Ionara 2 Denunciar post Postado Março 19, 2012 Boa tarde, PC está muito lento, quando inicia demora para os tópicos da área de trabalho aparecer, cursor sempre em modo pedindo para esperar.... um horror Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:10:42, on 19/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\Program Files\asus\SystemSetting\WallPaperAgent.exe C:\windows\Explorer.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe C:\Windows\AsScrPro.exe C:\Program Files\ASUS\LivCam\LivCam.exe C:\Program Files\ASUS\Asus WebStorage\BackupService.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\BingBar\BingBar.exe C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe C:\Program Files\Microsoft\BingBar\BingApp.exe C:\windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe C:\Users\User\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: ASUS Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\asus\SystemSetting\StarterHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file) O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe O4 - HKLM\..\Run: [superHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto O4 - HKLM\..\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [LivCam] "C:\Program Files\ASUS\LivCam\LivCam.exe" O4 - HKLM\..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini" O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxExt] C:\windows\system32\IgfxExt.exe /RegServer O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: tmchlang.lnk = C:\Program Files\Trend Micro\Internet Security\TmChLang.exe O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Agregar entrada - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Agregar entrada en Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: protector.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe O23 - Service: bProtector - bProtector - C:\ProgramData\bProtector\bProtect.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe -- End of file - 9487 bytes Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 20, 2012 Olá Ionara 1. *Baixe o SecurityCheck de screen317 e salve-o no desktop *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador *Tecle [Enter] e cole o relatório apresentado 2. *Baixe o OTL de Old_Timer e salve-o no desktop *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador *Selecione: Verificar All Users Ignorar Arquivos Microsoft Usar WhiteList para Nomes de Companhias Verificar Lop Verificar Purity *Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Março 21, 2012 Boa noite, ontem apesar da lentidao consegui baixar o malwarebytes que detectou 8 ameaças, seguem relatórios solicitados. Results of screen317's Security Check version 0.99.24 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 31 Mozilla Firefox (x86 pt-BR..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky PURE avp.exe Kaspersky Lab Kaspersky PURE klwtblfs.exe Kaspersky Lab Kaspersky PURE avp.exe ``````````End of Log```````````` OTL Extras logfile created on: 3/20/2012 8:30:04 PM - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\User\Desktop\download Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.14% Memory free 3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 69.93 Gb Free Space | 69.93% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 116.07 Gb Free Space | 94.47% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{38015BB8-C9FA-4E7F-85FD-DDF03B290094}_is1" = New Destiny 757 versão 1.2 "{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works "{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión "{75E9CAA3-B336-439D-85FB-7C7B2ACA1A16}" = LivCam "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{84E6A538-D3AE-4510-B32F-2415361D2770}" = Windows Live Protección Infantil "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007 "{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 "{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 "{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 "{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 "{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007 "{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007 "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 "{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 "{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 "{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 "{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync "{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer "{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail "{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FAD8718D-950E-468D-BDE2-17D4D6F1EA6A}" = FontResizer "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Asus Vibe2.0" = AsusVibe2.0 "ASUS WebStorage" = ASUS WebStorage "B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) "B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) "BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5" = Receitanet "Eee Docking_is1" = Eee Docking 3.3.0 "ENTERPRISE" = Microsoft Office Enterprise 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE "IRPF2012" = IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País "LPCO" = Intel® Graphics Media Accelerator 500 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.60.1.1000 "Mozilla Firefox 9.0.1 (x86 pt-BR)" = Mozilla Firefox 9.0.1 (x86 pt-BR) "OOBERegBackup_is1" = OOBERegBackup "SynTPDeinstKey" = Synaptics Pointing Device Driver "SystemSetting_is1" = SystemSetting "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/16/2012 2:53:11 PM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/16/2012 2:53:13 PM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/17/2012 6:40:55 AM | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Nome de aplicativo com falha: igfxpers.exe, versão: 8.14.10.1929, carimbo de hora: 0x4aba6cfe Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725, carimbo de hora: 0x4ec49b60 Código de exceção: 0xc0000005 Deslocamento com falha: 0x00035345 Identificação do processo com falha: 0x990 Hora de início do aplicativo com falha: 0x01cd042a612f1aa2 Caminho do aplicativo com falha: C:\Windows\System32\igfxpers.exe FCaminho do módulo de falhas: C:\windows\SYSTEM32\ntdll.dll Identificação do Relatório: ac89014b-701d-11e1-ad65-a7cc6279e16a Error - 3/17/2012 6:49:31 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/17/2012 6:49:32 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/17/2012 6:51:59 AM | Computer Name = User-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 3/17/2012 11:32:05 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/17/2012 11:32:06 AM | Computer Name = User-PC | Source = Microsoft-Windows-LoadPerf | ID = 3006 Description = Não é possível ler as cadeias de caracteres do contador de desempenho definidas para a identificação de idioma 0416. O primeiro DWORD da seção de dados contém o código de erro do Win32. Error - 3/17/2012 11:37:43 AM | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Nome de aplicativo com falha: igfxpers.exe, versão: 8.14.10.1929, carimbo de hora: 0x4aba6cfe Nome do módulo de falhas: ntdll.dll, versão: 6.1.7601.17725, carimbo de hora: 0x4ec49b60 Código de exceção: 0xc0000005 Deslocamento com falha: 0x00035345 Identificação do processo com falha: 0xd30 Hora de início do aplicativo com falha: 0x01cd0453d5b7aa95 Caminho do aplicativo com falha: C:\Windows\System32\igfxpers.exe FCaminho do módulo de falhas: C:\windows\SYSTEM32\ntdll.dll Identificação do Relatório: 229013e4-7047-11e1-a200-fe05ea4be473 Error - 3/17/2012 11:37:46 AM | Computer Name = User-PC | Source = Application Error | ID = 1000 Description = Nome de aplicativo com falha: userinit.exe, versão: 6.1.7601.17514, carimbo de hora: 0x4ce79438 Nome do módulo de falhas: protector.dll_unloaded, versão: 0.0.0.0, carimbo de hora: 0x4f2acbcc Código de exceção: 0xc0000005 Deslocamento com falha: 0x75d6cbcb Identificação do processo com falha: 0x5e4 Hora de início do aplicativo com falha: 0x01cd0453d170b197 Caminho do aplicativo com falha: C:\Windows\system32\userinit.exe FCaminho do módulo de falhas: protector.dll Identificação do Relatório: 2480dbfe-7047-11e1-a200-fe05ea4be473 [ System Events ] Error - 3/8/2012 12:03:08 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/8/2012 4:13:27 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/9/2012 5:52:24 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/11/2012 5:48:11 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/11/2012 6:57:00 AM | Computer Name = User-PC | Source = DCOM | ID = 10010 Description = Error - 3/11/2012 7:31:23 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/12/2012 5:49:59 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/12/2012 7:31:05 AM | Computer Name = User-PC | Source = EventLog | ID = 6008 Description = O desligamento anterior do sistema em 08:29:58 às ?12/?03/?2012 não era esperado. Error - 3/12/2012 7:31:52 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom Error - 3/12/2012 6:17:55 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7026 Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização: cdrom < End of report > OTL logfile created on: 3/20/2012 8:30:04 PM - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\User\Desktop\download Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.14% Memory free 3.98 Gb Paging File | 2.76 Gb Available in Paging File | 69.35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 69.93 Gb Free Space | 69.93% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 116.07 Gb Free Space | 94.47% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/20 07:59:04 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\download\OTL.exe PRC - [2012/03/16 18:39:52 | 000,773,624 | ---- | M] (bProtector) -- C:\ProgramData\bProtector\bProtect.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Program Files\GbPlugin\gbpsv.exe PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/11/20 09:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009/11/16 13:37:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/10/26 19:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2009/10/17 02:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2009/10/16 22:31:06 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe PRC - [2009/09/25 19:02:26 | 000,402,608 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe PRC - [2009/09/25 16:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe PRC - [2009/09/14 22:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe PRC - [2009/09/11 16:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/27 20:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009/08/25 04:47:10 | 000,947,472 | ---- | M] (ECAREME) -- C:\Program Files\ASUS\Asus WebStorage\BackupService.exe PRC - [2009/08/18 22:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/08/02 21:05:24 | 002,348,320 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009/08/02 21:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/08/02 21:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/20 06:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009/06/05 00:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 00:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2012/03/16 18:39:50 | 000,790,520 | ---- | M] () -- C:\Windows\System32\protector.dll MOD - [2012/03/01 07:47:03 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll MOD - [2012/03/01 07:43:54 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/03/01 07:07:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/03/01 07:06:58 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll MOD - [2012/03/01 07:06:55 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll MOD - [2012/03/01 07:06:50 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012/03/01 07:03:17 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/03/01 07:02:18 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/03/01 06:58:46 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/03/01 06:58:32 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/03/01 06:58:28 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/03/01 06:57:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012/02/12 16:40:59 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2011/09/16 11:29:18 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll MOD - [2011/09/16 11:29:16 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/04 22:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll MOD - [2010/09/02 08:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\3.0.108.222\AsusWSShellExt.dll MOD - [2009/11/25 14:58:29 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll MOD - [2009/09/25 19:02:26 | 000,402,608 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe MOD - [2009/09/15 19:30:42 | 000,376,832 | ---- | M] () -- C:\Program Files\ASUS\LivCam\SMIUtility.dll MOD - [2009/08/25 04:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll MOD - [2009/08/25 04:47:22 | 000,095,504 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSWorker.dll MOD - [2009/08/25 04:47:22 | 000,083,216 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSBroker.dll MOD - [2009/08/02 21:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009/06/10 18:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/16 18:39:52 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtector\bProtect.exe -- (bProtector) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009/09/14 22:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/08/18 22:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/08/02 21:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/05 00:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbvoice.sys -- (ONDAusbvoice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbser6k.sys -- (ONDAusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbnmea.sys -- (ONDAusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbmdm6k.sys -- (ONDAusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012/03/18 21:28:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/01/11 14:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm) DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG) DRV - [2009/10/05 14:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009/07/27 04:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009/07/20 06:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009/07/05 23:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/07/01 01:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=c6d8a698000000000000e0cb4ea27b89 IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "search the web (babylon)" FF - prefs.js..browser.search.order.1: "search the web (babylon)" FF - prefs.js..browser.search.selectedengine: "search the web (babylon)" FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?af=110393&babsrc=hp_ss&mntrid=c6d8a698000000000000e0cb4ea27b89" FF - prefs.js..keyword.url: "http://search.babylon.com/?af=110393&babsrc=adbartrp&mntrid=c6d8a698000000000000e0cb4ea27b89&q=" FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 09:46:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012/03/18 21:30:26 | 000,000,000 | ---D | M] [2011/12/25 09:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012/03/16 18:47:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\s5vkdz39.default\extensions [2012/03/16 18:47:04 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\s5vkdz39.default\extensions\ffxtlbr@babylon.com [2012/03/18 21:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/03/07 15:48:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/03/18 21:34:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011/12/21 05:04:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/03/16 18:42:13 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011/12/21 02:07:30 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2011/12/21 02:07:30 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2011/12/21 01:46:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2011/12/21 02:07:30 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml [2011/12/21 02:07:30 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [superHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D6142B4-80AF-45D5-A97E-ADC573B80731}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88E0D252-76DA-4E3D-BB9A-4A9228CC67E3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (protector.dll) - C:\windows\System32\protector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000 Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.) O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c114ded-f45c-11e0-ac02-1c4bd6037440}\Shell - "" = AutoRun O33 - MountPoints2\{0c114ded-f45c-11e0-ac02-1c4bd6037440}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0ef4590b-f4c5-11e0-a8c9-1c4bd6037440}\Shell - "" = AutoRun O33 - MountPoints2\{0ef4590b-f4c5-11e0-a8c9-1c4bd6037440}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/20 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\download [2012/03/19 19:47:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012/03/19 19:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/19 19:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/19 19:46:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/03/19 19:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/18 21:32:49 | 000,039,352 | ---- | C] (Infowatch) -- C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2012/03/18 21:32:48 | 000,088,632 | ---- | C] (Infowatch) -- C:\windows\System32\drivers\CSCrySec.sys [2012/03/18 21:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012/03/18 21:28:38 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/03/18 21:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/03/16 20:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\New Destiny 757 [2012/03/16 20:03:28 | 000,000,000 | ---D | C] -- C:\Star Destiny [2012/03/16 18:41:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Babylon [2012/03/16 18:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/03/16 18:41:09 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Babylon [2012/03/16 18:40:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\eType [2012/03/16 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector [2012/03/16 18:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012/03/08 17:21:26 | 000,000,000 | ---D | C] -- C:\WYD [2012/03/07 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\User\.receitanet [2012/03/07 15:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB [2012/03/07 15:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Programas RFB [2012/03/07 15:50:23 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2012/03/07 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012 [2012/03/07 15:49:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB [2012/03/07 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/03/07 15:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/03/07 15:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/03/07 14:59:30 | 000,000,000 | ---D | C] -- C:\Users\User\ir [2012/03/06 19:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 [2012/03/06 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ONGAME [2012/02/22 20:54:51 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview ========== Files - Modified Within 30 Days ========== [2012/03/20 20:43:30 | 001,572,864 | -HS- | M] () -- C:\Users\User\ntuser.dat [2012/03/20 20:28:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001UA.job [2012/03/20 19:59:48 | 000,684,000 | ---- | M] () -- C:\windows\System32\perfh00A.dat [2012/03/20 19:59:47 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/03/20 19:59:47 | 000,133,704 | ---- | M] () -- C:\windows\System32\perfc00A.dat [2012/03/20 19:59:47 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/03/20 19:59:46 | 001,530,242 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2012/03/20 19:58:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/20 19:58:22 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/20 19:49:34 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2012/03/20 19:49:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/03/20 19:49:13 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys [2012/03/19 22:06:19 | 000,780,313 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db [2012/03/19 19:47:04 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/19 14:19:57 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat [2012/03/19 14:19:57 | 000,097,961 | ---- | M] () -- C:\windows\System32\drivers\klick.dat [2012/03/18 21:28:38 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/03/18 13:28:03 | 000,000,844 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001Core.job [2012/03/18 06:58:50 | 000,000,478 | ---- | M] () -- C:\windows\win.ini [2012/03/16 18:44:09 | 000,000,237 | ---- | M] () -- C:\user.js [2012/03/16 18:39:50 | 000,790,520 | ---- | M] () -- C:\windows\System32\protector.dll [2012/03/16 06:55:14 | 000,417,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/03/07 15:51:38 | 000,000,176 | ---- | M] () -- C:\windows\REC-NET.INI [2012/02/22 13:30:24 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2012/02/22 08:38:54 | 000,010,827 | ---- | M] () -- C:\Users\User\Desktop\cronograma conceicao.pdf [2012/02/22 07:22:36 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TMContainer00000000000000000002.regtrans-ms [2012/02/22 07:22:36 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TMContainer00000000000000000001.regtrans-ms [2012/02/22 07:22:36 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TM.blf ========== Files Created - No Company Name ========== [2012/03/19 19:47:04 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/18 21:33:58 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2012/03/18 21:33:57 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2012/03/16 18:43:52 | 000,000,237 | ---- | C] () -- C:\user.js [2012/03/16 18:39:50 | 000,790,520 | ---- | C] () -- C:\windows\System32\protector.dll [2012/03/07 15:51:38 | 000,000,176 | ---- | C] () -- C:\windows\REC-NET.INI [2012/03/02 13:23:11 | 000,000,896 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001UA.job [2012/03/02 13:23:10 | 000,000,844 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001Core.job [2012/02/22 08:38:53 | 000,010,827 | ---- | C] () -- C:\Users\User\Desktop\cronograma conceicao.pdf [2012/02/22 07:16:41 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TMContainer00000000000000000002.regtrans-ms [2012/02/22 07:16:41 | 000,524,288 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TMContainer00000000000000000001.regtrans-ms [2012/02/22 07:16:41 | 000,065,536 | -HS- | C] () -- C:\Users\User\NTUSER.DAT{3bfb745c-5d3e-11e1-8d32-9809a2468c5d}.TM.blf [2012/02/14 21:18:49 | 000,020,480 | ---- | C] () -- C:\Users\User\AppData\Roaming\client.db [2011/12/07 13:14:46 | 000,053,600 | ---- | C] () -- C:\windows\System32\dosx.exe [2011/10/10 20:59:29 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat [2011/09/20 00:15:26 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2011/09/16 11:32:24 | 000,013,020 | ---- | C] () -- C:\windows\System32\lpgun.ini [2011/09/16 10:48:33 | 000,780,313 | -H-- | C] () -- C:\Users\User\AppData\Local\IconCache.db [2011/09/16 10:48:33 | 000,110,816 | ---- | C] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT ========== LOP Check ========== [2009/11/25 14:58:43 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Asus WebStorage [2009/11/25 14:58:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Asus WebStorage [2012/02/14 19:07:19 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\Asus WebStorage [2012/02/13 11:24:56 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\BS_Temp [2012/02/13 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\Update [2012/02/22 08:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Asus WebStorage [2012/03/16 18:41:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2012/02/14 21:18:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BS_Temp [2012/03/17 07:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eType [2012/02/14 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Update [2012/02/23 12:32:53 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 212 bytes -> C:\windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\windows\System32:2E419B83_Cef.gbp @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 21, 2012 *Baixe o AdwCleaner de Xplode e salve-o no desktop *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador *Clique [Delete] *Cole o relatório apresentado Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Março 22, 2012 Executei o programa, porém ao final deu uma mensagem que dizia algo como o programa não foi baixado corretamente, porém baixei do link indicado, tbm falava sobre desabilitar o antivirus, então na segunda vez executei com o antivírus desabilitado. Seguem os dois logs. Sempre que inicia o pc dá a mensagem que wallpape aplication não está respondendo e precisa ser finalizada. # AdwCleaner v1.502 - Logfile created 03/22/2012 at 14:11:36 # Updated 17/03/2012 by Xplode # Operating system : Windows 7 Starter Service Pack 1 (32 bits) # User : User - USER-PC # Running from : C:\Users\User\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\User\AppData\Roaming\Babylon Folder Deleted : C:\Users\User\AppData\Roaming\eType Folder Deleted : C:\Users\User\AppData\Local\Babylon Folder Deleted : C:\Users\User\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s5vkdz39.default\extensions\ffxtlbr@babylon.com File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DSNR Labs Key Deleted : HKLM\SOFTWARE\Babylon Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4a99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49dd-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?AF=110393&babsrc=NT_ss&mntrId=c6d8a6980000000000001c4bd6037440 --> hxxp://www.google.fr -\\ Mozilla Firefox v9.0.1 (pt-BR) Profile : s5vkdz39.default File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s5vkdz39.default\prefs.js C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s5vkdz39.default\user.js ... Deleted ! Deleted : user_pref("browser.search.defaultenginename", "search the web (babylon)"); Deleted : user_pref("browser.search.order.1", "search the web (babylon)"); Deleted : user_pref("browser.search.selectedengine", "search the web (babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?af=110393&babsrc=hp_ss&mntrid=c6d8[...] Deleted : user_pref("extensions.babylontoolbar.admin", false); Deleted : user_pref("extensions.babylontoolbar.aflt", "babsst"); Deleted : user_pref("extensions.babylontoolbar.babext", ""); Deleted : user_pref("extensions.babylontoolbar.babtrack", "affid=110393"); Deleted : user_pref("extensions.babylontoolbar.bbdpng", 17); Deleted : user_pref("extensions.babylontoolbar.dfltsrch", false); Deleted : user_pref("extensions.babylontoolbar.hmpg", false); Deleted : user_pref("extensions.babylontoolbar.id", "c6d8a6980000000000001c4bd6037440"); Deleted : user_pref("extensions.babylontoolbar.instlday", "15415"); Deleted : user_pref("extensions.babylontoolbar.instlref", "sst"); Deleted : user_pref("extensions.babylontoolbar.lastdp", 17); Deleted : user_pref("extensions.babylontoolbar.lastvrsnts", "1.5.3.1718:43:01"); Deleted : user_pref("extensions.babylontoolbar.mntrffxvrsn", "9.0"); Deleted : user_pref("extensions.babylontoolbar.newtab", true); Deleted : user_pref("extensions.babylontoolbar.newtaburl", "hxxp://search.babylon.com/?babsrc=nt_bb"); Deleted : user_pref("extensions.babylontoolbar.noffxtlbr", false); Deleted : user_pref("extensions.babylontoolbar.prdct", "babylontoolbar"); Deleted : user_pref("extensions.babylontoolbar.propectorlck", 70566639); Deleted : user_pref("extensions.babylontoolbar.prtkds", 1); Deleted : user_pref("extensions.babylontoolbar.prtkhmpg", 1); Deleted : user_pref("extensions.babylontoolbar.prtnrid", "babylon"); Deleted : user_pref("extensions.babylontoolbar.ptch_0717", true); Deleted : user_pref("extensions.babylontoolbar.smplgrp", "none"); Deleted : user_pref("extensions.babylontoolbar.srcext", "ss"); Deleted : user_pref("extensions.babylontoolbar.tlbrid", "base"); Deleted : user_pref("extensions.babylontoolbar.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.babylontoolbar.vrsnts", "1.5.3.1718:43:01"); Deleted : user_pref("extensions.babylontoolbar.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.babylontoolbar_i.aflt", "babsst"); Deleted : user_pref("extensions.babylontoolbar_i.babext", ""); Deleted : user_pref("extensions.babylontoolbar_i.babtrack", "affid=110393"); Deleted : user_pref("extensions.babylontoolbar_i.hardid", "c6d8a6980000000000001c4bd6037440"); Deleted : user_pref("extensions.babylontoolbar_i.id", "c6d8a6980000000000001c4bd6037440"); Deleted : user_pref("extensions.babylontoolbar_i.instlday", "15415"); Deleted : user_pref("extensions.babylontoolbar_i.instlref", "sst"); Deleted : user_pref("extensions.babylontoolbar_i.prdct", "babylontoolbar"); Deleted : user_pref("extensions.babylontoolbar_i.prtnrid", "babylon"); Deleted : user_pref("extensions.babylontoolbar_i.smplgrp", "none"); Deleted : user_pref("extensions.babylontoolbar_i.srcext", "ss"); Deleted : user_pref("extensions.babylontoolbar_i.tlbrid", "base"); Deleted : user_pref("extensions.babylontoolbar_i.vrsn", "1.5.3.17"); Deleted : user_pref("extensions.babylontoolbar_i.vrsnts", "1.5.3.1718:43:01"); Deleted : user_pref("extensions.babylontoolbar_i.vrsni", "1.5.3.17"); Deleted : user_pref("extensions.enabledaddons", "ffxtlbr@babylon.com:1.1.9,{972ce4c6-7e08-4474-a285-3208198ce6[...] Deleted : user_pref("extensions.installcache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a2[...] Deleted : user_pref("keyword.url", "hxxp://search.babylon.com/?af=110393&babsrc=adbartrp&mntrid=c6d8a698000000[...] ************************* AdwCleaner[s1].txt - [6695 octets] - [22/03/2012 14:11:36] ########## EOF - C:\AdwCleaner[s1].txt - [6823 octets] ########## Log secundário com antivírus desabilitado # AdwCleaner v1.502 - Logfile created 03/22/2012 at 14:22:14 # Updated 17/03/2012 by Xplode # Operating system : Windows 7 Starter Service Pack 1 (32 bits) # User : User - USER-PC # Running from : C:\Users\User\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49dd-99D7-DC866BE87DBC}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v9.0.1 (pt-BR) Profile : s5vkdz39.default File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s5vkdz39.default\prefs.js [OK] File is clean. ************************* AdwCleaner[s1].txt - [6824 octets] - [22/03/2012 14:11:36] AdwCleaner[s2].txt - [1088 octets] - [22/03/2012 14:22:14] ########## EOF - C:\AdwCleaner[s2].txt - [1216 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 25, 2012 Olá Ionara Desculpe o atraso para resposta, pois estive viajando. Como está o PC? Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Março 26, 2012 Olá, o PC está melhor, acredito que grande parte do problem eram os vírus, ainda está lento para carregar a área de trabalho quando inicia... mas está melhor... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 27, 2012 1. *Execute o AdwCleaner e clique [uninstall] 2. *você está usando dois antivírus: Avast e Kaspersky. Se não pagas a licença para o uso do Kaspersky, desinstale-o. Lembre-se: use apenas 1 antivírus. 3. *Baixe o SecurityCheck de screen317 e salve-o no desktop *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador *Tecle [Enter] e cole o relatório apresentado 4. *Baixe o OTL de Old_Timer e salve-o no desktop *Execute-o. Usuários do Windows Vista ou do Windows 7 devem clicar com o botão direito do mouse no arquivo e selecionar Executar como administrador *Selecione: Verificar All Users Ignorar Arquivos Microsoft Usar WhiteList para Nomes de Companhias Verificar Lop Verificar Purity *Clique [Verificar] e cole os relatórios OTL.txt e Extras.txt criados no desktop *Caso os relatórios sejam grandes, acesse este link *Cole o relatório OTL.txt no espaço abaixo de New Paste *Em Paste Expiration selecione: 1 Day *Clique [submit] *Digite as letras e/ou números que aparecerão e clique [submit] *Cole o link *Repita o procedimento para o relatório Extras.txt Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Março 27, 2012 Boa tarde, estive verificando e não localizei mais nenhum arquivo do avast, eu tinha desinstalado, no início havia o avast, mas agora acredito que só esteja o kaspersky, é a versão free vou usar mais uns dias e volto a instalar o avast,deixei o OLT executando e só gerou um relatório, o extras não localizei. seguem os logs Results of screen317's Security Check version 0.99.24 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Java 6 Update 31 Mozilla Firefox (x86 pt-BR..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbamservice.exe Kaspersky Lab Kaspersky PURE avp.exe Kaspersky Lab Kaspersky PURE klwtblfs.exe ``````````End of Log```````````` OTL logfile created on: 3/27/2012 3:35:53 PM - Run 2 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\User\Desktop\download Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.42% Memory free 3.98 Gb Paging File | 2.83 Gb Available in Paging File | 71.10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 100.00 Gb Total Space | 71.40 Gb Free Space | 71.40% Space Free | Partition Type: NTFS Drive D: | 122.87 Gb Total Space | 116.07 Gb Free Space | 94.47% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/03/20 07:59:04 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\download\OTL.exe PRC - [2012/03/16 18:39:52 | 000,773,624 | ---- | M] (bProtector) -- C:\ProgramData\bProtector\bProtect.exe PRC - [2012/02/12 16:41:09 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) -- C:\Program Files\GbPlugin\gbpsv.exe PRC - [2011/10/21 14:23:42 | 000,391,760 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingBar.exe PRC - [2011/10/21 14:23:42 | 000,259,664 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BingApp.exe PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2011/06/24 01:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010/11/20 09:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 09:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010/10/01 21:05:24 | 000,207,448 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe PRC - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2009/11/16 13:37:41 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2009/10/26 19:30:00 | 000,413,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe PRC - [2009/10/17 02:43:28 | 001,021,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe PRC - [2009/10/16 22:31:06 | 000,284,160 | ---- | M] (ASUSTek) -- C:\Program Files\ASUS\LivCam\LivCam.exe PRC - [2009/09/25 19:02:26 | 000,402,608 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe PRC - [2009/09/25 16:04:10 | 000,115,888 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe PRC - [2009/09/14 22:05:56 | 000,044,312 | ---- | M] () -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe PRC - [2009/09/11 16:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe PRC - [2009/08/27 20:38:28 | 000,803,304 | ---- | M] () -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe PRC - [2009/08/25 04:47:10 | 000,947,472 | ---- | M] (ECAREME) -- C:\Program Files\ASUS\Asus WebStorage\BackupService.exe PRC - [2009/08/18 22:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe PRC - [2009/08/02 21:05:24 | 002,348,320 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2009/08/02 21:05:24 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/08/02 21:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009/07/20 06:47:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe PRC - [2009/06/05 00:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/05 00:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2012/03/16 18:39:50 | 000,790,520 | ---- | M] () -- C:\Windows\System32\protector.dll MOD - [2012/03/01 07:47:03 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll MOD - [2012/03/01 07:43:54 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll MOD - [2012/03/01 07:07:02 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll MOD - [2012/03/01 07:06:58 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\3fccda0d4dd150a217c2798e39e97a48\System.EnterpriseServices.ni.dll MOD - [2012/03/01 07:06:55 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e8dfbd1334d30a08ce1f2df29ca9aff\System.Transactions.ni.dll MOD - [2012/03/01 07:06:50 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll MOD - [2012/03/01 07:03:17 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll MOD - [2012/03/01 07:02:18 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll MOD - [2012/03/01 06:58:46 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll MOD - [2012/03/01 06:58:32 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll MOD - [2012/03/01 06:58:28 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll MOD - [2012/03/01 06:57:53 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2012/02/12 16:40:59 | 000,839,680 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2011/09/16 11:29:18 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.resources.dll MOD - [2011/09/16 11:29:16 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/04 22:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/10/01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll MOD - [2010/10/01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll MOD - [2010/10/01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll MOD - [2010/09/02 08:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\3.0.108.222\AsusWSShellExt.dll MOD - [2009/11/25 14:58:29 | 000,029,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll MOD - [2009/10/30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll MOD - [2009/09/25 19:02:26 | 000,402,608 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe MOD - [2009/09/15 19:30:42 | 000,376,832 | ---- | M] () -- C:\Program Files\ASUS\LivCam\SMIUtility.dll MOD - [2009/08/25 04:47:24 | 000,140,560 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll MOD - [2009/08/25 04:47:22 | 000,095,504 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSWorker.dll MOD - [2009/08/25 04:47:22 | 000,083,216 | ---- | M] () -- C:\Program Files\ASUS\Asus WebStorage\BSBroker.dll MOD - [2009/08/02 21:05:40 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009/06/10 18:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Win32 Services (SafeList) ========== SRV - [2012/03/16 18:39:52 | 000,773,624 | ---- | M] (bProtector) [Auto | Running] -- C:\ProgramData\bProtector\bProtect.exe -- (bProtector) SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/11 14:02:56 | 000,194,904 | ---- | M] ( ) [Auto | Running] -- C:\Program Files\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/10/01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2009/12/21 17:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009/09/14 22:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService) SRV - [2009/08/18 22:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService) SRV - [2009/08/02 21:05:24 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/05 00:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva394.sys -- (XDva394) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\system32\XDva392.sys -- (XDva392) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbvoice.sys -- (ONDAusbvoice) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbser6k.sys -- (ONDAusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbnmea.sys -- (ONDAusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ONDAusbmdm6k.sys -- (ONDAusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - [2012/03/18 21:28:38 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2012/01/11 14:04:00 | 000,042,584 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm) DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010/11/20 07:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2009/12/14 12:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009/12/14 12:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG) DRV - [2009/10/05 14:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/10/02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009/09/14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2009/07/27 04:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) DRV - [2009/07/20 06:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr) DRV - [2009/07/05 23:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2009/07/01 01:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data] IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110393&babsrc=SP_ss&mntrId=c6d8a698000000000000e0cb4ea27b89 IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 09:46:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012/03/18 21:30:26 | 000,000,000 | ---D | M] [2011/12/25 09:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2012/03/22 14:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\s5vkdz39.default\extensions [2012/03/18 21:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/03/07 15:48:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012/03/18 21:34:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5VKDZ39.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM [2011/12/21 05:04:21 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/21 02:07:30 | 000,001,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\buscape.xml [2011/12/21 02:07:30 | 000,001,212 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolivre.xml [2011/12/21 01:46:39 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2011/12/21 02:07:30 | 000,001,168 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-br.xml [2011/12/21 02:07:30 | 000,000,952 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ASUS Windows 7 Starter Helper) - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\ASUS\SystemSetting\StarterHelper.dll (ASUSTeK Computer Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeStorageBackup] C:\Program Files\ASUS\Asus WebStorage\BackupService.exe (ECAREME) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LivCam] C:\Program Files\ASUS\LivCam\LivCam.exe (ASUSTek) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [superHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O9 - Extra Button: &Teclado Virtual - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: Veri&ficação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D6142B4-80AF-45D5-A97E-ADC573B80731}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88E0D252-76DA-4E3D-BB9A-4A9228CC67E3}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (protector.dll) - C:\windows\System32\protector.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000 Winlogon: Shell - (C:\Program Files\asus\SystemSetting\WallPaperAgent.exe) - C:\Program Files\ASUS\SystemSetting\WallPaperAgent.exe (ASUSTeK Computer Inc.) O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\Program Files\GbPlugin\gbiehCef.dll) - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll (Caixa Economica Federal) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c114ded-f45c-11e0-ac02-1c4bd6037440}\Shell - "" = AutoRun O33 - MountPoints2\{0c114ded-f45c-11e0-ac02-1c4bd6037440}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0ef4590b-f4c5-11e0-a8c9-1c4bd6037440}\Shell - "" = AutoRun O33 - MountPoints2\{0ef4590b-f4c5-11e0-a8c9-1c4bd6037440}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/03/20 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\download [2012/03/19 19:47:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2012/03/19 19:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/03/19 19:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/03/19 19:46:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/03/19 19:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/03/18 21:32:49 | 000,039,352 | ---- | C] (Infowatch) -- C:\windows\System32\drivers\CSVirtualDiskDrv.sys [2012/03/18 21:32:48 | 000,088,632 | ---- | C] (Infowatch) -- C:\windows\System32\drivers\CSCrySec.sys [2012/03/18 21:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InfoWatch [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2012/03/18 21:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012/03/18 21:28:38 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/03/18 21:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2012/03/16 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtector [2012/03/16 18:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012/03/08 17:21:26 | 000,000,000 | ---D | C] -- C:\WYD [2012/03/07 16:31:31 | 000,000,000 | ---D | C] -- C:\Users\User\.receitanet [2012/03/07 15:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB [2012/03/07 15:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Programas RFB [2012/03/07 15:50:23 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallJammer Registry [2012/03/07 15:50:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012 [2012/03/07 15:49:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB [2012/03/07 15:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/03/07 15:48:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/03/07 15:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/03/07 14:59:30 | 000,000,000 | ---D | C] -- C:\Users\User\ir [2012/03/06 19:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2 [2012/03/06 19:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ONGAME ========== Files - Modified Within 30 Days ========== [2012/03/27 15:35:00 | 000,001,066 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001UA.job [2012/03/27 15:35:00 | 000,001,014 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001Core.job [2012/03/27 15:17:11 | 000,684,000 | ---- | M] () -- C:\windows\System32\perfh00A.dat [2012/03/27 15:17:11 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/03/27 15:17:11 | 000,133,704 | ---- | M] () -- C:\windows\System32\perfc00A.dat [2012/03/27 15:17:11 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/03/27 15:16:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/27 15:16:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/27 15:08:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/03/27 15:08:52 | 1602,691,072 | -HS- | M] () -- C:\hiberfil.sys [2012/03/19 19:47:04 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/19 14:19:57 | 000,115,369 | ---- | M] () -- C:\windows\System32\drivers\klin.dat [2012/03/19 14:19:57 | 000,097,961 | ---- | M] () -- C:\windows\System32\drivers\klick.dat [2012/03/18 21:28:38 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\windows\System32\drivers\klif.sys [2012/03/16 18:44:09 | 000,000,237 | ---- | M] () -- C:\user.js [2012/03/16 18:39:50 | 000,790,520 | ---- | M] () -- C:\windows\System32\protector.dll [2012/03/16 06:55:14 | 000,417,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/03/07 15:51:38 | 000,000,176 | ---- | M] () -- C:\windows\REC-NET.INI ========== Files Created - No Company Name ========== [2012/03/19 19:47:04 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/03/18 21:33:58 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat [2012/03/18 21:33:57 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat [2012/03/16 18:43:52 | 000,000,237 | ---- | C] () -- C:\user.js [2012/03/16 18:39:50 | 000,790,520 | ---- | C] () -- C:\windows\System32\protector.dll [2012/03/07 15:51:38 | 000,000,176 | ---- | C] () -- C:\windows\REC-NET.INI [2012/03/02 13:23:11 | 000,001,066 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001UA.job [2012/03/02 13:23:10 | 000,001,014 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1853207788-3405432505-2801168943-1001Core.job [2012/02/14 21:18:49 | 000,020,480 | ---- | C] () -- C:\Users\User\AppData\Roaming\client.db [2011/10/10 20:59:29 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Roaming\wklnhst.dat [2011/09/20 00:15:26 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2011/09/16 11:32:24 | 000,013,020 | ---- | C] () -- C:\windows\System32\lpgun.ini ========== LOP Check ========== [2009/11/25 14:58:43 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Asus WebStorage [2009/11/25 14:58:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Asus WebStorage [2012/02/14 19:07:19 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\Asus WebStorage [2012/02/13 11:24:56 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\BS_Temp [2012/02/13 11:25:04 | 000,000,000 | ---D | M] -- C:\Users\eu\AppData\Roaming\Update [2012/02/22 08:38:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Asus WebStorage [2012/02/14 21:18:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BS_Temp [2012/02/14 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Update [2012/02/23 12:32:53 | 000,032,608 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 212 bytes -> C:\windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 2 bytes -> C:\windows\System32:2E419B83_Cef.gbp @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:AB689DEA < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 27, 2012 *Execute o OTL *Cole as linhas em marrom no espaço abaixo de Exames Personalizados/Correções: :OTL IE - HKU\S-1-5-21-1853207788-3405432505-2801168943-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000e0cb4ea27b89 O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O4 - HKLM..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui File not found :Files @C:\windows\System32\drivers:GbpKmAp.lst @C:\ProgramData\Temp:AB689DEA :Commands [EMPTYTEMP] *Clique [Consertar] e o PC será reiniciado *Cole o relatório apresentado e informe como está o PC. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Março 30, 2012 Boa noite, desculpe pela demora, o pc está bom não trava mais e a inicialização está mais rápida, segue relatório. All processes killed ========== OTL ========== Registry key HKEY_USERS\S-1-5-21-1853207788-3405432505-2801168943-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast5 deleted successfully. ========== FILES ========== ADS C:\windows\System32\drivers:GbpKmAp.lst deleted successfully. ADS C:\ProgramData\Temp:AB689DEA deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 121064 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 321 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: eu ->Temp folder emptied: 6352673 bytes ->Temporary Internet Files folder emptied: 84403151 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 115251817 bytes ->Flash cache emptied: 6682 bytes User: Public User: User ->Temp folder emptied: 239081891 bytes ->Temporary Internet Files folder emptied: 63150731 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 44789360 bytes ->Flash cache emptied: 2759 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 33160931 bytes RecycleBin emptied: 7653 bytes Total Files Cleaned = 559.00 mb OTL by OldTimer - Version 3.2.39.1 log created on 03302012_194831 Files\Folders moved on Reboot... File\Folder C:\Users\User\AppData\Local\Temp\~DF1F0C5FEA49B2F18A.TMP not found! File\Folder C:\Users\User\AppData\Local\Temp\~DF4E9C8F87E960BA84.TMP not found! File\Folder C:\Users\User\AppData\Local\Temp\~DF55192B9F242E91D5.TMP not found! File\Folder C:\Users\User\AppData\Local\Temp\~DF7B2B407EC3D282B5.TMP not found! File\Folder C:\Users\User\AppData\Local\Temp\~DFE4004A3DBED9B426.TMP not found! File\Folder C:\Users\User\AppData\Local\Temp\~DFE84127497B313C4A.TMP not found! C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QLF1Z6\like[2].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R0QLF1Z6\xd_proxy[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NG2RZNB6\ads[2].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7719KH4V\460074-pc-muito-lento[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7719KH4V\si[1].htm moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot... Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Março 30, 2012 *Execute o OTL e clique [Limpeza] > [OK] *O PC será reiniciado O PC está limpo. Um abraço. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Abril 1, 2012 Valeu, muito obrigada. Compartilhar este post Link para o post Compartilhar em outros sites
wings 22 Denunciar post Postado Abril 2, 2012 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
