[Resolvido] &nbspPC lento e relogio zerado

[RUY 2]

Meu Pc apresentou esse problemas há pucas semanas, provavel que sejam problemas diferentes mas gostaria de ter alguma certificação por isso rodei o hijackthis

eis o log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:53:48, on 24/04/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Users\ivansc\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Paltalk Messenger\paltalk.exe

C:\Program Files\BrOffice.org 3\program\soffice.exe

C:\Program Files\BrOffice.org 3\program\soffice.bin

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mobile Partner\Mobile Partner.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

H:\aplicativos\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O1 - Hosts: ::1 localhost

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll

O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1557192342-3375622938-3242602792-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'ivansc')

O4 - S-1-5-21-1557192342-3375622938-3242602792-1001 Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe (User 'ivansc')

O4 - S-1-5-21-1557192342-3375622938-3242602792-1001 User Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe (User 'ivansc')

O4 - Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll

O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9B5A360B-EAC9-4376-AAAF-5AED823EC1D6}: NameServer = 200.169.117.221 200.169.117.222

O17 - HKLM\System\CCS\Services\Tcpip\..\{F88456B5-653C-46B7-9484-9848D76CF4DF}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate1cb0cd25346600b) (gupdate1cb0cd25346600b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

 

--

End of file - 7312 bytes

 

Grato pela atenção

[DigRam 144]

Boa Tarde! RUY

 

|- É de sua concordância esse programa? ( Softonic-Eng7 )

 

|- <!> Softonic-Eng7

 

|- Consta na changelog de ToolbarShooter ( -Prise en charge de la toolbar Softonic. ),sua remoção.

 

|- Caso queira essa barra de ferramentas,jamais execute ToolbarShooter.

 

////°°°°////

 

|- Baixe: < RogueKiller > ( ... par tigzy )

|- Salve-o no desktop!

|- Feche aplicativos que estejam abertos!

 

 

|- Execute a ferramenta,escolhendo a opção ( 1 ) Recherche ou Scan <- Confirme!

|- Ps: Para Windows Vista ou 7,execute-o como administrador.

|- Poste o relatório: RKreport[1].txt

 

////°°°°////

 

|- Baixe: < > ( ...by OldTimer Tools )

 

|- Clique em Salvar! < >

 

|- Salve-o no desktop! < >

 

|- Duplo clique em OTL.exe --> Executar:

 

|- Execute o OTL,em seu rápido escaneamento. ( Verificação rápida )

|- Marque o botão "Nenhum",para "Exame Extra do Registro".

|- Ps: Para Windows 7,clique direito e execute-o como "Administrador".

|- Copie e poste o relatório. ( C:\_OTM\MovedFiles\xxxx2012_xxxxxx.log )

 

Abraços!

[RUY 2]

Roque Killer

 

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Scan -- Date : 04/25/2012 00:27:18

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9B5A360B-EAC9-4376-AAAF-5AED823EC1D6} : NameServer (200.169.117.221 200.169.117.222) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F88456B5-653C-46B7-9484-9848D76CF4DF} : NameServer (200.169.117.221 200.169.117.222) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 0a465046aa53b2b1f64ecdbc55814179

[bSP] 38643350799b8bebd56ebf72166f08ff : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 500105 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

=============================================

OTL

 

OTL logfile created on: 25/04/2012 00:28:48 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\ivansc\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

 

3,49 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 63,43% Memory free

7,19 Gb Paging File | 6,05 Gb Available in Paging File | 84,16% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465,76 Gb Total Space | 348,97 Gb Free Space | 74,92% Space Free | Partition Type: NTFS

Drive E: | 8,16 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

 

Computer Name: ECO | User Name: Administrador | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2012/04/25 00:17:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\ivansc\Desktop\OTL.exe

PRC - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/28 15:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

PRC - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2011/01/20 18:37:59 | 013,623,048 | ---- | M] (AVM Software Inc.) -- C:\Arquivos de programas\Paltalk Messenger\paltalk.exe

PRC - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2009/04/11 03:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Windows Sidebar\sidebar.exe

PRC - [2009/04/11 03:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/04/11 03:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009/04/11 03:27:20 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe

PRC - [2008/09/30 16:52:50 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

PRC - [2008/09/30 16:52:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

PRC - [2007/10/11 10:19:44 | 000,110,592 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/01/20 18:38:03 | 000,048,368 | ---- | M] () -- C:\Arquivos de programas\Paltalk Messenger\ctrlkey.dll

MOD - [2008/09/30 16:50:26 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\BrOffice.org 3\Basis\program\nsldap32v50.dll

MOD - [2008/07/29 15:11:38 | 000,297,984 | ---- | M] () -- C:\Arquivos de programas\BrOffice.org 3\Basis\program\libxmlsec.dll

MOD - [2008/07/29 14:59:22 | 000,165,376 | ---- | M] () -- C:\Arquivos de programas\BrOffice.org 3\Basis\program\libxslt.dll

MOD - [2008/07/29 14:55:14 | 000,969,728 | ---- | M] () -- C:\Arquivos de programas\BrOffice.org 3\program\libxml2.dll

MOD - [2007/10/11 10:19:44 | 000,110,592 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\Mobile Partner.exe

MOD - [2007/10/11 10:18:52 | 000,126,976 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\LocaleMgrPlugin.dll

MOD - [2007/10/11 10:17:54 | 000,135,168 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\SMSPlugin.dll

MOD - [2007/10/11 10:16:20 | 000,032,768 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\NotifyServicePlugin.dll

MOD - [2007/10/11 10:12:38 | 000,057,344 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\ConfigFilePlugin.dll

MOD - [2007/10/11 10:08:26 | 000,098,304 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\DeviceMgrPlugin.dll

MOD - [2007/10/11 10:04:48 | 000,098,304 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\NetInfoPlugin.dll

MOD - [2007/10/11 10:00:58 | 000,086,016 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\DialUpPlugin.dll

MOD - [2007/10/11 09:59:00 | 000,139,264 | ---- | M] () -- C:\Arquivos de programas\Mobile Partner\DeviceMgrUIPlugin.dll

MOD - [2007/10/11 09:48:28 | 000,126,976 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\DetectDev.dll

MOD - [2007/10/11 09:48:12 | 000,430,080 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\atcomm.dll

MOD - [2007/09/30 11:19:26 | 000,053,248 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\XCodec.dll

MOD - [2007/09/30 11:19:22 | 000,045,056 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\DeviceOperate.dll

MOD - [2007/08/23 15:39:30 | 000,014,848 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\isaputrace.dll

MOD - [2007/07/31 14:50:04 | 000,090,112 | R--- | M] () -- C:\Arquivos de programas\Mobile Partner\FileManager.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2012/01/03 10:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/28 15:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/07/04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2008/01/20 23:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/11/28 14:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/11/28 14:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/11/28 14:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/11/28 14:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/11/28 14:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/11/28 14:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2009/07/09 11:52:16 | 000,906,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/08/06 05:26:00 | 000,124,928 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/08/24 18:44:54 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2006/11/02 04:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)

DRV - [2006/10/18 10:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2004/06/17 14:26:08 | 000,330,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.netvibes.com/ivansc"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.9.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.7.2.0

FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.2

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/12/04 11:27:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 01:41:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 13:45:10 | 000,000,000 | ---D | M]

 

[2009/12/05 20:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Extensions

[2012/01/21 12:52:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\2fkla3jp.default\extensions

[2012/01/21 12:52:51 | 000,000,000 | ---D | M] (Softonic-Eng7 Community Toolbar) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\2fkla3jp.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}

[2012/01/06 11:14:49 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\2fkla3jp.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}

[2012/01/06 11:14:30 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\2fkla3jp.default\extensions\piclens@cooliris.com

[2011/03/24 22:43:26 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Administrador\AppData\Roaming\mozilla\Firefox\Profiles\2fkla3jp.default\extensions\vshare@toolbar

[2010/04/26 19:01:19 | 000,001,828 | ---- | M] () -- C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\2fkla3jp.default\searchplugins\bing.xml

[2011/06/14 18:52:19 | 000,001,592 | ---- | M] () -- C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\2fkla3jp.default\searchplugins\web-search.xml

[2011/11/06 19:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\extensions

[2012/01/21 12:09:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011/03/15 19:54:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/09/23 12:11:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2011/11/04 21:36:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/12/04 11:27:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/01/21 12:09:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\ADMINISTRADOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FKLA3JP.DEFAULT\EXTENSIONS\{A95D8332-E4B4-6E7F-98AC-20B733364387}.XPI

() (No name found) -- C:\USERS\ADMINISTRADOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2FKLA3JP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2009/12/17 18:59:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/08/17 01:41:11 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010/01/01 05:00:00 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml

[2010/01/01 05:00:00 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml

[2010/01/01 05:00:00 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml

[2010/01/01 05:00:00 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\

CHR - Extension: Pesquisa do Google = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\

CHR - Extension: avast! WebRep = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

CHR - Extension: Skype Click to Call = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Skype Click to Call = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

CHR - Extension: Gmail = C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

 

O1 HOSTS File: ([2006/09/18 18:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Arquivos de Programas\vShare\vshare_toolbar.dll ()

O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Arquivos de Programas\kikin\ie_kikin.dll (kikin)

O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Arquivos de Programas\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de Programas\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Arquivos de Programas\vShare\vshare_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Arquivos de Programas\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found

O4 - HKCU..\Run: [WMPNSCFG] C:\Arquivos de Programas\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BrOffice.org 3.0.lnk = C:\Arquivos de Programas\BrOffice.org 3\program\quickstart.exe ()

O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Arquivos de Programas\kikin\ie_kikin.dll (kikin)

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Arquivos de Programas\Paltalk Messenger\paltalk.exe (AVM Software Inc.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B5A360B-EAC9-4376-AAAF-5AED823EC1D6}: NameServer = 200.169.117.221 200.169.117.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F88456B5-653C-46B7-9484-9848D76CF4DF}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Arquivos de Programas\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 18:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2006/12/06 17:14:50 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\AutoRun\command - "" = D:\instalar.EXE /AUTORUN

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\configure\command - "" = D:\instalar.EXE

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\install\command - "" = D:\instalar.EXE

O33 - MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/25 00:18:52 | 000,000,000 | ---D | C] -- C:\Users\Administrador\Desktop\RK_Quarantine

[2010/08/08 16:42:49 | 002,736,736 | ---- | C] (Conduit Ltd.) -- C:\Program Files\tbSoft.dll

[2004/05/25 15:21:08 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd.dll

[2004/02/16 11:59:50 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\csnpstd.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/04/25 00:28:14 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys

[2012/04/25 00:23:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/25 00:14:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/25 00:14:37 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/24 23:58:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1557192342-3375622938-3242602792-1001UA.job

[2012/04/24 20:19:31 | 000,643,358 | ---- | M] () -- C:\Windows\System32\prfh0416.dat

[2012/04/24 20:19:31 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/24 20:19:31 | 000,124,862 | ---- | M] () -- C:\Windows\System32\prfc0416.dat

[2012/04/24 20:19:31 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/24 20:14:55 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/24 20:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/24 20:14:11 | 3747,799,040 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/24 17:07:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/04/24 12:53:48 | 000,007,313 | ---- | M] () -- C:\Windows\System32\24012012

 

========== Files Created - No Company Name ==========

 

[2012/04/25 00:18:54 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys

[2012/04/24 12:53:48 | 000,007,313 | ---- | C] () -- C:\Windows\System32\24012012

[2011/05/31 19:18:48 | 000,000,286 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/05/09 23:00:37 | 000,131,584 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe

[2011/05/09 23:00:37 | 000,001,301 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-MultiTes Pro.dat

[2011/04/22 18:45:55 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2011/04/22 18:45:55 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2011/04/03 19:26:22 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI

[2011/03/10 22:09:21 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MSJCE.dll

[2010/12/07 20:41:06 | 000,023,888 | ---- | C] () -- C:\Users\Administrador\AppData\Roaming\UserTile.png

[2010/08/08 16:42:49 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE

[2010/06/15 18:38:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/13 14:57:44 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys

[2009/12/16 19:16:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/12/16 19:16:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/12/06 16:58:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/12/06 15:54:07 | 000,006,656 | ---- | C] () -- C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/12/05 20:10:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2009/09/04 07:53:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/07/16 09:54:40 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll

[2009/07/16 09:54:39 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2009/07/16 09:54:36 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll

[2009/07/16 09:18:26 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin

[2009/07/16 09:18:26 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin

[2009/07/16 09:18:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1461.dll

[2009/07/16 09:18:26 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin

[2009/07/16 09:14:37 | 000,017,876 | ---- | C] () -- C:\Windows\Ascd_log.ini

[2009/07/16 09:14:24 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

[2009/07/16 09:14:23 | 000,017,544 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

[2009/02/02 23:51:14 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2008/12/07 13:08:06 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2008/12/07 13:08:04 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2008/01/21 03:32:34 | 000,643,358 | ---- | C] () -- C:\Windows\System32\prfh0416.dat

[2008/01/21 03:32:34 | 000,318,818 | ---- | C] () -- C:\Windows\System32\prfi0416.dat

[2008/01/21 03:32:34 | 000,124,862 | ---- | C] () -- C:\Windows\System32\prfc0416.dat

[2008/01/21 03:32:34 | 000,037,412 | ---- | C] () -- C:\Windows\System32\prfd0416.dat

[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2007/08/01 00:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI

[2007/01/30 10:29:17 | 000,332,800 | ---- | C] () -- C:\Windows\wget.exe

[2006/11/02 09:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 09:44:53 | 000,267,400 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 07:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 07:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 07:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 07:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 05:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 05:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 04:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 04:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004/06/17 14:26:08 | 000,330,880 | ---- | C] () -- C:\Windows\System32\drivers\snpstd.sys

[2004/05/06 09:22:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dsnpstd.dll

[2004/02/23 13:19:56 | 000,020,480 | ---- | C] () -- C:\Windows\usnpstd.exe

[2003/01/17 15:34:40 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini

[1999/01/22 17:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2009/12/05 23:57:11 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\BrOffice.org

[2011/09/03 14:46:00 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\kikin

[2011/04/22 18:58:28 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\ML

[2010/09/29 17:45:04 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\Paltalk

[2011/04/22 18:45:48 | 000,000,000 | ---D | M] -- C:\Users\Administrador\AppData\Roaming\Samsung

[2012/04/24 17:07:14 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

< End of report >

========================================================================

Não concordo com o programa

Softonic-Eng7

[DigRam 144]

Bom Dia! RUY

 

|- Baixe: < ToolbarShooter > ( ... de 2011N2 )

|- Salve-o no desktop!

|- Desabilite seu antivírus.

|- Execute a ferramenta,e escolha a opção 2. Suppression ou Delete.

|- Ps: Para Windows Vista ou 7,execute-o como administrador!

|- Ao concluir,aperte Enter,para dispormos do relatório.

|- Poste o relatório: "Rapport de suppression de ToolbarShooter"

 

////°°°////

 

|- Execute o OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados Correções" )

 

:OTL

IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKCU..\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_19)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\AutoRun\command - "" = D:\instalar.EXE /AUTORUN

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\configure\command - "" = D:\instalar.EXE

O33 - MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\Shell\install\command - "" = D:\instalar.EXE

O33 - MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/07/03 17:04:10 | 000,106,496 | R--- | M] (Huawei Technologies Co., Ltd.)

 

:Files

C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes]

"Gopher"="gopher://"

 

:Commands

[createrestorepoint]

[purity]

[emptytemp]

[emptyflash]

[Reboot]

|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".

|- Poste o relatório: C:\_OTL\MovedFiles\*.log

 

Abraços!

[RUY 2]

ToolBar

=========== Informations ===========

 

Mis à jour le : 20/01/2012 à 19h45 par 2011N2

Rapport de suppression de ToolbarShooter par 2011N2

Contact : lot12@hotmail.fr

Site : http://2011n2.forumgratuit.fr/

 

Début du scan de suppression : 17:16:47

 

################################## Toolbars, pups et adwares néfastes supprimés ################################

 

 

Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}

Clé supprimée avec succès : HKLM\Software\Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}

 

 

 

 

 

 

 

======== Page de démarrage Internet Explorer ========

 

Page de démarrage d'Internet Explorer restaurée avec succès.

 

===================================

 

Fin du nettoyage : 17:17:27

 

 

======== EOF ========

 

Merci d'envoyer le rapport à cette adresse, en précisant la raison d'emploi de cet outil. Cela permettera au développeur d'effectuer d'éventuelles modifications : lot12@hotmail.fr

 

Merci de votre contribution !

 

 

L'utilisateur à décidé de redémarrer l'ordinateur ultérieurement

 

 

==============================================

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File Eng7\tbSoft.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.

File Eng7\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE /AUTORUN not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

========== FILES ==========

File\Folder C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

 

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 1621733 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: ana

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ivansc

->Temp folder emptied: 33208 bytes

->Temporary Internet Files folder emptied: 4182178 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 11384604 bytes

->Google Chrome cache emptied: 108614891 bytes

->Flash cache emptied: 13317 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7710098 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 127,00 mb

 

 

[EMPTYFLASH]

 

User: Administrador

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: ana

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: ivansc

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 04252012_170122

 

Files\Folders moved on Reboot...

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File C:\Arquivos de Programas\Softonic-Eng7\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\ not found.

File Eng7\tbSoft.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}\ not found.

File Eng7\tbSoft.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Wisdom-soft ScreenHunter 5.1 Free not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE /AUTORUN not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6f090cb-9940-11de-b713-806e6f6e6963}\ not found.

File D:\instalar.EXE not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f8e9fa-e275-11de-8b2a-806e6f6e6963}\ not found.

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

========== FILES ==========

File\Folder C:\Users\Administrador\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully!

========== COMMANDS ==========

 

 

[EMPTYTEMP]

 

User: Administrador

->Temp folder emptied: 1621733 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: ana

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ivansc

->Temp folder emptied: 33208 bytes

->Temporary Internet Files folder emptied: 4182178 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 11384604 bytes

->Google Chrome cache emptied: 108614891 bytes

->Flash cache emptied: 13317 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 7710098 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 127,00 mb

 

 

[EMPTYFLASH]

 

User: Administrador

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: ana

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: ivansc

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 04252012_170122

 

Files\Folders moved on Reboot...

File move failed. E:\AutoRun.exe scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[DigRam 144]

Boa Tarde! RUY

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Clique em Télécharger! < >

 

|- Salve-o no desktop!

 

|- Dê início ao scan,clicando em "Suppression" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[S].txt

 

////°°°////

 

|- Execute RogueKiller,e escolha a opção 2. Suppression ou Delete <- Confirme!

|- Ps: Para Windows Vista ou 7,execute-o como administrador.

|- Poste o relatório: RKreport[2].txt

|- Poste,também,HijackThis atualizado.

 

Abraços!

[RUY 2]

# AdwCleaner v1.407 - Logfile created 01/26/2012 at 14:56:15

# Updated 18/01/2012 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : Administrador - ECO (Administrator)

# Running from : C:\Users\ivansc\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v6.0 (pt-BR)

 

Profile : 2fkla3jp.default

File : C:\Users\Administrador\AppData\Roaming\Mozilla\Firefox\Profiles\2fkla3jp.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v [unable to get version]

 

File : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[s2].txt - [868 octets] - [26/01/2012 14:56:15]

AdwCleaner[s1].txt - [14775 octets] - [26/01/2012 14:44:15]

 

*************************

 

Temporary folder : : 0 folder(s) and 0 file(s) deleted

 

########## EOF - \AdwCleaner[s2].txt - [1144 octets] ##########

 

================================================================

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Scan -- Date : 01/26/2012 15:02:23

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 3 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F88456B5-653C-46B7-9484-9848D76CF4DF} : NameServer (200.169.117.221 200.169.117.222) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 0a465046aa53b2b1f64ecdbc55814179

[bSP] 38643350799b8bebd56ebf72166f08ff : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 500105 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

 

===========================================================================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:06:11, on 26/01/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Paltalk Messenger\paltalk.exe

C:\Program Files\BrOffice.org 3\program\soffice.exe

C:\Program Files\BrOffice.org 3\program\soffice.bin

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\system32\conime.exe

H:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.login.com.br

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-1557192342-3375622938-3242602792-1001\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'ivansc')

O4 - S-1-5-21-1557192342-3375622938-3242602792-1001 Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe (User 'ivansc')

O4 - S-1-5-21-1557192342-3375622938-3242602792-1001 User Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe (User 'ivansc')

O4 - Startup: BrOffice.org 3.0.lnk = C:\Program Files\BrOffice.org 3\program\quickstart.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe

O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll

O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F88456B5-653C-46B7-9484-9848D76CF4DF}: NameServer = 200.169.117.221 200.169.117.222

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate1cb0cd25346600b) (gupdate1cb0cd25346600b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

 

--

End of file - 6426 bytes

[DigRam 144]

Boa Tarde! RUY

 

--------------------

 

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Scan -- Date : 01/26/2012 15:02:23

 

--------------------

|- RogueKiller foi executado,novamente,na opção "Scan" ou "Recherche".

|- Por gentileza,lance-o na opção "Delete" ou "Suppression".

|- Poste o relatório!

|- Ps: No mais,seus logs estão limpos! Menos o de RogueKiller.

 

Abraços!

[RUY 2]

RogueKiller V6.2.4 [01/12/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User: Administrador [Admin rights]

Mode: Remove -- Date : 01/27/2012 21:07:38

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 4 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{9B5A360B-EAC9-4376-AAAF-5AED823EC1D6} : NameServer (200.169.117.221 200.169.117.222) -> NOT REMOVED, USE DNSFIX

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{F88456B5-653C-46B7-9484-9848D76CF4DF} : NameServer (200.169.117.221 200.169.117.222) -> NOT REMOVED, USE DNSFIX

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 0a465046aa53b2b1f64ecdbc55814179

[bSP] 38643350799b8bebd56ebf72166f08ff : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 500105 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[DigRam 144]

Bom Dia! RUY

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

///°°°///

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique em "Télécharger",para o download.

|- Salve-a em um local conveniente!

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- À seguir,para remover DelFix,clique em "Désinstallation".

 

///°°°///

 

|- Seus logs estão limpos!

 

Abraços!

[RUY 2]

creio que não será possivel se alguem enteder de frances

 

Accès non autorisé aux téléchargements!

 

 

Bom Dia! RUY

 

|- Abra o OTL.exe -> Clique em Limpeza. <-- Confirme!

|- Ps: O computador irá reiniciar!

 

///°°°///

 

|- Baixe: |DelFix| ( ... de Xplode )

 

 

|- Estando na página,clique em "Télécharger",para o download.

|- Salve-a em um local conveniente!

|- Feche aplicativos que estejam abertos.

 

 

|- Clique em "Suppression".

|- À seguir,para remover DelFix,clique em "Désinstallation".

 

///°°°///

 

|- Seus logs estão limpos!

 

Abraços!

[DigRam 144]

Bom Dia! RUY

 

|- Substitua por esta! ( ToolsCleaner )

 

///°°°///

 

|- Baixe: < > (...par A.Rothstein & dj Quiou )

 

|- Clique em "Télécharger",para o download.

|- Salve-o no desktop!

|- Feche programas que estejam abertos,e execute a ferramenta.

|- Clique no botão Recherche,para iniciar o scan.

|- Ao concluir,teremos relacionados as ferramentas que serão removidas.

|- Clique,à seguir,no botão "Supression" para remover os itens encontrados.

|- Clique em Quitter para sair! --> OK.

|- Caso queira,poste os relatórios: Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU)

|- Selecione e copie para o Bloco de Notas.

|- Seus logs estão limpos!

 

Abraços!

[RUY 2]

Finalizado, pode fechar o tópico

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.