - XML Export Format DLL for Crystal Reports.) -- C:\WINDOWS\system32\u2fxml.dll [225280] O44 - LFC:[MD5.0B84473496EE3B0340C5F839BC545B81] - 18/1/2012 - 10:10:41 ---A- . (.Seagate Software, Information Management Gr - Seagate Crystal Reports Physical Server DLL.) -- C:\WINDOWS\system32\p3sifpt.dll [36864] O44 - LFC:[MD5.67F8EBB7323E3B41ECD94F8D2F9FEA3A] - 18/1/2012 - 10:10:41 ---A- . (.Unknown owner - ExportModeller Module.) -- C:\WINDOWS\system32\ExportModeller.dll [307200] O44 - LFC:[MD5.0CECA859D2CACBA3B99F24B16D900DCB] - 18/1/2012 - 10:10:41 ---A- . (.Unknown owner - P2SMCUBE DLL.) -- C:\WINDOWS\system32\p3smcpt.dll [45056] O44 - LFC:[MD5.3ACE4426C22FE43DD8BA4B6F90A40D87] - 18/1/2012 - 10:10:41 ---A- . (.Unknown owner - PdmOlap DLL.) -- C:\WINDOWS\system32\P3moppt.dll [49152] O44 - LFC:[MD5.778F695B82F95576834C4EE81EFB20F5] - 18/1/2012 - 10:10:41 ---A- . (.Unknown owner - PdsOlap DLL.) -- C:\WINDOWS\system32\P3soppt.dll [49152] O44 - LFC:[MD5.3D396B1901FB140118AD8A5FFF62E413] - 18/1/2012 - 10:10:41 ---A- . (.Unknown owner - TSLV Module.) -- C:\WINDOWS\system32\crtslv.dll [49223] O44 - LFC:[MD5.DB82C5A1BFF42D3182EC8DD6D0B18F97] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports 32-bit Physical Server Quer.) -- C:\WINDOWS\system32\p2lora7.dll [98304] O44 - LFC:[MD5.0B42A527EB8F49CF4B792BA226F76DDF] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for DB2.) -- C:\WINDOWS\system32\p2sdb2.dll [167936] O44 - LFC:[MD5.F33D8B940EAC6F442A445FF912FD805E] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Mic.) -- C:\WINDOWS\system32\P2lsql.dll [98304] O44 - LFC:[MD5.1BA9B82E94C25872D205632F596A8973] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Mic.) -- C:\WINDOWS\system32\p2ssql.dll [168000] O44 - LFC:[MD5.DF3C03A7F9E16B86644702BDC1F1A67C] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for ODB.) -- C:\WINDOWS\system32\P2LIFMX.dll [90112] O44 - LFC:[MD5.047F993D3589DB19428A993165EAEFEB] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Ora.) -- C:\WINDOWS\system32\p2sora7.dll [167936] O44 - LFC:[MD5.A2EB1127F5F4492C2DCDF5B3234B130B] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server DLL for Syb.) -- C:\WINDOWS\system32\P2lsyb10.dll [155648] O44 - LFC:[MD5.C7F48395B41D85E72497570D64FC3AA3] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software Information Management Gro - Crystal Reports Physical Server Query DLL f.) -- C:\WINDOWS\system32\P2ldb2.dll [102400] O44 - LFC:[MD5.6219B86BFEA50D5F71ADB21D4BD72334] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software, Inc - Crystal Reports Database DLL for File Syste.) -- C:\WINDOWS\system32\p2sfs.dll [77824] O44 - LFC:[MD5.ED3422A5BC2A2D2A34F9EA95326B1E5C] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software, Inc - Crystal Reports OLE DB Database Driver DLL.) -- C:\WINDOWS\system32\p2soledb.dll [204800] O44 - LFC:[MD5.7AEF3942EF1EC479FF8775A78EC114DA] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software, Inc. - Crystal Reports Physical Database DLL for x.) -- C:\WINDOWS\system32\p2ixbse.dll [245760] O44 - LFC:[MD5.E76D2877ECB5328EBC26A8073B779A3A] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software, Inc. - Crystal Reports Physical Server DLL for ODB.) -- C:\WINDOWS\system32\p2lodbc.dll [131072] O44 - LFC:[MD5.AA60496FB026DBFC208A56FD2EDDF3B3] - 18/1/2012 - 10:10:42 ---A- . (.Seagate Software, Information Management Gr - Crystal Reports Physical Server DLL for Inf.) -- C:\WINDOWS\system32\p2sifmx.dll [167936] O44 - LFC:[MD5.069BD5532BEBEBF2C39D58753492BCA7] - 18/1/2012 - 10:10:42 ---A- . (.Unknown owner - P2SMCUBE DLL.) -- C:\WINDOWS\system32\p2smcube.dll [299008] O44 - LFC:[MD5.DC2CC5615AB3037F078EAA7FD60A9B9F] - 18/1/2012 - 10:10:42 ---A- . (.Unknown owner - PdmOlap DLL.) -- C:\WINDOWS\system32\p2molap.dll [282624] O44 - LFC:[MD5.6E5C62A9128287BF1E7E16568ACCF6CC] - 18/1/2012 - 10:10:42 ---A- . (.Unknown owner - PdsOlap DLL.) -- C:\WINDOWS\system32\p2solap.dll [270336] O44 - LFC:[MD5.069F669FD9A1B11D3E0DBBC3FC229CAF] - 18/1/2012 - 10:10:42 R--A- . (.Seagate Software, Inc. - Crystal Reports ActiveX Control.) -- C:\WINDOWS\system32\Crystl32.OCX [847324] O44 - LFC:[MD5.50FE4D25F8F15E8159FFA662625F3787] - 18/1/2012 - 10:10:43 ---A- . (.ECT - No comment.) -- C:\WINDOWS\system32\Registry121.dll [49152] O44 - LFC:[MD5.8C7E66A21C1C0C84F774027A63815A20] - 18/1/2012 - 10:12:37 ---A- . (...) -- C:\WINDOWS\system32\FNTCACHE.DAT [272576] O44 - LFC:[MD5.9AB2EFFD1E6BD62A2E24B7458F93BB7F] - 19/1/2012 - 13:57:32 ---A- . (...) -- C:\WINDOWS\system32\lgAxconfig.ini [2411] O44 - LFC:[MD5.6DAE1A76920C9F79DD3656397E520DBC] - 2/1/2012 - 16:59:34 ---A- . (...) -- C:\Android Hard Reset Motorola.txt [2526] O44 - LFC:[MD5.9A2347903D6EDB84C10F288BC0578C1C] - 20/1/2012 - 09:05:03 ---A- . (.Trend Micro Inc. - HijackThis.) -- C:\HiJackThis.exe [388608] O44 - LFC:[MD5.753BC16326FEE4A421ACB636CCD602F4] - 20/1/2012 - 17:20:42 ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [60416] O44 - LFC:[MD5.A46842C9B0C567A5A9584E83A163560C] - 20/1/2012 - 17:20:42 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [518144] O44 - LFC:[MD5.0297C72529807322B152F517FDB0A9FC] - 20/1/2012 - 17:20:42 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [406528] O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 20/1/2012 - 17:20:42 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480] O44 - LFC:[MD5.28E131D405455B6E4653F6AFC1708A2B] - 20/1/2012 - 17:23:20 RSHA- . (...) -- C:\boot.ini [327] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 20/1/2012 - 17:32:16 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.078D316FA0D42066DE885E9FC8078146] - 20/1/2012 - 17:36:00 ---A- . (...) -- C:\ComboFix.txt [23156] O44 - LFC:[MD5.F3CC17C74312032BF1EF1813ABCCFA75] - 20/1/2012 - 17:39:41 ---A- . (...) -- C:\hijackthis.log [8353] O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 21/1/2012 - 06:25:49 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048] O44 - LFC:[MD5.98A176C1382E7A6C7FA4C1E83F60FF54] - 21/1/2012 - 06:26:55 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [9073] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\balcao.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\cadastro.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\comissao.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\dados.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\estoque.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\funcoes.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\imprfisc.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\imprtef.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\nfiscal.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\osmot.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\relatorios.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\ssam.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\tabelas.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\tarefas.INI [32] O44 - LFC:[MD5.6DA9EB0D97ECB8CF03B76CB50FEE743F] - 21/1/2012 - 09:28:45 ---A- . (...) -- C:\WINDOWS\vendas.INI [32] O44 - LFC:[MD5.B8647A6917CEEB9FF5CF5FB42AF825BD] - 21/1/2012 - 10:49:04 ---A- . (...) -- C:\WINDOWS\wmsetup.log [1631] O44 - LFC:[MD5.3FA6EEA0939C5E65B12FA5194618CD26] - 21/1/2012 - 11:53:44 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664] O44 - LFC:[MD5.4B049439DFB0DBDBAB8F66DA0B98B103] - 21/1/2012 - 12:03:45 ---A- . (...) -- C:\AdwCleaner[R1].txt [12709] O44 - LFC:[MD5.83153070BA06DF0E19395E3197309BA8] - 24/9/1998 - 13:03:30 ---A- . (...) -- C:\WINDOWS\system32\Odbcjet.cnt [7348] O44 - LFC:[MD5.9793ADBD11FD0E8D1DEED0F2B680410B] - 24/9/1998 - 13:03:30 ---A- . (...) -- C:\WINDOWS\system32\Odbcjet.hlp [171967] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 26/6/2011 - 03:45:56 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000] O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 3/8/2004 - 23:00:16 RSHA- . (...) -- C:\cmldr [261856] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 30/8/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 30/8/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 30/8/2000 - 21:00:00 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 7/11/2010 - 14:20:24 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896] O44 - LFC:[MD5.79996D6353035844A6A2664D6CC72EB5] - 8/11/1998 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\u2lbar.dll [40960] O44 - LFC:[MD5.291D27C678AC34F463CE7A1CD3B98700] - 30/12/2011 - 08:36:14 ---A- . (...) -- C:\WINDOWS\system32\spupdsvc.inf [218] O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 22/11/2011 - 08:01:35 ---A- . (...) -- C:\Boot.bak [211] O44 - LFC:[MD5.5FCE1E7D097A14B1F3D5C714FF64C4C8] - 25/10/2000 - 17:15:00 ---A- . (...) -- C:\WINDOWS\system32\implode.dll [17920] ~ Scan Files in 00mn 15s ---\\ Export authorized application key (O47) O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\UltraVNC\winvnc.exe" [Enabled] .(.UltraVNC - VNC server for Win32.) -- C:\Arquivos de programas\UltraVNC\winvnc.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Motorola\MotoConnect\SWDL.exe" [Enabled] .(.Motorola - No comment.) -- C:\Arquivos de programas\Motorola\MotoConnect\SWDL.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" [Enabled] .(...) -- C:\Arquivos de programas\VideoLAN\VLC\vlc.exe O47 - AAKE:Key Export SP - "C:\GVS\GVS.exe" [Enabled] .(.GAP Informatica - GAP Virtual Service.) -- C:\GVS\GVS.exe O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dllhost.exe" [Enabled] .(.Microsoft Corporation - COM Surrogate.) -- C:\WINDOWS\system32\dllhost.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office Groove.) -- C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.exe O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" [Enabled] .(.Microsoft Corporation - Microsoft Office OneNote.) -- C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.exe O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation - Gerenciador de sessão de ajuda de área de trabalho remota da Microsoft®.) -- C:\WINDOWS\system32\sessmgr.exe O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe ~ Scan Keys in 00mn 00s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Mecanismo cliente do 'Editor de configuração de segurança Windows'.) -- C:\WINDOWS\system32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll ~ Scan Keys in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - NT Disk Manager I/O Driver.) -- C:\WINDOWS\system32\Drivers\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Driver de filtro do sistema de arquivos da restauração do sistema.) -- C:\WINDOWS\system32\Drivers\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - Kernel Mode Driver Framework Runtime.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys ~ Scan CSB in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ Scan IFEO in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) (None) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec de áudio DSP Group TrueSpeech para MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (...) -- (.not file.) O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (...) -- C:\WINDOWS\system32\ff_vfw.dll O52 - TDSD: \Drivers32\"msacm.avis"="ff_acm.acm" . (.Unknown owner - ffdshow Audio Decoder.) -- C:\WINDOWS\system32\ff_acm.acm O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax O52 - TDSD: \drivers.desc\"ir50_32.dll"="Indeo® video 5.10" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC3 ACM Decompressor" . (...) -- (.not file.) O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (...) -- C:\WINDOWS\system32\ff_vfw.dll O52 - TDSD: \drivers.desc\"ff_acm.acm"="ffdshow ACM codec" . (.Unknown owner - ffdshow Audio Decoder.) -- C:\WINDOWS\system32\ff_acm.acm ~ Scan Keys in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe O53 - SMSR:HKLM\...\startupreg\B2BFileUpdate_AGENT [Key] . (.LG Electronics - B2BFileUpdateAgent LGMobile Application.) -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\B2B_Client\LiveUpdateAgent\B2BFileUpdateAgent.exe O53 - SMSR:HKLM\...\startupreg\B2C_AGENT [Key] . (.LG Electronics - B2C NotiAgent MFC ?? ????.) -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe O53 - SMSR:HKLM\...\startupreg\BigDog303 [Key] . (.Vimicro - Vimicro.) -- C:\WINDOWS\VM303_STI.exe O53 - SMSR:HKLM\...\startupreg\ctfmon.exe [Key] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O53 - SMSR:HKLM\...\startupreg\GrooveMonitor [Key] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\qttask.exe O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe ~ Scan SMSR Keys in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Cliente DPA para plataformas de 32 bits.) -- C:\WINDOWS\system32\msapsspc.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Digest SSPI Authentication Package.) -- C:\WINDOWS\system32\digest.dll ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "NoInternetOpenWith"=1 O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0 ~ Scan Keys in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceClassicControlPanel"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=323 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0 ~ Scan Keys in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.A9A124C15B5F2FE1FFD1EA238BD5AEED] - 19/11/2009 - 12:14:53 ---A- . (...) -- C:\WINDOWS\system32\drivers\atnt40k.sys [51304] O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 1/11/2004 - 04:23:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528] O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 1/11/2004 - 04:23:46 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776] O58 - SDL:[MD5.A583BC166495B07F704533754CE29CBD] - 15/4/2004 - 06:57:20 ---A- . (.VIA Technologies, Inc. - NDIS 5.0 miniport driver.) -- C:\WINDOWS\system32\drivers\fetnd5b.sys [42496] O58 - SDL:[MD5.5575EE5823DE1558F8486EB4E33FFA99] - 12/5/2010 - 12:23:04 ---A- . (.Danish Wireless Design A/S - USB driver for Flash Loader Utility.) -- C:\WINDOWS\system32\drivers\FlashUSB.sys [16896] O58 - SDL:[MD5.B283F1BC1FF852BD232449A4B3E3CE63] - 14/3/2007 - 22:40:03 R--A- . (.FTDI Ltd. - FTDIBUS USB Driver.) -- C:\WINDOWS\system32\drivers\ftdibus.sys [47249] O58 - SDL:[MD5.678A73F56DDF84A08C31123C386E9967] - 14/3/2007 - 22:40:02 R--A- . (.FTDI Ltd. - FTDIBUS Serial Device Driver.) -- C:\WINDOWS\system32\drivers\ftser2k.sys [61067] O58 - SDL:[MD5.5FABA4775D4C61E55EC669D643FFC71F] - 21/6/2004 - 14:40:48 R--A- . (.HP - IEEE-1284.4-1999 Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\hpzid412.sys [51088] O58 - SDL:[MD5.A3C43980EE1F1BEAC778B44EA65DBDD4] - 21/6/2004 - 14:40:48 R--A- . (.HP - IEEE-1284.4-1999 Print Class Driver.) -- C:\WINDOWS\system32\drivers\HPZipr12.sys [16496] O58 - SDL:[MD5.2906949BD4E206F2BB0DD1896CE9F66F] - 21/6/2004 - 14:40:48 R--A- . (.HP - 1284.4<->Usb Datalink Driver (Windows 2000).) -- C:\WINDOWS\system32\drivers\HPZius12.sys [21744] O58 - SDL:[MD5.54A40A58FF71936026F2E49ECFD487B8] - 11/1/2010 - 10:29:36 ---A- . (.Google Inc - ADB Interface.) -- C:\WINDOWS\system32\drivers\lgandadb.sys [25728] O58 - SDL:[MD5.45039AD240754B3BD789668C2C986EA7] - 25/1/2010 - 06:11:22 ---A- . (.LG Electronics Inc. - LGE Android Driver.) -- C:\WINDOWS\system32\drivers\lgandbus.sys [14336] O58 - SDL:[MD5.F7EC18DB02C9FB26AED52E0E1BB98960] - 25/1/2010 - 06:11:30 ---A- . (.LG Electronics Inc. - LGE Android Driver.) -- C:\WINDOWS\system32\drivers\lganddiag.sys [20864] O58 - SDL:[MD5.6D79F0C7F33DD85F50D69C7D7EFEC9E0] - 25/1/2010 - 06:11:32 ---A- . (.LG Electronics Inc. - LGE Android Driver.) -- C:\WINDOWS\system32\drivers\lgandgps.sys [19968] O58 - SDL:[MD5.881837E816B948F7A94098ADD21AFD7C] - 25/1/2010 - 06:11:24 ---A- . (.LG Electronics Inc. - LGE Android Driver.) -- C:\WINDOWS\system32\drivers\lgandmodem.sys [24960] O58 - SDL:[MD5.1D038CA6C529203087A990E5E97887B4] - 29/9/2009 - 08:11:20 ---A- . (.LG Electronics Inc. - LG BT Bus Enumerator.) -- C:\WINDOWS\system32\drivers\lgbtbus.sys [10496] O58 - SDL:[MD5.4DD47B5AF0B24871EBB9EFC012A7474E] - 29/9/2009 - 08:11:22 ---A- . (.LG Electronics Inc. - LG Bluetooth Transport Driver.) -- C:\WINDOWS\system32\drivers\lgbtport.sys [12160] O58 - SDL:[MD5.BFAA861DA84CA6C7D12854E389F29A86] - 16/10/2008 - 07:14:32 ---A- . (.LG Electronics Inc. - LG ATOS USB Download Driver.) -- C:\WINDOWS\system32\drivers\lgusbatos.sys [22016] O58 - SDL:[MD5.8EF48FF1C23B1CE6F96D09A45959EB20] - 21/1/2010 - 01:59:56 ---A- . (.LG Electronics Inc. - LG CDMA USB Multi function Driver.) -- C:\WINDOWS\system32\drivers\lgusbbus.sys [13056] O58 - SDL:[MD5.A0E24C5C2D0CFF04BBD3753A72FAE80B] - 21/1/2010 - 01:59:58 ---A- . (.LG Electronics Inc. - LG CDMA USB Diagnostics Driver.) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys [20864] O58 - SDL:[MD5.CC09A1132B1F6A8362107CC134E90D0B] - 21/1/2010 - 01:59:56 ---A- . (.LG Electronics Inc. - LG CDMA USB Modem Driver.) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys [24960] O58 - SDL:[MD5.26F1976A330195D62A6224C76968CF0D] - 29/9/2009 - 08:11:20 ---A- . (.LG Electronics Inc. - LG Virtual Modem Driver.) -- C:\WINDOWS\system32\drivers\lgvmodem.sys [12928] O58 - SDL:[MD5.4477689E2D8AE6B78BA34C9AF4CC1ED1] - 16/9/2011 - 15:10:24 ---A- . (.LogMeIn, Inc. - LogMeIn Mirror Miniport Driver.) -- C:\WINDOWS\system32\drivers\lmimirr.sys [10144] O58 - SDL:[MD5.3FAA563DDF853320F90259D455A01D79] - 16/9/2011 - 15:10:50 ---A- . (.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640] O58 - SDL:[MD5.C741717B0A18813DD7D12085937CEE72] - 19/6/2009 - 16:59:34 ---A- . (.Motorola - Motorola USB Composite Device Driver.) -- C:\WINDOWS\system32\drivers\motccgp.sys [19712] O58 - SDL:[MD5.B812DA6605CAF02641312F1F65C75419] - 29/1/2009 - 17:18:00 ---A- . (.Motorola - Motorola USB Composite Filter Driver.) -- C:\WINDOWS\system32\drivers\motccgpfl.sys [8320] O58 - SDL:[MD5.4813DF77EDE536A52E3737971F910BAA] - 29/1/2009 - 17:11:20 ---A- . (.Motorola Inc - Motorola Unsafe Removal Filter Driver.) -- C:\WINDOWS\system32\drivers\motfilt.sys [6016] O58 - SDL:[MD5.54FEE02961C70FD9D4D7E2F87AFA23FA] - 27/10/2009 - 12:02:14 ---A- . (.Motorola - Motorola USB Modem and Ports Driver.) -- C:\WINDOWS\system32\drivers\motmodem.sys [23936] O58 - SDL:[MD5.0A43169E115B5E9346A4BA1EFFCB04CB] - 10/7/2009 - 13:01:06 ---A- . (.Motorola - ADB Interface.) -- C:\WINDOWS\system32\drivers\motoandroid.sys [25856] O58 - SDL:[MD5.E190ED75BCC7928143F8F2AF4C34D91D] - 8/5/2009 - 11:56:12 ---A- . (.Motorola Inc - Motorola USB Composite/Flash Driver.) -- C:\WINDOWS\system32\drivers\motodrv.sys [42752] O58 - SDL:[MD5.DDC489D40B49F443787E7FFA75373522] - 1/4/2010 - 14:31:50 ---A- . (.Motorola - Motorola USB Networking Driver.) -- C:\WINDOWS\system32\drivers\Motousbnet.sys [23424] O58 - SDL:[MD5.FD8C2CEF7AD8B23C6714103D621FAC1F] - 2/11/2007 - 14:51:28 ---A- . (.Motorola - No comment.) -- C:\WINDOWS\system32\drivers\motswch.sys [6400] O58 - SDL:[MD5.DEE0A33034F5E98882AD6FC752199413] - 22/7/2009 - 10:08:40 ---A- . (.MCCI - MCCI® Firmware Update Driver for MTK.) -- C:\WINDOWS\system32\drivers\mstrgen.sys [62080] O58 - SDL:[MD5.C6B98AAD7C019F25F1B54E69608B405A] - 22/7/2009 - 10:08:40 ---A- . (.MCCI Corporation - Windows 2000 support functions.) -- C:\WINDOWS\system32\drivers\mstrwh.sys [12160] O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 1/11/2004 - 04:23:46 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032] O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/10/2001 - 09:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792] O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 1/11/2004 - 04:23:46 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032] O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 1/11/2004 - 04:23:46 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032] O58 - SDL:[MD5.D26E26EA516450AF9D072635C60387F4] - 17/7/2004 - 13:36:38 ---A- . (...) -- C:\WINDOWS\system32\drivers\secdrv.sys [27440] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/7/2011 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [436792] O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 1/11/2004 - 04:23:46 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376] O58 - SDL:[MD5.07F90A3574769A28AD3F45CCC61394EC] - 4/11/2005 - 23:06:48 R--A- . (.Vimicro Corporation - Video streaming and Capture Device Driver.) -- C:\WINDOWS\system32\drivers\usbVM303.sys [390849] O58 - SDL:[MD5.BDA32CE7D8F1B752E06F3248D4B6BB4F] - 25/5/2004 - 16:48:06 ---A- . (.Prolific Technology Inc. - USB-to-Serial Cable Driver.) -- C:\WINDOWS\system32\drivers\UTS2pl.sys [43264] O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 1/11/2004 - 04:23:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112] O58 - SDL:[MD5.5E02B47671EC147251AB5487D039474D] - 10/8/2006 - 03:32:14 ---A- . (.VIA Technologies, Inc. - Vinyl AC'97 Codec Combo WDM Driver.) -- C:\WINDOWS\system32\drivers\vinyl97.sys [204672] O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 28/10/2001 - 09:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/10/2001 - 09:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097] O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 28/10/2001 - 09:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896] O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/10/2001 - 09:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 4/8/2004 - 00:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537] O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 28/10/2001 - 09:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/10/2001 - 09:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/10/2001 - 09:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/10/2001 - 09:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/10/2001 - 09:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146] O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 4/8/2004 - 00:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984] O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 4/8/2004 - 00:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560] O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 4/8/2004 - 00:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648] O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 4/8/2004 - 00:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424] O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 4/8/2004 - 00:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 4/10/2010 - 20:59:32 ---A- . (...) -- C:\WINDOWS\system32\StarOpen.sys [5632] ~ Scan Drivers in 00mn 03s ---\\ Last modified or created user files (O61) O61 - LFC:Last File Created 17/8/2029 - 15:11:20 ---A- C:\Documents And Settings\Administrador\Meus documentos\LG\P8170001.JPG [147448] O61 - LFC:Last File Created 17/8/2029 - 16:23:30 ---A- C:\Documents And Settings\Administrador\Meus documentos\LG\P8170002.JPG [146855] O61 - LFC:Last File Created 18/1/2012 - 09:09:32 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\LEO Download Tool\LEO Download Tool.lnk [2087] O61 - LFC:Last File Created 18/1/2012 - 09:19:08 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata046.dat [2380] O61 - LFC:Last File Created 18/1/2012 - 10:00:08 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata047.dat [2960] O61 - LFC:Last File Created 18/1/2012 - 10:09:30 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\dvdcss\CACHEDIR.TAG [199] O61 - LFC:Last File Created 18/1/2012 - 10:10:21 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\SIGEP\Leia-me.lnk [605] O61 - LFC:Last File Created 18/1/2012 - 10:10:21 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\SIGEP\Licença de uso.lnk [609] O61 - LFC:Last File Created 18/1/2012 - 10:10:21 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\SIGEP\SIGEP.lnk [599] O61 - LFC:Last File Created 18/1/2012 - 10:11:08 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\bookmarkbackups\bookmarks-2012-01-18.json [17262] O61 - LFC:Last File Created 18/1/2012 - 10:11:14 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\vlc\ml.xspf [311] O61 - LFC:Last File Created 18/1/2012 - 10:11:15 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\vlc\CACHEDIR.TAG [193] O61 - LFC:Last File Created 18/1/2012 - 10:11:15 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\vlc\plugins-04041e.dat [405213] O61 - LFC:Last File Created 18/1/2012 - 10:11:15 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\vlc\vlcrc [78537] O61 - LFC:Last File Created 18/1/2012 - 10:20:46 ---A- C:\Documents And Settings\Administrador\Ambiente de rede\Banco em Server\target.lnk [434] O61 - LFC:Last File Created 18/1/2012 - 12:02:31 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\ssam.lnk [411] O61 - LFC:Last File Created 18/1/2012 - 13:43:50 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT [71216] O61 - LFC:Last File Created 18/1/2012 - 13:44:02 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Adobe Photoshop CS3\Adobe Photoshop CS3 Settings\LaunchEndFlag.psp [12] O61 - LFC:Last File Created 18/1/2012 - 13:55:02 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata048.dat [2340] O61 - LFC:Last File Created 18/1/2012 - 13:56:43 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\SIGEP GND ELETRONICA SHOP 29-12-2011.LNK [739] O61 - LFC:Last File Created 18/1/2012 - 14:07:13 ---A- C:\Documents And Settings\Administrador\Ambiente de rede\backup - servidor em DIRETORIA (Diretoria)\target.lnk [467] O61 - LFC:Last File Created 18/1/2012 - 14:07:13 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\SIGEP GND ELETRONICA SHOP - 20120118.LNK [736] O61 - LFC:Last File Created 18/1/2012 - 14:07:14 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata049.dat [5620] O61 - LFC:Last File Created 18/1/2012 - 14:18:52 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Adobe\Color\ACEConfigCache1.lst [604] O61 - LFC:Last File Created 18/1/2012 - 14:18:54 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Adobe Photoshop CS3\Adobe Photoshop CS3 Settings\Adobe Photoshop CS3 Prefs.psp [171274] O61 - LFC:Last File Created 18/1/2012 - 14:18:54 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Adobe Photoshop CS3\Adobe Photoshop CS3 Settings\Configurações de Cores [729420] O61 - LFC:Last File Created 18/1/2012 - 14:18:54 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Adobe Photoshop CS3\Adobe Photoshop CS3 Settings\Novos Tamanhos de Documento.psp [6] O61 - LFC:Last File Created 18/1/2012 - 14:18:54 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Adobe Photoshop CS3\Adobe Photoshop CS3 Settings\Paleta Ações.psp [18] O61 - LFC:Last File Created 18/1/2012 - 15:01:15 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\startupCache\startupCache.4.little [517398] O61 - LFC:Last File Created 18/1/2012 - 15:53:15 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\SIGEP.lnk [801] O61 - LFC:Last File Created 19/1/2012 - 08:06:07 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\GSFS - Sintoma, Defeito, Reparo 2011.2.LNK [915] O61 - LFC:Last File Created 19/1/2012 - 08:06:11 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata050.dat [2252] O61 - LFC:Last File Created 19/1/2012 - 08:10:42 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Acrobat\9.0\AdobeSysFnt09.lst [81554] O61 - LFC:Last File Created 19/1/2012 - 08:10:42 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Acrobat\9.0\UserCache.bin [49155] O61 - LFC:Last File Created 19/1/2012 - 08:21:30 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Desktop (2).LNK [353] O61 - LFC:Last File Created 19/1/2012 - 08:21:31 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Letras-Inglês.LNK [493] O61 - LFC:Last File Created 19/1/2012 - 08:21:33 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata051.dat [3572] O61 - LFC:Last File Created 19/1/2012 - 09:51:22 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Planilha Atualização SW.LNK [659] O61 - LFC:Last File Created 19/1/2012 - 09:51:57 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata052.dat [2252] O61 - LFC:Last File Created 19/1/2012 - 10:22:10 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata053.dat [2364] O61 - LFC:Last File Created 19/1/2012 - 11:47:47 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\bookmarkbackups\bookmarks-2012-01-19.json [17262] O61 - LFC:Last File Created 19/1/2012 - 12:52:47 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata054.dat [2732] O61 - LFC:Last File Created 19/1/2012 - 13:18:05 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\stylish.sqlite [5120] O61 - LFC:Last File Created 19/1/2012 - 13:24:59 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr0.dat [4232] O61 - LFC:Last File Created 19/1/2012 - 13:24:59 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\Microsoft\Network\Downloader\qmgr1.dat [5456] O61 - LFC:Last File Created 19/1/2012 - 13:34:49 ---A- C:\Documents And Settings\Administrador\Recent\1° Período (Português).lnk [656] O61 - LFC:Last File Created 19/1/2012 - 13:47:09 ---A- C:\Documents And Settings\Administrador\Meus documentos\Downloads\setup_9.0.0.722_19.01.2012_18-23.exe [116287544] O61 - LFC:Last File Created 19/1/2012 - 13:54:52 ---A- C:\Documents And Settings\Administrador\Recent\LGC300AT-00-V10b-724-02-JUN-08-2011+1.lnk [951] O61 - LFC:Last File Created 19/1/2012 - 13:54:53 ---A- C:\Documents And Settings\Administrador\Recent\BTM.lnk [633] O61 - LFC:Last File Created 19/1/2012 - 13:57:32 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\LGMOBILEAX\Language\lang.opt [51560] O61 - LFC:Last File Created 19/1/2012 - 14:01:51 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Log\FingerPrint\Common_20120119_140149.txt [2] O61 - LFC:Last File Created 19/1/2012 - 14:01:51 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Log\FingerPrint\Error_20120119_140149.txt [2] O61 - LFC:Last File Created 19/1/2012 - 14:01:51 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Log\FingerPrint\Warning_20120119_140149.txt [2] O61 - LFC:Last File Created 19/1/2012 - 14:01:51 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Log\SimpleLogger\SimpleLog_20120119_140149_08F8.txt [144] O61 - LFC:Last File Created 19/1/2012 - 14:02:23 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\lcdb [15360] O61 - LFC:Last File Created 19/1/2012 - 14:02:25 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Wishlists\My Wishlist.A1wish [310] O61 - LFC:Last File Created 19/1/2012 - 14:02:26 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\Log\SearchMusic\SM_20120119_140225_1.txt [279] O61 - LFC:Last File Created 19/1/2012 - 14:02:29 ---A- C:\Documents And Settings\Administrador\Cookies\administrador@aic.lgservice[1].txt [82] O61 - LFC:Last File Created 19/1/2012 - 14:02:31 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\general\allmusic.dll [168960] O61 - LFC:Last File Created 19/1/2012 - 14:02:32 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\MusicOrganizer\modb [30720] O61 - LFC:Last File Created 19/1/2012 - 14:02:33 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\general\amazon.dll [235520] O61 - LFC:Last File Created 19/1/2012 - 14:02:37 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\general\musicbrainz.dll [207872] O61 - LFC:Last File Created 19/1/2012 - 14:02:41 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\general\sonymusic.dll [161792] O61 - LFC:Last File Created 19/1/2012 - 14:02:43 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\EncodingBackend\lame_enc.dll [495616] O61 - LFC:Last File Created 19/1/2012 - 14:02:45 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\general\yahoomusic.dll [206336] O61 - LFC:Last File Created 19/1/2012 - 14:02:51 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\lyrics\AstraLyrics.dll [159232] O61 - LFC:Last File Created 19/1/2012 - 14:02:57 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\lyrics\LyricsDemon.dll [164352] O61 - LFC:Last File Created 19/1/2012 - 14:03:06 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\lyrics\LyricWiki.dll [162304] O61 - LFC:Last File Created 19/1/2012 - 14:03:13 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\Sources.xml [1072] O61 - LFC:Last File Created 19/1/2012 - 14:03:13 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PostProcessing\Autotag\lyrics\MetroLyrics.dll [159744] O61 - LFC:Last File Created 19/1/2012 - 14:04:06 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\fsdb [9216] O61 - LFC:Last File Created 19/1/2012 - 14:04:30 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\audials_modules.txt [11030] O61 - LFC:Last File Created 19/1/2012 - 14:04:31 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\DllUpdateState.xml [2445] O61 - LFC:Last File Created 19/1/2012 - 14:04:32 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\7103498b0964a54528986dde5ffafb1c.png [2988] O61 - LFC:Last File Created 19/1/2012 - 14:04:32 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\ConvertFiles\screen_capture_offsets.txt [117] O61 - LFC:Last File Created 19/1/2012 - 14:04:33 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\974f12e52f1f169218389b7beb7f677f.png [11414] O61 - LFC:Last File Created 19/1/2012 - 14:04:33 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\b45578fd2f409d6228986b58e0b1b5b5.png [2470] O61 - LFC:Last File Created 19/1/2012 - 14:04:34 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\9cac90c6e3f71793ac6ef3124ae3efac.png [16443] O61 - LFC:Last File Created 19/1/2012 - 14:04:35 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\d866ffe71deebe2142b01055c4e840df.png [1740] O61 - LFC:Last File Created 19/1/2012 - 14:04:36 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\03eda609183d1e3c852ebaeb0508b56f.png [14195] O61 - LFC:Last File Created 19/1/2012 - 14:04:37 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\48d187d7c7fd71dc2ae53dee79c8219a.png [10883] O61 - LFC:Last File Created 19/1/2012 - 14:04:37 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\ecff0a43c5035fe58a5c895879aa5bde.png [13686] O61 - LFC:Last File Created 19/1/2012 - 14:04:38 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\420f624ed9a82a9d385d9fc9157ba152.png [859] O61 - LFC:Last File Created 19/1/2012 - 14:04:38 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\a4b8b457166b512f6b7f599c6288418f.png [1576] O61 - LFC:Last File Created 19/1/2012 - 14:04:39 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\25f6d6ebfa946d7a56193aa1f5b58891.png [18137] O61 - LFC:Last File Created 19/1/2012 - 14:04:39 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\40326fd6c8ed9d57c423ff82c8258192.png [2197] O61 - LFC:Last File Created 19/1/2012 - 14:04:40 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\MusicTelevision\LogoCache\c2587249868c0058f9e1a36962e9535c.png [6650] O61 - LFC:Last File Created 19/1/2012 - 14:04:43 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\RadioRip.dll [397312] O61 - LFC:Last File Created 19/1/2012 - 14:04:45 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgDeezer.dll [84992] O61 - LFC:Last File Created 19/1/2012 - 14:04:48 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgDefault.dll [41472] O61 - LFC:Last File Created 19/1/2012 - 14:04:53 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgGeneral.dll [89600] O61 - LFC:Last File Created 19/1/2012 - 14:04:58 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgHypemachine.dll [109056] O61 - LFC:Last File Created 19/1/2012 - 14:04:59 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgIJigg.dll [58368] O61 - LFC:Last File Created 19/1/2012 - 14:05:01 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgImeem.dll [78848] O61 - LFC:Last File Created 19/1/2012 - 14:05:06 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgLastfm.dll [110080] O61 - LFC:Last File Created 19/1/2012 - 14:05:07 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgMyspace.dll [86528] O61 - LFC:Last File Created 19/1/2012 - 14:05:10 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgNapster.dll [65536] O61 - LFC:Last File Created 19/1/2012 - 14:05:13 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgPandora.dll [55296] O61 - LFC:Last File Created 19/1/2012 - 14:05:15 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgSoundclick.dll [72192] O61 - LFC:Last File Created 19/1/2012 - 14:05:18 ---A- C:\Documents And Settings\All Users\Dados de aplicativos\RapidSolution\Audials_2012\RadioRip\PlgYoutube.dll [152576] O61 - LFC:Last File Created 19/1/2012 - 14:05:26 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PluginsManager\DLLs\AudioBox.dll [356352] O61 - LFC:Last File Created 19/1/2012 - 14:05:28 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\RapidSolution\Audials_2012\PluginsManager\DLLs\Dropbox.dll [16384] O61 - LFC:Last File Created 19/1/2012 - 14:10:29 ---A- C:\Documents And Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat [319136] O61 - LFC:Last File Created 19/1/2012 - 14:14:43 ---A- C:\Documents And Settings\Administrador\Recent\LGC300AT-00-V10b-724-06-JUN-08-2011+0.lnk [951] O61 - LFC:Last File Created 19/1/2012 - 14:30:36 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\downloads.sqlite [65536] O61 - LFC:Last File Created 19/1/2012 - 15:42:52 ---A- C:\Documents And Settings\Administrador\Meus documentos\ALMIR_-_20_SUPER_SUCESSOS_-_www.velhonas.blogspot.com.rar [83867450] O61 - LFC:Last File Created 19/1/2012 - 16:08:08 ---A- C:\Documents And Settings\Administrador\Recent\ROM_GT360AT-00-V10a-BRA-XXX-MAY-14-2009+2.lnk [962] O61 - LFC:Last File Created 19/1/2012 - 16:27:00 ---A- C:\Documents And Settings\Administrador\Meus documentos\Almir_Ritmo_do_Cora_o_Vol.II.rar [54715810] O61 - LFC:Last File Created 19/1/2012 - 17:15:06 ---A- C:\Documents And Settings\Administrador\Meus documentos\Almir_-_Ritmo_do_Coracao_Vol.3.rar [57895589] O61 - LFC:Last File Created 19/1/2012 - 17:15:20 ---A- C:\Documents And Settings\Administrador\Recent\KP150qAT-01-V10b-724-06-AUG-19-2008+5.lnk [951] O61 - LFC:Last File Created 19/1/2012 - 17:15:20 ---A- C:\Documents And Settings\Administrador\Recent\VIV.lnk [633] O61 - LFC:Last File Created 19/1/2012 - 17:15:37 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\cookies.sqlite [524288] O61 - LFC:Last File Created 19/1/2012 - 17:48:48 ---A- C:\Documents And Settings\Administrador\Recent\Almir_-_Ritmo_do_Coracao_Vol.3.lnk [430] O61 - LFC:Last File Created 19/1/2012 - 17:48:48 ---A- C:\Documents And Settings\Administrador\Recent\Almir_Ritmo_do_Cora_o_Vol.II.lnk [424] O61 - LFC:Last File Created 19/1/2012 - 17:48:48 ---A- C:\Documents And Settings\Administrador\Recent\download.lnk [251] O61 - LFC:Last File Created 20/1/2012 - 07:59:03 ---A- C:\Documents And Settings\Administrador\Recent\CLR.lnk [633] O61 - LFC:Last File Created 20/1/2012 - 07:59:03 ---A- C:\Documents And Settings\Administrador\Recent\MG370bP16FL-55-V10a-724-05 AUG 14 2007+9.lnk [966] O61 - LFC:Last File Created 20/1/2012 - 08:02:18 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata055.dat [2252] O61 - LFC:Last File Created 20/1/2012 - 08:04:12 ---A- C:\Documents And Settings\Administrador\Recent\LGC310AT-00-V10c-724-XXX-NOV-17-2010+7.lnk [956] O61 - LFC:Last File Created 20/1/2012 - 08:10:03 ---A- C:\Documents And Settings\Administrador\Recent\OK - 38850.lnk [686] O61 - LFC:Last File Created 20/1/2012 - 08:10:10 ---A- C:\Documents And Settings\Administrador\Recent\2012-01-19.lnk [509] O61 - LFC:Last File Created 20/1/2012 - 08:10:10 ---A- C:\Documents And Settings\Administrador\Recent\38850 01.lnk [680] O61 - LFC:Last File Created 20/1/2012 - 09:18:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\bookmarkbackups\bookmarks-2012-01-20.json [17262] O61 - LFC:Last File Created 20/1/2012 - 10:14:00 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\GSFS (Boletins Inspetoria).LNK [650] O61 - LFC:Last File Created 20/1/2012 - 10:14:00 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Identificação de Peças 29042011.LNK [880] O61 - LFC:Last File Created 20/1/2012 - 10:20:41 ---A- C:\Documents And Settings\Administrador\Recent\GSFS (Boletins Inspetoria).lnk [632] O61 - LFC:Last File Created 20/1/2012 - 10:20:41 ---A- C:\Documents And Settings\Administrador\Recent\Identificação de Peças 29042011.lnk [1034] O61 - LFC:Last File Created 20/1/2012 - 10:20:42 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata056.dat [3096] O61 - LFC:Last File Created 20/1/2012 - 10:20:42 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Word12.pip [1700] O61 - LFC:Last File Created 20/1/2012 - 10:44:58 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata057.dat [2364] O61 - LFC:Last File Created 20/1/2012 - 12:24:48 ---A- C:\Documents And Settings\Administrador\Recent\ROM_GB230AT-00-V10a-724-XXX-APR-28-2010+1.lnk [962] O61 - LFC:Last File Created 20/1/2012 - 13:02:15 ---A- C:\Documents And Settings\Administrador\Recent\LGC105AT-00-V10a-724-XXX-OCT-05-2010+1.lnk [956] O61 - LFC:Last File Created 20/1/2012 - 13:58:14 ---A- C:\Documents And Settings\Administrador\Recent\SIGEP GND ELETRONICA SHOP 18-01-2012.lnk [946] O61 - LFC:Last File Created 20/1/2012 - 13:58:23 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata058.dat [2260] O61 - LFC:Last File Created 20/1/2012 - 13:58:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\SIGEP GND ELETRONICA SHOP 18-01-2012.LNK [826] O61 - LFC:Last File Created 20/1/2012 - 14:41:53 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata059.dat [2268] O61 - LFC:Last File Created 20/1/2012 - 14:43:29 ---A- C:\Documents And Settings\Administrador\Meus documentos\LG\Endereço BRC.doc [26624] O61 - LFC:Last File Created 20/1/2012 - 14:45:20 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\SIGEP GND ELETRONICA SHOP 20-01-2012.LNK [826] O61 - LFC:Last File Created 20/1/2012 - 14:45:20 ---A- C:\Documents And Settings\Administrador\Recent\SIGEP GND ELETRONICA SHOP 20-01-2012.lnk [946] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Ambiente de rede\Sistema_SSAM em Diretoria (Diretoria)\target.lnk [457] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata060.dat [2712] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Relatórios SIGEP.LNK [653] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\SIGEP GND ELETRONICA SHOP - 20120120.LNK [826] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Recent\Relatórios SIGEP.lnk [653] O61 - LFC:Last File Created 20/1/2012 - 14:45:21 ---A- C:\Documents And Settings\Administrador\Recent\SIGEP GND ELETRONICA SHOP - 20120120.lnk [946] O61 - LFC:Last File Created 20/1/2012 - 15:12:25 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata061.dat [2804] O61 - LFC:Last File Created 20/1/2012 - 15:18:11 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\addons.sqlite [327680] O61 - LFC:Last File Created 20/1/2012 - 16:42:54 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata062.dat [1976] O61 - LFC:Last File Created 20/1/2012 - 16:44:49 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata063.dat [2472] O61 - LFC:Last File Created 20/1/2012 - 17:06:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\blocklist.xml [13731] O61 - LFC:Last File Created 20/1/2012 - 17:14:10 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata064.dat [3084] O61 - LFC:Last File Created 20/1/2012 - 17:18:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\dht.dat.old [4118] O61 - LFC:Last File Created 20/1/2012 - 17:18:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\rss.dat.old [99] O61 - LFC:Last File Created 20/1/2012 - 17:35:22 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\prefs.js.BAK [52619] O61 - LFC:Last File Created 20/1/2012 - 17:38:00 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Sun\Java\Deployment\deployment.properties [663] O61 - LFC:Last File Created 20/1/2012 - 17:39:41 ---A- C:\Documents And Settings\Administrador\Recent\Disco local ©.lnk [332] O61 - LFC:Last File Created 20/1/2012 - 17:39:41 ---A- C:\Documents And Settings\Administrador\Recent\hijackthis.lnk [464] O61 - LFC:Last File Created 20/1/2012 - 18:05:44 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\dht.dat [4456] O61 - LFC:Last File Created 20/1/2012 - 18:05:44 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\rss.dat [99] O61 - LFC:Last File Created 21/1/2012 - 06:26:00 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\LGMobile B2B CSMG Agent\LGE CSMG Agent.lnk [1207] O61 - LFC:Last File Created 21/1/2012 - 06:26:01 ---A- C:\Documents And Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat [16384] O61 - LFC:Last File Created 21/1/2012 - 06:26:01 ---A- C:\Documents And Settings\LocalService\Cookies\index.dat [16384] O61 - LFC:Last File Created 21/1/2012 - 07:54:00 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\bookmarkbackups\bookmarks-2012-01-21.json [17813] O61 - LFC:Last File Created 21/1/2012 - 07:54:12 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Groove12.pip [144] O61 - LFC:Last File Created 21/1/2012 - 07:54:18 ---A- C:\Documents And Settings\Administrador\Configurações locais\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat [78924] O61 - LFC:Last File Created 21/1/2012 - 07:59:25 ---A- C:\Documents And Settings\Administrador\Recent\OK - 33613.lnk [728] O61 - LFC:Last File Created 21/1/2012 - 08:00:17 ---A- C:\Documents And Settings\Administrador\Recent\OK - 35596.lnk [728] O61 - LFC:Last File Created 21/1/2012 - 08:01:11 ---A- C:\Documents And Settings\Administrador\Recent\OK - 38721.lnk [728] O61 - LFC:Last File Created 21/1/2012 - 08:01:53 ---A- C:\Documents And Settings\Administrador\Recent\OK - 39356.lnk [728] O61 - LFC:Last File Created 21/1/2012 - 08:03:08 ---A- C:\Documents And Settings\Administrador\Ambiente de rede\ItensRecep2 em Atend2 (Ssam-1d9b20fc67)\target.lnk [473] O61 - LFC:Last File Created 21/1/2012 - 08:03:08 ---A- C:\Documents And Settings\Administrador\Recent\2012-01-20.lnk [551] O61 - LFC:Last File Created 21/1/2012 - 08:03:08 ---A- C:\Documents And Settings\Administrador\Recent\OK - 39422.lnk [728] O61 - LFC:Last File Created 21/1/2012 - 08:42:20 ---A- C:\Documents And Settings\Administrador\Recent\BRA.lnk [633] O61 - LFC:Last File Created 21/1/2012 - 08:42:20 ---A- C:\Documents And Settings\Administrador\Recent\KP260cAT-00-V10a-724-XXX-FEB-19-2009+3_TotalBin.lnk [1001] O61 - LFC:Last File Created 21/1/2012 - 09:29:08 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Windows\Themes\Custom.theme [5075] O61 - LFC:Last File Created 21/1/2012 - 10:11:38 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Desktop.LNK [353] O61 - LFC:Last File Created 21/1/2012 - 10:11:38 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Devolução Peças.LNK [508] O61 - LFC:Last File Created 21/1/2012 - 10:11:38 ---A- C:\Documents And Settings\Administrador\Recent\Devolução Peças.lnk [586] O61 - LFC:Last File Created 21/1/2012 - 10:14:45 ---A- C:\Documents And Settings\Administrador\Cookies\administrador@onlinestores.metaservices.microsoft[1].txt [147] O61 - LFC:Last File Created 21/1/2012 - 10:41:06 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\GX500 ..LNK [598] O61 - LFC:Last File Created 21/1/2012 - 10:41:06 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Lista de Preços LG.LNK [490] O61 - LFC:Last File Created 21/1/2012 - 10:41:06 ---A- C:\Documents And Settings\Administrador\Recent\GX500 ..lnk [624] O61 - LFC:Last File Created 21/1/2012 - 10:41:06 ---A- C:\Documents And Settings\Administrador\Recent\Lista de Preços LG.lnk [472] O61 - LFC:Last File Created 21/1/2012 - 10:46:29 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Adobe\Acrobat\9.0\SharedDataEvents [6144] O61 - LFC:Last File Created 21/1/2012 - 10:48:17 ---A- C:\Documents And Settings\Administrador\Configurações locais\temp\control.xml [12818] O61 - LFC:Last File Created 21/1/2012 - 10:50:06 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\cert8.db [163840] O61 - LFC:Last File Created 21/1/2012 - 10:50:06 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\key3.db [16384] O61 - LFC:Last File Created 21/1/2012 - 10:50:06 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\prefs.js [52617] O61 - LFC:Last File Created 21/1/2012 - 10:54:56 ---A- C:\Documents And Settings\Administrador\Meus documentos\Downloads\ohashiTrio [NEWOLD] 2010.rar [143473905] O61 - LFC:Last File Created 21/1/2012 - 10:55:23 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Status BRC 2011.LNK [619] O61 - LFC:Last File Created 21/1/2012 - 10:55:23 ---A- C:\Documents And Settings\Administrador\Recent\Status BRC 2011.lnk [719] O61 - LFC:Last File Created 21/1/2012 - 10:55:44 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Planilha NF LG 2011.LNK [639] O61 - LFC:Last File Created 21/1/2012 - 10:55:44 ---A- C:\Documents And Settings\Administrador\Recent\Planilha NF LG 2011.lnk [739] O61 - LFC:Last File Created 21/1/2012 - 11:00:35 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\cookies.sqlite-shm [32768] O61 - LFC:Last File Created 21/1/2012 - 11:00:35 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\cookies.sqlite-wal [0] O61 - LFC:Last File Created 21/1/2012 - 11:00:36 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\places.sqlite-shm [32768] O61 - LFC:Last File Created 21/1/2012 - 11:00:37 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\urlclassifierkey3.txt [154] O61 - LFC:Last File Created 21/1/2012 - 11:02:28 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\LG.LNK [466] O61 - LFC:Last File Created 21/1/2012 - 11:02:28 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\Planilha NF LG 2012.LNK [639] O61 - LFC:Last File Created 21/1/2012 - 11:02:29 ---A- C:\Documents And Settings\Administrador\Recent\LG.lnk [448] O61 - LFC:Last File Created 21/1/2012 - 11:02:29 ---A- C:\Documents And Settings\Administrador\Recent\Planilha NF LG 2012.lnk [739] O61 - LFC:Last File Created 21/1/2012 - 11:03:08 ---A- C:\Documents And Settings\Administrador\Meus documentos\LG\Planilha NF LG 2012.xls [60416] O61 - LFC:Last File Created 21/1/2012 - 11:07:27 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodata065.dat [6048] O61 - LFC:Last File Created 21/1/2012 - 11:07:27 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\OFFICE\12.0\msodatalast.dat [6048] O61 - LFC:Last File Created 21/1/2012 - 11:07:27 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Excel12.pip [1572] O61 - LFC:Last File Created 21/1/2012 - 11:16:08 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\settings.dat.old [7811] O61 - LFC:Last File Created 21/1/2012 - 11:46:08 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\settings.dat [7813] O61 - LFC:Last File Created 21/1/2012 - 11:51:00 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Windows Media\11.0\WMSDKNS.XML [10506] O61 - LFC:Last File Created 21/1/2012 - 11:59:25 ---A- C:\Documents And Settings\Administrador\Recent\Minhas imagens.lnk [558] O61 - LFC:Last File Created 21/1/2012 - 11:59:25 ---A- C:\Documents And Settings\Administrador\Recent\_.lnk [772] O61 - LFC:Last File Created 21/1/2012 - 11:59:48 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\urlclassifier.pset [1415624] O61 - LFC:Last File Created 21/1/2012 - 11:59:48 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\urlclassifier3.sqlite [42737664] O61 - LFC:Last File Created 21/1/2012 - 12:00:43 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\places.sqlite [10485760] O61 - LFC:Last File Created 21/1/2012 - 12:00:43 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\places.sqlite-wal [531512] O61 - LFC:Last File Created 21/1/2012 - 12:00:57 ---A- C:\Documents And Settings\Administrador\Meus documentos\Downloads\PandaCloudAntivirus.exe [711320] O61 - LFC:Last File Created 21/1/2012 - 12:03:10 ---A- C:\Documents And Settings\Administrador\Configurações locais\Histórico\History.IE5\index.dat [1048576] O61 - LFC:Last File Created 21/1/2012 - 12:03:10 ---A- C:\Documents And Settings\Administrador\Cookies\index.dat [180224] O61 - LFC:Last File Created 21/1/2012 - 12:03:13 ---A- C:\Documents And Settings\Administrador\Meus documentos\Downloads\ZHPDiag2.exe [3900494] O61 - LFC:Last File Created 21/1/2012 - 12:06:21 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\localstore.rdf [17183] O61 - LFC:Last File Created 21/1/2012 - 12:07:50 ---A- C:\Documents And Settings\All Users\Menu Iniciar\Programas\ZHP\ZHPDiag.lnk [773] O61 - LFC:Last File Created 21/1/2012 - 12:09:54 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\resume.dat.old [45076] O61 - LFC:Last File Created 21/1/2012 - 12:10:00 ---A- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Media Player\CurrentDatabase_219.wmdb [13631488] O61 - LFC:Last File Created 21/1/2012 - 12:10:40 ---A- C:\Documents And Settings\Administrador\Dados de aplicativos\uTorrent\resume.dat [45076] O61 - LFC:Last File Created 30/12/1899 - 06:25:54 -SHA- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-1993962763-1715567821-682003330-500\Credentials [1338] O61 - LFC:Last File Created 30/12/1899 - 06:25:54 -SHA- C:\Documents And Settings\Administrador\Configurações locais\Histórico\History.IE5\MSHist012012012120120122\index.dat [49152] O61 - LFC:Last File Created 30/12/1899 - 06:25:54 -SHA- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Credentials\S-1-5-21-1993962763-1715567821-682003330-500\Credentials [652] O61 - LFC:Last File Created 30/12/1899 - 09:29:13 -SHA- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Desktop.htt [2128] O61 - LFC:Last File Created 30/12/1899 - 11:02:28 --H-- C:\Documents And Settings\Administrador\Dados de aplicativos\Microsoft\Office\Recente\index.dat [5352] O61 - LFC:Last File Created 30/12/1899 - 11:49:03 -SHA- C:\Documents And Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Feeds Cache\index.dat [32768] O61 - LFC:Last File Created 30/12/1899 - 17:20:44 --HA- C:\Documents And Settings\LogMeInRemoteUser\ntuser.dat.LOG [1024] ~ Scan Files in 00mn 20s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ Scan ADS in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 4/8/2004 - C:\WINDOWS\system32\dmadmin.exe (dmadmin) .(.Microsoft Corp., Veritas Software - Processo do serviço do gerenciador de disco.) - LEGACY_DMADMIN O64 - Services: CurCS - 4/8/2004 - C:\WINDOWS\system32\drivers\dmboot.sys (dmboot) .(.Microsoft Corp., Veritas Software - NT Disk Manager Startup Driver.) - LEGACY_DMBOOT O64 - Services: CurCS - 28/10/2001 - C:\WINDOWS\system32\drivers\dmload.sys (dmload) .(.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) - LEGACY_DMLOAD O64 - Services: CurCS - 24/10/2010 - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe (gupdate) .(.Google Inc. - Google Installer.) - LEGACY_GUPDATE O64 - Services: CurCS - 9/10/2010 - C:\Arquivos de programas\Java\jre6\bin\jqs.exe (JavaQuickStarterService) .(.Sun Microsystems, Inc. - Java Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - 12/4/2010 - C:\WINDOWS\system32\LGScsiCommandService.exe (LGScsiCommandService) .(.Mobile Leader Co.,Ltd. - No comment.) - LEGACY_LGSCSICOMMANDSERVICE O64 - Services: CurCS - ??\??\???? - (LMIRfsClientNP) .(. - .) - LEGACY_LMIRFSCLIENTNP O64 - Services: CurCS - 16/9/2011 - C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LMIRfsDriver) .(.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) - LEGACY_LMIRFSDRIVER O64 - Services: CurCS - 24/6/2010 - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe - MotoConnect Service (MotoConnect Service) .(...) - LEGACY_MOTOCONNECT_SERVICE O64 - Services: CurCS - ??\??\???? - C:\WINDOWS\system32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD ~ Scan Services in 00mn 00s ---\\ List unsigned files (LUF) (O65) (None) ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Editor do Registro.) -- C:\WINDOWS\regedit.exe ~ Scan Keys in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Arquivos de programas\Mozilla Firefox\uninstall\helper.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\WINDOWS\system32\ie4uinit.exe ~ Scan Keys in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6D971962-9DED-4E11-8062-D08DFD3005B8} [DefaultScope] - (Google) - http://www.google.com ~ Scan Keys in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Serviço de instalação do software.) -- C:\WINDOWS\system32\appmgmts.dll [172032] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496] O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [77312] O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [60416] O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - Dll do serviço do Gerenciador de discos lógicos.) -- C:\WINDOWS\system32\dmserver.dll [23552] O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Serviço do Cliente DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [111104] O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040] O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - No comment.) -- C:\WINDOWS\system32\es.dll [243200] O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656] O83 - Search Svchost Services: HidServ (HidServ) . (...) -- C:\WINDOWS\system32\hidserv.dll [0] O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [96768] O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096] O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792] O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gerenciador de conexões de rede.) -- C:\WINDOWS\system32\netman.dll [198144] O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll [247808] O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gerenciador de armazenamento removível.) -- C:\WINDOWS\system32\ntmssvc.dll [437248] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [89088] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [174080] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [49152] O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Mecanismo do 'Agendador de tarefas'.) -- C:\WINDOWS\system32\schedsvc.dll [192000] O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de serviço de logon secundário.) -- C:\WINDOWS\system32\seclogon.dll [18944] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [38912] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Componentes do Microsoft NAT Helper.) -- C:\WINDOWS\system32\ipnathlp.dll [331264] O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Serviço de restauração do sistema.) -- C:\WINDOWS\system32\srsvc.dll [171008] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Servidor de telefonia do Microsoft® Windows.) -- C:\WINDOWS\system32\tapisrv.dll [246272] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656] O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90624] O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Windows Time Service.) -- C:\WINDOWS\system32\w32time.dll [175616] O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Serviço de configuração zero sem fio.) -- C:\WINDOWS\system32\wzcsvc.dll [359936] O83 - Search Svchost Services: Wmi (Wmi) . (.Microsoft Corporation - API de base do Windows 32 avançada.) -- C:\WINDOWS\system32\advapi32.dll [683008] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408] O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [81408] O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129536] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Serviço de transferência inteligente de plano de fundo.) -- C:\WINDOWS\system32\qmgr.dll [382464] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\WINDOWS\system32\wuauserv.dll [6656] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - DLL de serviços do Shell do Windows.) -- C:\WINDOWS\system32\shsvcs.dll [134656] O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38912] O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\mspmsnsv.dll [27136] ~ Scan Services in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.013CB04472BFF45A2AA32098B5C71922] [sPRF][21/1/2012] (...) -- C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe [571541] [MD5.C086B45CA4FCCED1F57A5C05FAF82E01] [sPRF][19/11/2009] (.WebEx Communications Inc. - atcliun.) -- C:\WINDOWS\Downloaded Program Files\atcliun.exe [202056] [MD5.2B6CCA8DD45E6E6536A30AA4F94F1D07] [sPRF][19/11/2009] (.WebEx Communications, Inc - Download Decompress Library.) -- C:\WINDOWS\Downloaded Program Files\atgpcdec.dll [44360] [MD5.EDE49AFEA28AB0F384A50D09B913B25B] [sPRF][19/11/2009] (.WebEx Communications, Inc - Download Extension Library.) -- C:\WINDOWS\Downloaded Program Files\atgpcext.dll [107928] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [sPRF][25/7/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [sPRF][25/7/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.77D31FB654A53DBFB151C7A8E11E3A02] [sPRF][17/7/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1962160] [MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [sPRF][25/7/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [172032] [MD5.C450AE57C272DBB95A796C929DD04254] [sPRF][21/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxBinderU Module.) -- C:\WINDOWS\Downloaded Program Files\MxBinderU.dll [180224] [MD5.598BD8170558060ADEB8F458ED3FFF72] [sPRF][25/8/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxComboU Module.) -- C:\WINDOWS\Downloaded Program Files\MxComboU.dll [192512] [MD5.0F5B1C79FE735850C764EB816BCF0298] [sPRF][4/6/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxDataSetU Component.) -- C:\WINDOWS\Downloaded Program Files\MxDataSetU.dll [651264] [MD5.1D9AF87CC31ABF722B6550435A47371F] [sPRF][2/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxFileControlU Module.) -- C:\WINDOWS\Downloaded Program Files\MxFileControlU.dll [118784] [MD5.D73C197C1551A02237DA4E4B8B6D998E] [sPRF][18/4/2011] (.SHIFT Infomation & Communication Co., Ltd. - MxGridU Module.) -- C:\WINDOWS\Downloaded Program Files\MxGridU.dll [884736] [MD5.199012B1063BAEF0261ED57F1D35F3DD] [sPRF][7/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxImageSetU Module.) -- C:\WINDOWS\Downloaded Program Files\MxImageSetU.dll [188416] [MD5.7CCEE94D401D6691972666A5D8AFFEBE] [sPRF][20/9/2007] (.SHIFT Infomation & Communication Co., Ltd. - MxLocalDB Component.) -- C:\WINDOWS\Downloaded Program Files\MxLocalDBU.dll [188416] [MD5.29C97C3AEC8EC48565B022C744BE83A0] [sPRF][2/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxLogicalTRU Module.) -- C:\WINDOWS\Downloaded Program Files\MxLogicalTRU.dll [610400] [MD5.099064DC2A807D7AFCA8CADB2F985187] [sPRF][4/1/2006] (.SHIFT Infomation & Communication Co., Ltd. - MxMaskEditU Module.) -- C:\WINDOWS\Downloaded Program Files\MxMaskEditU.dll [167936] [MD5.3D3CFB300CC33409489ED370FC343F25] [sPRF][2/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxMenuU Module.) -- C:\WINDOWS\Downloaded Program Files\MxMenuU.dll [188416] [MD5.B45AC2BA3538A73FE83294697064008C] [sPRF][17/6/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxMGridU Module.) -- C:\WINDOWS\Downloaded Program Files\MxMGridU.dll [569344] [MD5.9B2AF2537998D371E9A8C3C7059AA639] [sPRF][2/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxRadioU Module.) -- C:\WINDOWS\Downloaded Program Files\MxRadioU.dll [147456] [MD5.A6D234C905F49EF64A159256290DA874] [sPRF][11/2/2010] (.SHIFT Infomation & Communication Co., Ltd. - MxReportU Component.) -- C:\WINDOWS\Downloaded Program Files\MxReportU.dll [761856] [MD5.C3BB35372E4317D52A1A8FFDFF3604C4] [sPRF][7/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxResourceMngU Module.) -- C:\WINDOWS\Downloaded Program Files\MxResourceMngU.dll [53248] [MD5.79A7D43C03CDFED9F9A7B8D96066969E] [sPRF][13/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxRSSAdaptor Module.) -- C:\WINDOWS\Downloaded Program Files\MxRSSAdaptor.dll [122880] [MD5.95FC57892AF14EAF463F2268BDA6D562] [sPRF][10/9/2007] (.SHIFT Infomation & Communication Co., Ltd. - MxTabU Module.) -- C:\WINDOWS\Downloaded Program Files\MxTabU.dll [131072] [MD5.2F73BA44467BA65500615A3C3C5558EB] [sPRF][14/5/2009] (.SHIFT Infomation & Communication Co., Ltd. - MxTextAreaU Module.) -- C:\WINDOWS\Downloaded Program Files\MxTextAreaU.dll [139264] [MD5.65F7F4472CA67B75F339D8D3CEAF4DB7] [sPRF][15/7/2008] (.SHIFT Infomation & Communication Co., Ltd. - MxTreeU Module.) -- C:\WINDOWS\Downloaded Program Files\MxTreeU.dll [282624] [MD5.AE99A358F5225E9B09A206D4F14A537F] [sPRF][1/4/2009] (.SHIFT Infomation & Communication Co., Ltd. - Prodigy Potential 1.0 070430.) -- C:\WINDOWS\Downloaded Program Files\Potential.dll [696320] ~ Scan Files in 00mn 01s ---\\ Additionnal Scan (O88) Database Version : 8949 - (18/01/2012) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] =>Toolbar.Conduit [HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit [HKLM\Software\Classes\setup.player] =>Spyware.MarketScore [HKLM\Software\Classes\setup.player.2k2] =>Spyware.MarketScore [HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] =>Toolbar.Babylon [HKLM\Software\Classes\Toolbar.CT2233703] =>Toolbar.Agent C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon =>Toolbar.Babylon C:\Documents and Settings\Administrador\Dados de aplicativos\BabylonToolbar =>Toolbar.Babylon C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon =>Toolbar.Babylon C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit =>Toolbar.Conduit ~ Scan Additionnel in 00mn 15s ---\\ Router Hijack DNS (O89) Servidor: UnKnown Address: 192.168.254.254 Nome = www-cctld.l.google.com Address: 74.125.234.56 Aliases: www.google.fr ~ Scan DNS in 00mn 02s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 4/8/2004 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Auto 24/10/2010 136176 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe SR - | Auto 9/10/2010 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe SR - | Auto 12/4/2010 47616 | (LGScsiCommandService) . (.Mobile Leader Co.,Ltd..) - C:\WINDOWS\system32\LGScsiCommandService.exe SR - | Auto 91456 | (MotoConnect Service) . (...) - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe ~ Scan Services in 00mn 04s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Administrador at 21/1/2012 12:14:02 CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA1E1F8]<< 1 ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Harddisk0\DR0[0x8A97EAB8] 3 CLASSPNP[0xBA8E905B] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\00000058[0x8A96FF18] 5 ACPI[0xBA654620] -> ntkrnlpa!IofCallDriver[0x804EDE00] -> \Device\Ide\IdeDeviceP0T0L0-4[0x8A985D98] \Driver\atapi[0x8A971AC0] -> IRP_MJ_CREATE -> 0x8AA1E1F8 kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi -> 0x8aa1e1f8 user != kernel MBR !!! Warning: possible MBR rootkit infection ! MBR rootkit infection detected ! Use: "mbr.exe -f" to fix. ~ Scan MBR in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Administrador at 21/1/2012 12:14:04 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ Scan MBR in 00mn 04s ---\\ List of CD/DVD Emulators (MBR Hook) O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/7/2011 - 00:00:00 ---A- . (...) -- C:\WINDOWS\system32\drivers\sptd.sys [436792] ~ Scan Emulateurs in 00mn 04s End of the scan (1572 lines in 04mn 13s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 21, 2012 Boa Tarde! Weick |- Lance,novamente,AdwCleaner e escolha "Suppression" ou "Delete". |- Poste o relatório: C:\AdwCleaner[S].txt ////°°°°//// |- Feche programas/pastas que estejam abertas. |- Para Windows Vista,desabilite a UAC,para que sejam permitidas autorizações não autorizadas. |- Dê um duplo clique em ZHPFix. |- Clique no menu,H < > =============== R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gsfs-america.lge.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Orphean Key O3 - Toolbar: (no name) - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} . (...) -- (.not file.) O43 - CFD: 10/10/2011 - 12:41:34 - [3,853] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon O43 - CFD: 2/11/2010 - 07:21:54 - [0,021] ----D- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: Modified [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine] [HKLM\Software\Classes\Conduit.Engine] [HKLM\Software\Classes\setup.player] [HKLM\Software\Classes\setup.player.2k2] [HKLM\Software\Classes\Toolbar.CT2233703] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC}] [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}] [HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}] [HKLM\Software\Classes\Toolbar.CT2233703] [HKLM\Software\Babylon] [HKLM\Software\Conduit] C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon C:\Documents and Settings\Administrador\Dados de aplicativos\BabylonToolbar C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit emptytemp emptyflash firewallraz sysrestore =============== |- Copie e cole estas informações,que estão em vermelho,para o campo "amarelo claro" de ZHPFix. |- Ps: Procure deixar o campo limpo,antes de colar as informações que estão na Quote. |- Clique em GO -> Oui. |- Ao concluir,e caso tenha desaparecido todos os ícones de seu desktop,faça o seguinte: |- Abra o Gerenciador de tarefas. ( ctrl+alt+del ) |- Clique na aba "Aplicativos". |- Clique em "Nova tarefa..." |- Digite na caixa: explorer.exe |- Clique em OK. |- Poste o relatório: C:\ZHP\ZHPFixReport.txt |- Ps: Também,será gerado o relatório ( ZHPExportRegistry-dia-mes-ano-hs-min-seg ),que será backup das entradas removidas. <- Não poste-o! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 23, 2012 Oi, DigRam. Obrigado pelas orientações, seguem os logs: # AdwCleaner v1.407 - Logfile created 01/23/2012 at 08:20:32 # Updated 18/01/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Administrador - LABORATORIO (Administrator) # Running from : C:\Documents and Settings\Administrador\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Babylon Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\Conduit Folder Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\extensions\ffxtlbr@babylon.com File Deleted : C:\Arquivos de programas\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\searchplugins\Conduit.xml ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703 Key Deleted : HKCU\Software\Conduit Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Microsoft\RFC1156Agent Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ***** [internet Browsers] ***** -\\ Internet Explorer v7.0.5730.13 [OK] Registry is clean. -\\ Mozilla Firefox v9.0.1 (pt-BR) Profile : i2g6hsss.default File : C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\i2g6hsss.default\prefs.js Deleted : user_pref("CT2233703..clientLogIsEnabled", false); Deleted : user_pref("CT2233703..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2233703..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2233703.CTID", "CT2233703"); Deleted : user_pref("CT2233703.CurrentServerDate", "3-11-2010"); Deleted : user_pref("CT2233703.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2233703.DownloadReferralCookieData", ""); Deleted : user_pref("CT2233703.EMailNotifierPollDate", "Mon Nov 01 2010 09:38:21 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT2233703.FirstServerDate", "3-11-2010"); Deleted : user_pref("CT2233703.FirstTime", true); Deleted : user_pref("CT2233703.FirstTimeFF3", true); Deleted : user_pref("CT2233703.FixPageNotFoundErrors", true); Deleted : user_pref("CT2233703.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2233703.HasUserGlobalKeys", true); Deleted : user_pref("CT2233703.Initialize", true); Deleted : user_pref("CT2233703.InitializeCommonPrefs", true); Deleted : user_pref("CT2233703.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2233703.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2233703.InstalledDate", "Mon Nov 01 2010 09:38:21 GMT-0300 (Hora oficial do Brasil)"); Deleted : user_pref("CT2233703.InvalidateCache", false); Deleted : user_pref("CT2233703.IsGrouping", false); Deleted : user_pref("CT2233703.IsMulticommunity", false); Deleted : user_pref("CT2233703.IsOpenThankYouPage", true); Deleted : user_pref("CT2233703.IsOpenUninstallPage", false); Deleted : user_pref("CT2233703.LanguagePackLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hora oficial do[...] Deleted : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2233703.LastLogin_3.2.1.3", "Mon Nov 01 2010 09:38:20 GMT-0300 (Hora oficial do Brasil)[...] Deleted : user_pref("CT2233703.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2233703.Locale", "en"); Deleted : user_pref("CT2233703.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2233703.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2233703.RadioIsPodcast", false); Deleted : user_pref("CT2233703.RadioLastCheckTime", "Wed Nov 03 2010 10:49:53 GMT-0300 (Hora oficial do Brasil[...] Deleted : user_pref("CT2233703.RadioLastUpdateIPServer", "3"); Deleted : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000"); Deleted : user_pref("CT2233703.RadioMediaID", "11027882"); Deleted : user_pref("CT2233703.RadioMediaType", "Media Player"); Deleted : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT223370311027882"); Deleted : user_pref("CT2233703.RadioStationName", "DANCE%20radio"); Deleted : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx"); Deleted : user_pref("CT2233703.SavedHomepage", "hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=o[...] Deleted : user_pref("CT2233703.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...] Deleted : user_pref("CT2233703.SearchInNewTabEnabled", true); Deleted : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Mon Nov 01 2010 09:38:22 GMT-0300 (Hora oficial [...] Deleted : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2233703.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2233703.ServiceMapLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficial do B[...] Deleted : user_pref("CT2233703.SettingsLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficial do Bra[...] Deleted : user_pref("CT2233703.SettingsLastUpdate", "1287764901"); Deleted : user_pref("CT2233703.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora oficia[...] Deleted : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2233703.UserID", "UN16006715125756987"); Deleted : user_pref("CT2233703.WeatherNetwork", ""); Deleted : user_pref("CT2233703.WeatherPollDate", "Mon Nov 01 2010 09:38:22 GMT-0300 (Hora oficial do Brasil)")[...] Deleted : user_pref("CT2233703.WeatherUnit", "C"); Deleted : user_pref("CT2233703.alertChannelId", "631527"); Deleted : user_pref("CT2233703.myStuffEnabled", true); Deleted : user_pref("CT2233703.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2233703.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2233703.testingCtid", ""); Deleted : user_pref("CT2233703.toolbarAppMetaDataLastCheckTime", "Mon Nov 01 2010 09:38:20 GMT-0300 (Hora ofic[...] Deleted : user_pref("CT2233703.toolbarContextMenuLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hora ofic[...] Deleted : user_pref("CT2233703.usagesFlag", 1); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=631527&fid=627389", "\"0\""[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2233703", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63423110335950[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2233703&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2233703"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "4shared.com"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2233703"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "4shared.com"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://eis.esnips.com/page/search_provid[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2233703"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703"); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 720); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Nov 01 2010 10:38:22 GMT-0300 (Hora [...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Nov 01 2010 09:38:19 GMT-0300 (Hora ofic[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1283688156"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "284a3ae7-e164-4246-b223-ba09f2a7c2df"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 01 2010 09:38:23 GMT-0300 (Hor[...] Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2233703"); Deleted : user_pref("browser.search.defaultthis.engineName", "4shared Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&Sea[...] Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl"); Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9); Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9); Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", ""); Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0"); Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb"); Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59396428); Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&q="); ************************* AdwCleaner[R1].txt - [12709 octets] - [21/01/2012 12:03:43] AdwCleaner[s1].txt - [12882 octets] - [23/01/2012 08:20:32] ************************* Temporary folder : : 2 folder(s) and 2 file(s) deleted ########## EOF - C:\AdwCleaner[s1].txt - [13099 octets] ########## Rapport de ZHPFix 1.12.3378 par Nicolas Coolman, Update du 10/01/2011 Fichier d'export Registre : Run by Administrador at 23/1/2012 08:31:06 Windows XP Professional Service Pack 2 (Build 2600) Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Web site : http://nicolascoolman.skyrock.com/ ========== Registry Key ========== DELETED Key: CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} NOT FOUND Key: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine NOT FOUND Key: HKLM\Software\Classes\Conduit.Engine DELETED Key: HKLM\Software\Classes\setup.player DELETED Key: HKLM\Software\Classes\setup.player.2k2 NOT FOUND Key: HKLM\Software\Classes\Toolbar.CT2233703 NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} NOT FOUND Key: HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} NOT FOUND Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} NOT FOUND Key: HKLM\Software\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} NOT FOUND Key: HKLM\Software\Babylon NOT FOUND Key: HKLM\Software\Conduit ========== Registry Value ========== NOT FOUND Toolbar: {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} DELETED Toolbar: {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} No Value in Firewall Exception Register Key (FirewallRaz) ========== Registry Data Items ========== REMOVED R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVED R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page REMOVED Explorer Association Data Application: http://www.filefacts.net/redirect.php?lang=%04x&ext=%s REMOVED Explorer Association Data Intl: http://www.filefacts.net/redirect.php?lang=%04x&ext=%s ========== Repertory ========== DELETED Folder: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Babylon DELETED Folder: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Conduit DELETED Folder: c:\documents and settings\administrador\dados de aplicativos\babylontoolbar DELETED Window Temporary: : 1 DELETED Flash Cookies: 8 ========== File ========== NOT FOUND Folder/File: c:\documents and settings\administrador\dados de aplicativos\babylon NOT FOUND Folder/File: c:\documents and settings\administrador\configurações locais\dados de aplicativos\babylon NOT FOUND Folder/File: c:\documents and settings\administrador\configurações locais\dados de aplicativos\conduit DELETED Window Temporary: : 6 DELETED Flash Cookies: 23 ========== Restoration ========== Restore System Point created succefully ========== Summary ========== 12 : Registry Key 3 : Registry Value 4 : Registry Data Items 5 : Repertory 5 : File 1 : Restoration End of clean in 00mn 16s ========== Report File ========== C:\ZHP\ZHPFix[R1].txt - 23/1/2012 08:31:06 [2892] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 23, 2012 Bom Dia! Weick |- Estando tudo Ok,desinstale o ComboFix. |- Desabilite seu antivírus! |- Vá em Iniciar --> Executar --> Digite ou cole: combofix.exe /uninstall --> Clique OK. |- < > |- Clique em Executar --> Aguarde! |- Surgirá,finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK. |- Caso encontre,apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório! |- Ou,vá em Iniciar --> Executar --> Digite ou cole ( Paste ): |- "%userprofile%\desktop\combofix" /uninstall |- Clique OK. |- Aguarde a desinstalação,e clique OK na mensagem. |- Ps: Outra opção,seria renomear o Combofix.exe para uninstall.exe e executá-lo. ////°°°°//// |- Baixe: < RogueKiller > ( ... par tigzy ) |- Salve-o no desktop! |- Feche aplicativos que estejam abertos! |- Execute a ferramenta,escolhendo a opção ( 1 ) Recherche --> Confirme! |- Ps: Para Windows Vista ou 7,execute-o como administrador. |- Poste o relatório: RKreport[1].txt |- Abra,novamente,a ferramenta RogueKiller e lance a opção 2. Delete ou Suppression. |- Ao concluir,lance a opção 6. Shortcuts HJfix. |- Aguarde sua conclusão,que pode ser demorada devido as correções das alterações dos atributos,que foram impostos,à arquivos ou diretórios. |- Poste seus relatórios: RKreport[1].txt + RKreport[2].txt + RKreport[3].txt |- Poste,também,o relatório Pseudo HijackThis que vem com ZHPDiag. |- Para isso,basta abrir a ferramenta ZHPDiag e clicar no ícone do HijackThis. |- Ps: Estando tudo Ok,nosso próximo procedimento será a desinstalação das ferramentas que foram empregadas. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 23, 2012 DigRam, apareceram várias pastas vazias na minha área de trabalho após a execução do RogueKiller e uma pasta de Quarantine com alguns itens dentro. Outro detalhe é que o ícone de um site (GSFS) mudou e ficou igual ao ícone do 4shared. Esse site era a minha página inicial no IExplorer, mas ele saiu e ficou o Google. Seguem logs: RogueKiller V6.2.4 [01/12/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User: Administrador [Admin rights] Mode: Scan -- Date : 01/23/2012 09:20:36 ¤¤¤ Bad processes: 2 ¤¤¤ [HJ NAME] lsass.exe -- C:\Win\lsass.exe -> KILLED [TermProc] [sUSP PATH] NotiAgent.exe -- C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : B2B_AGENT ("C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe") -> FOUND [HJ NAME] HKLM\[...]\Run : run32 (C:\Win\lsass.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-1993962763-1715567821-682003330-500[...]\Run : B2B_AGENT ("C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe") -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 11a8fce7201823def73ce80b59044015 [bSP] 19faf5ff8b6c07ac5f495a3ae39d0ece : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 80015 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt RogueKiller V6.2.4 [01/12/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User: Administrador [Admin rights] Mode: Remove -- Date : 01/23/2012 09:20:49 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 3 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : B2B_AGENT ("C:\Documents and Settings\All Users\Dados de aplicativos\LGMOBILEAX\notiagent\NotiAgent.exe") -> DELETED [HJ NAME] HKLM\[...]\Run : run32 (C:\Win\lsass.exe) -> DELETED [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 11a8fce7201823def73ce80b59044015 [bSP] 19faf5ff8b6c07ac5f495a3ae39d0ece : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 63 | Size: 80015 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt RogueKiller V6.2.4 [01/12/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version Started in : Normal mode User: Administrador [Admin rights] Mode: Shortcuts HJfix -- Date : 01/23/2012 09:22:51 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ File attributes restored: ¤¤¤ Desktop: Success 4 / Fail 0 Quick launch: Success 0 / Fail 0 Programs: Success 11 / Fail 0 Start menu: Success 0 / Fail 0 User folder: Success 106 / Fail 1 My documents: Success 39 / Fail 0 My favorites: Success 0 / Fail 0 My pictures: Success 0 / Fail 0 My music: Success 0 / Fail 0 My videos: Success 0 / Fail 0 Local drives: Success 348 / Fail 1 Backup: [NOT FOUND] Drives: [C:] \Device\HarddiskVolume1 -- 0x3 --> Restored [D:] \Device\CdRom0 -- 0x5 --> Skipped ¤¤¤ Infection : ¤¤¤ Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt Rapport de ZHPDiag v1.28.313 par Nicolas Coolman, Update du 18/01/2012 Run by Administrador at 23/1/2012 09:24:12 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html Web site : http://nicolascoolman.skyrock.com/ Windows XP Professional Service Pack 2 (Build 2600) State : A new version is available. Boot mode: Normal (Normal boot) Logged in as Administrator ---\\ Web Browser MSIE: Internet Explorer v7.0.5730.13 (Defaut) MFIE: Mozilla Firefox 9.0.1 v9.0.1 ---\\ Running Processes [MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe [153376] [PID.] [MD5.A193F8FDC130D8BA65E444FACD75AB05] - (.Mobile Leader Co.,Ltd. - No comment.) -- C:\WINDOWS\system32\LGScsiCommandService.exe [47616] [PID.] [MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [136176] [PID.] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [322120] [PID.] [MD5.9B2923C59D49672D1205C391A1296525] - (...) -- C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe [91456] [PID.] [MD5.38CB57C6AC08EB796669614D3ABF5075] - (.Motorola - Motorola Phone Service Application.) -- C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnect.exe [279360] [PID.408] [MD5.276AC7BAE1F596A3A1D4B6D43AEF099C] - (.BitTorrent, Inc. - µTorrent.) -- C:\Arquivos de programas\UTORRENT\utorrent.exe [399736] [PID.1040] [MD5.DE49B348A18369B4626FBA1D49B07FB4] - (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE [622080] [PID.1596] [MD5.11CCA710674739E3DB8F7450A5B650B6] - (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe [924632] [PID.368] [MD5.0619C9E7A3682C54BD226A831897CD06] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe [16856] [PID.1364] [MD5.ED570E740CB5E987E8BCDB1EA393C3E2] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [2210304] [PID.488] [MD5.379C7AC3EBCB636ECDB704E188A96A13] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.] ~ Scan Processes Running in 00mn 01s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Arquivos de programas\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (...) -- C:\Arquivos de programas\Google\Update\1.2.183.39\npGoogleOneClick8.dll (.not file.) P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Scan Firefox Browser in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gsfs-america.lge.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.5730.13 (longhorn(wmbla).070711-1130)) -- C:\WINDOWS\system32\ieframe.dll R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ Scan IE Browser in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Scan Proxy management in 00mn 00s ---\\ Changed inifile Value, Mapped to Registry (F2) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Scan Keys in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Scan Hosts File in 00mn 00s ~ Nombre de lignes (Lines number): 1 ---\\ Browser Helper Objects (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Scopus Tecnologia Ltda - scpsssh2 Module.) -- C:\Arquivos de programas\Scpad\scpsssh2.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - GrooveShellExtensions Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Media Player Sharing Plugin - {7380C6A8-9ACD-4EBA-8C76-2D170B5C08BB} . (.Unknown owner - Windows Media Player Sharing Plugin.) -- C:\ProgramData\Windows\nporbit.dll O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} Orphean Key O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java Quick Starter binary.) -- C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: TwebstBHO Class - {F533E300-85E2-46FA-9CD9-5358BF11EE42} . (.Codecentrix Software - Twebst Library Browser Plugin.) -- C:\ProgramData\Codecentrix\Twebst\TwebstBHO.dll ~ Scan BHO in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Arquivos de programas\QuickTime\QTTask.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-1993962763-1715567821-682003330-500\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Scan Application in 00mn 00s ---\\ Extra items in the IE right-click menu (O8) O8 - Extra context menu item: &Download All using 4shared Desktop - (.not file.) - C:\Arquivos de programas\4shared Desktop\down_all.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\ARQUIV~1\MICROS~1\Office12\EXCEL.exe O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll ~ Scan IE Menu Contextuel in 00mn 00s ---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9) O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: &Enviar para o OneNote - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO ~ Scan IE Extra Buttons in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fornecedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\WINDOWS\system32\mswsock.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\WINDOWS\system32\wshbth.dll ~ Scan Winsock in 00mn 00s ---\\ 'Reset Web Settings' hijack (O14) O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL="http://www.msn.com" O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br" ~ Scan IE Paramètres WEB in 00mn 00s ---\\ ActiveX Objects (Downloaded Program Files) (O16) O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} () - http://aic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {1455BE02-C41B-4115-B21C-32380507DC8F} (MxTextAreaU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTextAreaU.cab O16 - DPF: {1C18220D-EC23-48C8-B35E-857ADE9D1465} (Potential Class) - http://136.166.4.85:8110/sys/cabfiles/Potential.cab O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - http://136.166.4.85:8110/sys/cabfiles/MxBinderU.cab O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMenuU.cab O16 - DPF: {46DE705F-D294-4688-A12D-5E06FEFDEE2C} (LocalDBU Class) - http://136.166.4.85:8110/sys/cabfiles/MxLocalDBU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - http://136.166.4.85:8110/sys/cabfiles/MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - http://gsfs-america.lge.com/sys/cabfiles/MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - http://136.166.4.85:8110/sys/cabfiles/MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - http://136.166.4.85:8110/sys/cabfiles/MxReportU.cab O16 - DPF: {98D193AD-51B4-4503-80F5-EB953C47DB47} (RSSAdaptor Class) - http://136.166.4.85:8110/sys/cabfiles/MxRSSAdaptor.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - http://136.166.4.85:8110/sys/cabfiles/MxDataSetU.cab O16 - DPF: {B1405FE9-DEF8-4679-A3BC-C05F1330CDDD} (MGridU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMGridU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - http://136.166.4.85:8110/sys/cabfiles/MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - http://136.166.4.85:8110/sys/cabfiles/MxTreeU.cab O16 - DPF: {D14E96C4-2AD2-4954-A242-85CFDA64E0A4} (BinVerCheckAx Control) - http://csmg.lgmobile.com:9002/client/app/BinVerCheckAx.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - http://136.166.4.85:8110/sys/cabfiles/MxMaskEditU.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - http://136.166.4.85:8110/sys/cabfiles/MxRadioU.cab ~ Scan Objets ActiveX in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{356DCB90-6C18-4A65-A308-614D08A7B7A3}: NameServer = 192.168.254.254 ~ Scan Domain in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} . (.Microsoft Corporation - GrooveSystemServices Module.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API.) -- C:\WINDOWS\system32\inetcomm.dll O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\WINDOWS\system32\itss.dll O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Arquivos de programas\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Controle ActiveX para fluxo de vídeo.) -- C:\WINDOWS\system32\msvidctl.dll O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft ® HTML Viewer.) -- C:\WINDOWS\system32\mshtml.dll O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: application/x-gforms-deflate - {16F165FF-E9B6-496C-AD6D-039418EA3420} . (.SHIFT Infomation & Communication Co., Ltd. - Prodigy Potential 1.0 070430.) -- C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-gforms-xml - {16F165FF-E9B6-496C-AD6D-039418EA3420} . (.SHIFT Infomation & Communication Co., Ltd. - Prodigy Potential 1.0 070430.) -- C:\WINDOWS\Downloaded Program Files\Potential.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\system32\mscoree.dll O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) -- C:\WINDOWS\system32\urlmon.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Scan Protocole Additionnel in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: LMIinit . (.LogMeIn, Inc. - LogMeIn Remote Control Helper.) -- C:\WINDOWS\system32\LMIinit.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll ~ Scan Winlogon in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\shell32.dll O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objeto de serviço do shell de Systray.) -- C:\WINDOWS\system32\stobject.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll ~ Scan SSODL in 00mn 00s ---\\ SharedTaskScheduler (O22) O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: (no name) - {A3717295-941D-416F-9384-ED1736729F1C} . (.Scopus Tecnologia Ltda - scpIBLoad Module.) -- C:\Arquivos de programas\Scpad\scpLIB.dll ~ Scan STS/SSO in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java Quick Starter Service.) - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: LG SCSI command service (LGScsiCommandService) . (.Mobile Leader Co.,Ltd. - No comment.) - C:\WINDOWS\system32\LGScsiCommandService.exe O23 - Service: MotoConnect Service (MotoConnect Service) . (...) - C:\Arquivos de programas\Motorola\MotoConnectService\MotoConnectService.exe ~ Scan Services in 00mn 00s ---\\ Windows Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: Minha página inicial atual - file:About:Home O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Scan Desktop Component in 00mn 00s End of the scan (264 lines in 00mn 03s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 23, 2012 Bom Dia! Weick DigRam, apareceram várias pastas vazias na minha área de trabalho após a execução do RogueKiller e uma pasta de Quarantine com alguns itens dentro. |- Podem ser pastas que estavam ocultas e foram expostas. |- Volte a ocultá-las,se for o caso! E,caso estejam vazias,pode deletá-las. |- Por um período,deixe na área de trabalho a pasta Quarantine. Outro detalhe é que o ícone de um site (GSFS) mudou e ficou igual ao ícone do 4shared. Esse site era a minha página inicial no IExplorer, mas ele saiu e ficou o Google. Seguem logs: |- Vá ao site e no navegador que utiliza,reconfigure/estabeleça novamente sua página inicial. ////°°°°//// |- Baixe: < > (...par A.Rothstein & dj Quiou ) |- Clique em "Télécharger",para o download. |- Salve-o no desktop! |- Feche programas que estejam abertos,e execute a ferramenta. |- Clique no botão Recherche,para iniciar o scan. |- Ao concluir,teremos relacionados as ferramentas que serão removidas. |- Clique,à seguir,no botão "Supression" para remover os itens encontrados. |- Clique em Quitter para sair! --> OK. |- Caso queira,poste os relatórios: Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) |- Selecione e copie para o Bloco de Notas. ////°°°°//// |- Seus logs estão limpos! Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 23, 2012 DigRam, muito obrigado pela ajuda! Bom, antes, quando eu digitava uma linha de endereço numa caixa de texto (por exemplo, no "Executar" do Windows), apareciam sugestões de endereços embaixo. Por exemplo: se eu digitasse a letra "c", logo abaixo vinha a sugestão de abrir o diretório "C:\" e agora isso não está acontecendo, eu tenho que digitar todo o caminho do local onde eu quero ir. Tem algo a ver com as ferramentas que utilizamos aqui? No mais, acho que o teclado deve ter voltado ao normal mesmo, digitei todo esse texto sem precisar apagá-lo ou corrigi-lo. ^^ Quanto aos programas que baixamos, os logs gerados e a pasta quarantine, posso apagar tudo? Abraço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 23, 2012 Boa Tarde! Weick Bom, antes, quando eu digitava uma linha de endereço numa caixa de texto (por exemplo, no "Executar" do Windows), apareciam sugestões de endereços embaixo. Por exemplo: se eu digitasse a letra "c", logo abaixo vinha a sugestão de abrir o diretório "C:\" e agora isso não está acontecendo, eu tenho que digitar todo o caminho do local onde eu quero ir. Tem algo a ver com as ferramentas que utilizamos aqui? |- Sim! E acredito que seja um efeito temporário. No mais, acho que o teclado deve ter voltado ao normal mesmo, digitei todo esse texto sem precisar apagá-lo ou corrigi-lo. ^^ Quanto aos programas que baixamos, os logs gerados e a pasta quarantine, posso apagar tudo? |- Utilize a ferramenta ToolsCleaner e,o que restar,pode apagar. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Weick 1 Denunciar post Postado Janeiro 23, 2012 Obrigado! De verdade ^^ Pode fechar o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Janeiro 23, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
