Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Rmpessoa

Contaminado por Renos e acredito por outros vírus.

Recommended Posts

Como nunca uso o IE eu parei de atualiza-lo, porém um amigo precisou usar o meu laptop e ao invés de usar o Firefox, ele foi usar o IE desatualizado para acessar os seus e-mails. Não sei o que ele fez ou clicou, mas depois disso o computador começou a ter pop-ups aparecendo até mesmo no Firefox.

Ao tentar atualizar o Windows o sistema não consegue conectar e percebi que algumas páginas da microsoft não conseguem ser abertas.

Felizmente consegui depois de muito custo baixar umas atualizações e tentei limpar, meu AVG disse que achou e limpou, mas sempre que passo o AVG ou Windoews Defender, o vírus aparece. De Renos.MQ, ele mudou para um outro nome.

Ambos os programas que eu rodei para ter estes logs a seguir acusaram problema no rootkit, algo assim.

Se alguém puder ajudar, eu agradeço, pois não estou conseguindo fazer isto sozinho. :(

Seguem os logs conforme solicitado nas regras:

DDS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Dominique at 9:27:37.38 on Thu 07/22/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1656 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Anti-spyware *disabled* (Updated) {8D8F6278-148C-4AB9-9FA0-418C1C93CBB5}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Windows\system32\lsm.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\PROGRA~1\GbPlugin\GbpSv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\PSIService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Dominique\Desktop\dds.scr

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://mail.terra.com.br/

uDefault_Page_URL = hxxp://www.sonystyle.ca/vaio

mDefault_Page_URL = hxxp://www.sonystyle.ca/vaio

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: moigh Object: {1b0a1df9-02c9-4c2b-9118-f7ed1d21f1b3} - c:\windows\system32\znjep.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\gbiehabn.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [JDK5SWFMZY] c:\users\domini~1\appdata\local\temp\Shl.exe

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

mRun: [unattend0000000001{FE3358AD-C63B-4F3E-A738-80713562D20D}] c:\program files\sony\first experience\VAIOWelcome.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [ewrgetuj] c:\users\domini~1\appdata\local\temp\geurge.exe

mRun: [MChk] c:\windows\system32\qnjep.exe

mRun: [utigufolifasufol] rundll32.exe "c:\users\dominique\appdata\local\ojixosokaradewil.dll",Startup

StartupFolder: c:\users\domini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///F:/data/index/ses_ocx/sessearch.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

TCP: NameServer = 93.188.164.79,93.188.166.229

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

Notify: VESWinlogon - VESWinlogon.dll

AppInit_DLLs: avgrsstx.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\gbiehabn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\domini~1\appdata\roaming\mozilla\firefox\profiles\2jgwwqmv.default\

FF - prefs.js: browser.startup.homepage - hxxp://mail.terra.com.br/

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {4001873C-F6DC-434B-A7B6-ECB479EEB0ED} - c:\users\dominique\appdata\local\{4001873c-f6dc-434b-a7b6-ecb479eeb0ed}\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-9 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-9 29584]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2007-1-13 125440]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-1-13 17920]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-13 28464]

R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-13 73472]

R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-13 43904]

R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-13 9344]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-13 818688]

RUnknown GbpSv;GbpSv; [x]

S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-6 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-13 745472]

S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-13 397312]

S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-13 1089536]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-12-13 292128]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-12-13 79136]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2007-1-13 16896]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-6-9 19968]

=============== Created Last 30 ================

2010-07-20 19:59:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-07-20 19:59:08 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-07-20 19:59:08 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-07-20 19:59:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-07-20 19:59:08 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-07-20 19:54:14 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-07-20 19:54:12 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-07-20 19:54:12 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-07-20 19:49:16 377344 ----a-w- c:\windows\system32\winhttp.dll

2010-07-20 19:49:13 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-07-20 19:49:13 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-07-20 19:49:13 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-07-20 19:47:51 2048 ----a-w- c:\windows\system32\tzres.dll

2010-07-20 19:47:06 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-07-20 19:47:03 2037248 ----a-w- c:\windows\system32\win32k.sys

2010-07-20 19:46:58 98304 ----a-w- c:\windows\system32\cabview.dll

2010-07-20 19:46:24 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-07-20 19:46:24 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-07-20 19:40:42 1314816 ----a-w- c:\windows\system32\quartz.dll

2010-07-20 19:40:41 50176 ----a-w- c:\windows\system32\iyuv_32.dll

2010-07-20 19:40:41 31744 ----a-w- c:\windows\system32\msvidc32.dll

2010-07-20 19:40:41 22528 ----a-w- c:\windows\system32\msyuv.dll

2010-07-20 19:40:41 13312 ----a-w- c:\windows\system32\msrle32.dll

2010-07-20 19:40:41 12288 ----a-w- c:\windows\system32\tsbyuv.dll

2010-07-20 19:40:40 91136 ----a-w- c:\windows\system32\avifil32.dll

2010-07-20 19:40:40 82944 ----a-w- c:\windows\system32\mciavi32.dll

2010-07-20 19:40:40 123904 ----a-w- c:\windows\system32\msvfw32.dll

2010-07-20 18:53:48 292840 ----a-w- c:\windows\system32\drivers\sjilisjf.sys

2010-07-20 13:21:23 0 d-----w- c:\programdata\Norton

2010-07-20 12:25:42 0 d-----w- c:\users\domini~1\appdata\roaming\Anti-spyware

2010-07-20 12:25:42 0 d-----w- c:\programdata\TEMP

2010-07-20 11:56:03 292840 ----a-w- c:\windows\system32\drivers\liaytvzj.sys

2010-07-20 03:57:39 0 d-----w- c:\windows\system32\MpEngineStore

2010-07-19 23:29:35 766976 ----a-w- c:\windows\system32\drivers\xjezifn.sys

2010-07-19 23:28:34 150 ----a-w- C:\zrpt.xml

2010-07-16 04:06:20 246784 ----a-w- c:\windows\system32\znjep.dll

2010-07-15 20:12:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

==================== Find3M ====================

2010-07-15 20:12:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 20:12:17 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-06-10 16:48:43 51200 ----a-w- c:\windows\inf\infpub.dat

2009-06-10 16:48:43 143360 ----a-w- c:\windows\inf\infstor.dat

2009-06-10 16:48:42 143360 ----a-w- c:\windows\inf\infstrng.dat

2009-06-10 16:39:17 665600 ----a-w- c:\windows\inf\drvindex.dat

2007-01-14 00:59:41 174 --sha-w- c:\program files\desktop.ini

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-23 11:49:24 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-10-17 02:44:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2008-10-27 22:21:13 88 --sh--r- c:\windows\system32\B2AB79BDAD.sys

2008-10-27 22:22:36 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 9:28:32.04 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/8/2008 4:11:16 PM

System Uptime: 7/22/2010 9:16:16 AM (0 hours ago)

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 91.532 GiB free.

D: is Removable

E: is Removable

F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart C7200 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C7200 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 7400 series

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer: HP

Name: Officejet 7400 series

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

==== System Restore Points ===================

==== Installed Programs ======================

µTorrent

2009FredV2Step2

32 Bit HP CIO Components Installer

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

Adobe AIR

Adobe Common File Installer

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Photoshop Elements 6.0

Adobe Premiere Elements 4.0

Adobe Premiere Elements 4.0 Templates

Adobe Reader 9.1.3

AIO_Scan

Apple Mobile Device Support

Apple Software Update

ArcSoft Magic-i Visual Effects

ArcSoft Software Suite

AVG Free 9.0

Bonjour

BrOffice.org 3.0

BufferChm

C7200

C7200_doccd

c7200_Help

Click to Disc

Click to Disc Editor

Compatibility Pack for the 2007 Office system

Copy

Corel Paint Shop Pro Photo X2

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DocProc

DocProcQFolder

EndNote

EndNote Demo

EndNote X Volume License Edition

EndNote X3

Fax

FRED

GearDrvs

HDAUDIO SoftV92 Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Imaging Device Functions 9.0

HP OCR Software 9.0

HP Photosmart All-In-One Software 9.0

HP Smart Web Printing

HP Update

Instant Mode

Intel® Graphics Media Accelerator Driver

ISI ResearchSoft - Export Helper

iTunes

Java 6 Update 17

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6

Junk Mail filter update

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox (3.6.7)

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Napster

Napster Burn Engine

NetDeviceManager

Norton 360

OpenMG Limited Patch 4.7-07-15-19-01

OpenMG Secure Module 4.7.00

PanoStandAlone

PHOTOfunSTUDIO -viewer-

PS_AIO_02_ProductContext

PS_AIO_02_Software

PS_AIO_02_Software_mim

QuickTime

Rayman Raving Rabbids

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.0

ResearchSoft Direct Export Helper

Roxio Activation Module

Roxio Easy Media Creator Home

Scan

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB982135)

Setting Utility Series

Skype Toolbars

Skype™ 4.2

SonicStage Mastering Studio

SonicStage Mastering Studio Audio Filter

SonicStage Mastering Studio Audio Filter Custom Preset

SonicStage Mastering Studio Plugins

Sony Video Shared Library

Status

Synaptics Pointing Device Driver

TOEFL Sample Questions

Toolbox

TrayApp

UnloadSupport

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office OneNote 2007 (KB980729)

Usmleworld Sim Exam V2

VAIO Camera Capture Utility

VAIO Content Folder Setting

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Manager Setting

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Launcher

VAIO Media

VAIO Media 6.0

VAIO Media AC3 Decoder 1.0

VAIO Media Content Collection 6.0

VAIO Media Integrated Server 6.1

VAIO Media Redistribution 6.0

VAIO Media Registration Tool

VAIO Media Registration Tool 6.0

VAIO Movie Story

VAIO Movie Story Template Data

VAIO MusicBox

VAIO MusicBox Sample Music

VAIO OOBE and Welcome Center

VAIO Original Function Setting

VAIO Power Management

VAIO Update 3

VAIO Wallpaper Contents

WebReg

WIDCOMM Bluetooth Software 6.1.0.2200

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

WinDVD for VAIO

Wireless Switch Setting Utility

Xvid 1.1.3 final uninstall

==== End Of File ===========================

Gmer:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-07-22 10:17:20

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\DOMINI~1\AppData\Local\Temp\pxldapod.sys

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\xjezifn.sys A device attached to the system is not functioning. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[1540] ntdll.dll!NtProtectVirtualMemory 77294D34 5 Bytes JMP 0026000A

.text C:\Windows\Explorer.EXE[1540] ntdll.dll!NtWriteVirtualMemory 77295674 5 Bytes JMP 0027000A

.text C:\Windows\Explorer.EXE[1540] ntdll.dll!KiUserExceptionDispatcher 77295DC8 5 Bytes JMP 0024000A

.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtProtectVirtualMemory 77294D34 5 Bytes JMP 004B000A

.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!NtWriteVirtualMemory 77295674 5 Bytes JMP 004C000A

.text C:\Windows\system32\svchost.exe[1552] ntdll.dll!KiUserExceptionDispatcher 77295DC8 5 Bytes JMP 004A000A

.text C:\Windows\system32\svchost.exe[1552] ole32.dll!CoCreateInstance 76FF9EA6 5 Bytes JMP 0054000A

.text C:\Windows\system32\svchost.exe[1552] USER32.dll!GetCursorPos 76B70B88 5 Bytes JMP 0125000A

.text C:\Windows\system32\wuauclt.exe[5244] ntdll.dll!NtProtectVirtualMemory 77294D34 5 Bytes JMP 0013000A

.text C:\Windows\system32\wuauclt.exe[5244] ntdll.dll!NtWriteVirtualMemory 77295674 5 Bytes JMP 0014000A

.text C:\Windows\system32\wuauclt.exe[5244] ntdll.dll!KiUserExceptionDispatcher 77295DC8 5 Bytes JMP 0012000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74167817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7416BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7415F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7415E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74198395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7416DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7415FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7415FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7418C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7415D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74156853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7415687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1540] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74162AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 868DF880

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\BTHUSB \Device\0000006f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85953EC5

---- Services - GMER 1.0.15 ----

Service C:\PROGRA~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

Service (*** hidden *** ) [bOOT] xjezifn <-- ROOTKIT !!!

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Rmpessoa

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

SP: Anti-spyware *disabled* (Updated) {8D8F6278-148C-4AB9-9FA0-418C1C93CBB5}

Não há necessidade em ter 3 anti-spyware. Esse último, em vermelho, você o conhece?

# Etapa nº 2 #

Faça o download de Lop S&D e salve em seu desktop.

  • Temporariamente desative seus programas de proteção (Antivirus, etc.) para não interferirem com a ferramenta.
  • Clique duas vezes no ícone do Lop S&D que estará no desktop.
    Se utiliza o Windows Vista, clique com o botão direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
  • Irá surgir uma janela , tecle P de Português e dê enter.
  • Pressione agora o número 1 e dê <Enter>.
  • A ferramenta irá rodar e a sua tela irá piscar, o que é normal. Por favor, seja paciente e aguarde.
  • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Primeiro, muito obrigado pela sua ajuda. Sem ela eu estaria perdido. ;-)

    Ontem deu a primeira tela azul e o Win Vista não reiniciava, ele informou que um arquivo estava corrompido. Como tenho o DVD original conseguir restaurar o que estava errado e voltou a funcionar, porém já deu outra tela azul hoje, mas voltou normal (não sei até quando).

    Quando inicio o Win Vista vem uma mensagem de erro dizendo que um DLL não foi encontrado, um tal de ojixosokaradewil.dll

    As vezes alguns páginas do Firefoz surgem do nada me levando a links de propagandas. Vou deixar o laptop ligado sem estar conectado a internet pois vou deixar tudo desabilitado. Como felizmente tenho um outro laptop eu vou ficar no aguardo de uma solução.

    Este terceiro spy-ware eu não sei qual é, talvez seja um programa que eu instalei, mas ele precisava ser pago para retirar o vírus, como não sabia se era bom ou não, eu desintalei, mas pelo visto ele ainda deve estar instalado.

    Acredito que agora consegui desabilitar o Windows Defender e AVG.

    Segue o Log do Lop S&D:

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2

    X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz )

    BIOS : Ver 1.00PARTTBL

    USER : Dominique ( Administrator )

    BOOT : Normal boot

    Antivirus : AVG Anti-Virus Free 8.0 (Activated)

    C:\ (Local Disk) - NTFS - Total:223 Go (Free:89 Go)

    D:\ (USB)

    E:\ (USB)

    F:\ (CD or DVD)

    Z:\ (Network Disk)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

    Option : [1] ( Fri 07/23/2010| 9:12 )

    [ UAC => 0 ]

    --------------------\\ Lista de pastas em Local

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\<DIR> {4001873C-F6DC-434B-A7B6-ECB479EEB0ED}

    [02/10/2010|11:44] C:\Users\DOMINI~1\AppData\Local\<DIR> Adobe

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\120 Akakeyam.dat

    [10/15/2008|12:23] C:\Users\DOMINI~1\AppData\Local\<DIR> Apple

    [04/22/2009|11:12] C:\Users\DOMINI~1\AppData\Local\<DIR> Apple Computer

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> Application Data

    [04/22/2009|06:00] C:\Users\DOMINI~1\AppData\Local\<DIR> ArcSoft

    [10/27/2008|05:21] C:\Users\DOMINI~1\AppData\Local\<DIR> Corel

    [07/11/2010|08:59] C:\Users\DOMINI~1\AppData\Local\102,912 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [04/22/2009|10:53] C:\Users\DOMINI~1\AppData\Local\6 desktop.ini

    [04/29/2009|09:51] C:\Users\DOMINI~1\AppData\Local\85,736 GDIPFONTCACHEV1.DAT

    [06/08/2008|04:28] C:\Users\DOMINI~1\AppData\Local\<DIR> Google

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> History

    [11/15/2009|08:35] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft

    [10/14/2008|10:40] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft Games

    [06/13/2008|08:21] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft Help

    [08/07/2009|07:47] C:\Users\DOMINI~1\AppData\Local\<DIR> Mozilla

    [07/20/2010|08:26] C:\Users\DOMINI~1\AppData\Local\<DIR> NPE

    [07/22/2010|08:45] C:\Users\DOMINI~1\AppData\Local\0 prvlcl.dat

    [07/23/2010|09:11] C:\Users\DOMINI~1\AppData\Local\<DIR> Temp

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> Temporary Internet Files

    [06/08/2008|05:24] C:\Users\DOMINI~1\AppData\Local\<DIR> VirtualStore

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\0 Wwuzutagesagubin.bin

    --------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

    [07/23/2010 09:02 AM][--a------] C:\Windows\tasks\Anti-spyware System Startup.job

    [07/20/2010 08:11 AM][--a------] C:\Windows\tasks\Anti-spyware Scheduled Scan.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\a862d6ec.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\SA.DAT

    [07/20/2010 02:22 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Lista de pastas em C:\ProgramData

    [01/13/2007|06:39] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}

    [10/15/2008|12:25] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    [03/16/2009|07:49] C:\ProgramData\<DIR> Adobe

    [10/15/2008|12:22] C:\ProgramData\<DIR> Apple

    [10/15/2008|12:24] C:\ProgramData\<DIR> Apple Computer

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Application Data

    [05/09/2009|06:43] C:\ProgramData\<DIR> ArcSoft

    [07/19/2010|07:25] C:\ProgramData\<DIR> avg9

    [01/13/2007|06:41] C:\ProgramData\<DIR> Corel

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Desktop

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Documents

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Favorites

    [01/13/2007|06:28] C:\ProgramData\<DIR> FLEXnet

    [03/08/2009|08:26] C:\ProgramData\<DIR> GbPlugin

    [06/09/2008|07:36] C:\ProgramData\<DIR> Google

    [06/19/2008|10:47] C:\ProgramData\<DIR> Hewlett-Packard

    [06/19/2008|10:50] C:\ProgramData\<DIR> HP

    [07/09/2008|10:21] C:\ProgramData\1,592 hpzinstall.log

    [06/14/2010|04:35] C:\ProgramData\<DIR> Microsoft

    [07/20/2010|03:03] C:\ProgramData\<DIR> Microsoft Help

    [12/13/2007|09:27] C:\ProgramData\<DIR> Napster

    [07/20/2010|08:21] C:\ProgramData\<DIR> Norton

    [10/07/2008|09:14] C:\ProgramData\<DIR> NOS

    [07/31/2008|10:02] C:\ProgramData\<DIR> Office Genuine Advantage

    [03/25/2010|02:43] C:\ProgramData\<DIR> Real

    [12/20/2009|02:55] C:\ProgramData\<DIR> Skype

    [12/24/2008|06:28] C:\ProgramData\<DIR> Sonic

    [08/11/2008|07:48] C:\ProgramData\<DIR> Sony Corporation

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Start Menu

    [06/09/2008|07:43] C:\ProgramData\<DIR> Symantec

    [07/20/2010|07:25] C:\ProgramData\<DIR> TEMP

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Templates

    [02/10/2010|10:15] C:\ProgramData\<DIR> Thomson.ResearchSoft.Installers

    [01/13/2007|06:48] C:\ProgramData\<DIR> VAIO Media Platform

    [06/19/2008|10:53] C:\ProgramData\<DIR> WEBREG

    [06/12/2008|02:58] C:\ProgramData\<DIR> WLInstaller

    --------------------\\ Lista de pastas em C:\Program Files

    [01/13/2007|06:39] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites

    [10/06/2008|06:12] C:\Program Files\<DIR> Adobe

    [10/15/2008|12:23] C:\Program Files\<DIR> Apple Software Update

    [04/22/2009|05:58] C:\Program Files\<DIR> ArcSoft

    [11/15/2009|08:38] C:\Program Files\<DIR> AVG

    [10/15/2008|12:24] C:\Program Files\<DIR> Bonjour

    [11/17/2008|12:07] C:\Program Files\<DIR> BrOffice.org 3

    [04/08/2010|12:14] C:\Program Files\<DIR> Common Files

    [12/13/2007|08:05] C:\Program Files\<DIR> CONEXANT

    [01/13/2007|06:40] C:\Program Files\<DIR> Corel

    [06/14/2010|04:19] C:\Program Files\<DIR> EndNote Demo

    [06/14/2010|04:39] C:\Program Files\<DIR> EndNote X

    [06/14/2010|04:27] C:\Program Files\<DIR> EndNote X3

    [10/13/2008|05:15] C:\Program Files\<DIR> ETS

    [07/22/2010|09:34] C:\Program Files\<DIR> GbPlugin

    [06/09/2008|07:43] C:\Program Files\<DIR> Google

    [06/19/2008|10:48] C:\Program Files\<DIR> Hewlett-Packard

    [10/21/2008|12:53] C:\Program Files\<DIR> HP

    [03/27/2010|06:59] C:\Program Files\<DIR> InstallShield Installation Information

    [12/13/2007|09:12] C:\Program Files\<DIR> intel

    [07/20/2010|08:09] C:\Program Files\<DIR> Internet Explorer

    [01/13/2007|06:53] C:\Program Files\<DIR> InterVideo

    [10/15/2008|12:24] C:\Program Files\<DIR> iPod

    [10/15/2008|12:25] C:\Program Files\<DIR> iTunes

    [01/15/2010|02:31] C:\Program Files\<DIR> Java

    [04/05/2009|09:40] C:\Program Files\<DIR> Microsoft

    [06/13/2008|08:22] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2

    [11/02/2006|07:37] C:\Program Files\<DIR> Microsoft Games

    [01/13/2007|06:38] C:\Program Files\<DIR> Microsoft Office

    [07/22/2010|09:34] C:\Program Files\<DIR> Microsoft Silverlight

    [04/05/2009|09:38] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition

    [04/05/2009|09:39] C:\Program Files\<DIR> Microsoft Sync Framework

    [06/09/2009|07:36] C:\Program Files\<DIR> Microsoft Works

    [01/13/2007|06:38] C:\Program Files\<DIR> Microsoft.NET

    [06/10/2009|11:41] C:\Program Files\<DIR> Movie Maker

    [07/23/2010|09:06] C:\Program Files\<DIR> Mozilla Firefox

    [11/02/2006|07:37] C:\Program Files\<DIR> MSBuild

    [12/13/2007|08:42] C:\Program Files\<DIR> MSXML 4.0

    [12/13/2007|09:28] C:\Program Files\<DIR> Napster

    [10/07/2008|09:14] C:\Program Files\<DIR> NOS

    [04/22/2009|05:52] C:\Program Files\<DIR> Panasonic

    [10/15/2008|12:24] C:\Program Files\<DIR> QuickTime

    [04/08/2010|12:14] C:\Program Files\<DIR> Real

    [11/02/2006|07:37] C:\Program Files\<DIR> Reference Assemblies

    [12/13/2007|09:30] C:\Program Files\<DIR> Roxio

    [05/29/2010|11:33] C:\Program Files\<DIR> Skype

    [01/13/2007|06:51] C:\Program Files\<DIR> Sony

    [12/13/2007|09:35] C:\Program Files\<DIR> Sony Corporation

    [12/13/2007|08:05] C:\Program Files\<DIR> Synaptics

    [10/18/2008|10:48] C:\Program Files\<DIR> Ubisoft

    [11/02/2006|08:01] C:\Program Files\<DIR> Uninstall Information

    [10/17/2009|05:50] C:\Program Files\<DIR> USMLE

    [05/15/2010|10:31] C:\Program Files\<DIR> uTorrent

    [12/13/2007|09:13] C:\Program Files\<DIR> WIDCOMM

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Calendar

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Collaboration

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Defender

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Journal

    [01/06/2010|10:57] C:\Program Files\<DIR> Windows Live

    [04/05/2009|09:35] C:\Program Files\<DIR> Windows Live SkyDrive

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Mail

    [07/22/2010|09:35] C:\Program Files\<DIR> Windows Media Player

    [11/02/2006|07:37] C:\Program Files\<DIR> Windows NT

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Photo Gallery

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Sidebar

    [05/08/2009|02:21] C:\Program Files\<DIR> Xvid

    --------------------\\ Lista de pastas em C:\Program Files\Common Files

    [03/16/2009|07:49] C:\Program Files\Common Files\<DIR> Adobe

    [10/06/2008|06:12] C:\Program Files\Common Files\<DIR> Adobe AIR

    [10/15/2008|12:23] C:\Program Files\Common Files\<DIR> Apple

    [04/22/2009|05:59] C:\Program Files\Common Files\<DIR> ArcSoft

    [01/13/2007|06:41] C:\Program Files\Common Files\<DIR> Corel

    [01/13/2007|06:38] C:\Program Files\Common Files\<DIR> DESIGNER

    [06/19/2008|10:48] C:\Program Files\Common Files\<DIR> Hewlett-Packard

    [06/19/2008|10:49] C:\Program Files\Common Files\<DIR> HP

    [01/13/2007|06:35] C:\Program Files\Common Files\<DIR> InstallShield

    [01/13/2007|06:53] C:\Program Files\Common Files\<DIR> InterVideo

    [12/13/2007|09:27] C:\Program Files\Common Files\<DIR> Java

    [01/13/2007|06:28] C:\Program Files\Common Files\<DIR> Macrovision Shared

    [11/15/2009|08:36] C:\Program Files\Common Files\<DIR> microsoft shared

    [12/13/2007|09:28] C:\Program Files\Common Files\<DIR> Napster Shared

    [12/13/2007|09:31] C:\Program Files\Common Files\<DIR> PX Storage Engine

    [04/08/2010|12:15] C:\Program Files\Common Files\<DIR> Real

    [02/10/2010|10:14] C:\Program Files\Common Files\<DIR> ResearchSoft

    [06/14/2010|04:34] C:\Program Files\Common Files\<DIR> Risxtd

    [12/13/2007|09:30] C:\Program Files\Common Files\<DIR> Roxio Shared

    [11/02/2006|06:18] C:\Program Files\Common Files\<DIR> Services

    [12/13/2007|09:31] C:\Program Files\Common Files\<DIR> Sonic Shared

    [01/13/2007|06:48] C:\Program Files\Common Files\<DIR> Sony Shared

    [11/02/2006|06:18] C:\Program Files\Common Files\<DIR> SpeechEngines

    [06/09/2008|07:43] C:\Program Files\Common Files\<DIR> Symantec Shared

    [06/10/2009|11:41] C:\Program Files\Common Files\<DIR> System

    [04/05/2009|09:26] C:\Program Files\Common Files\<DIR> Windows Live

    [06/12/2008|03:01] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

    [06/14/2010|04:31] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

    [04/08/2010|12:14] C:\Program Files\Common Files\<DIR> xing shared

    --------------------\\ Process

    ( 91 Processes )

    ... OK !

    --------------------\\ Procura pelo S_Lop

    Não foram encontradas pastas com o Lop!

    --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

    C:\Users\DOMINI~1\AppData\Local\Temp\State.of.Play.2009.DVDRip.XviD-AMIABLE-[tracker.BTARENA.org].5051931.TPB.torrent

    C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@ecnext.advertserve[1].txt

    C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@adultfriendfinder[2].txt

    C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@advertisingwebservice[2].txt

    C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@advertising[2].txt

    --------------------\\ Procura no Registro

    ..... OK !

    --------------------\\ Verificando o Arquivos/Ficheiros Hosts

    Arquivos/Ficheiros Hosts LIMPO

    --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-07-23 09:13:12

    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden files: 0

    --------------------\\ Procurando por outras infecções

    Não foram encontradas outras infecções.

    [F:2765][D:116]-> C:\Users\DOMINI~1\AppData\Local\Temp

    [F:2403][D:1]-> C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies

    [F:6917][D:16]-> C:\Users\DOMINI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [F:73][D:9]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - Fri 07/23/2010| 9:18 - Option : [1]

    --------------------\\ Verificação completa em 9:18:30

    [ UAC => 1 ]

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Primeiro, muito obrigado pela sua ajuda. Sem ela eu estaria perdido. ;-)
    :joia:

    Conecte o seu notebook para realizar os procedimentos abaixo ;)

    # Etapa nº 1 #

    • Clique duas vezes no ícone do Lop S&D que estará no desktop.
      Se utiliza o Windows Vista, clique com o botão direito do mouse no LopSD.exe e escolha 'Executar como administrador'.
    • Irá surgir uma janela (conforme imagem abaixo), tecle P de Português e dê enter.
      Lop_Choix-large.jpg
    • Escolha agora o número "3 - Remocao - Hosts" pressionando a tecla "3" e dê ENTER.
    • A ferramenta irá rodar para que a infecção possa ser removida.
    • No final será gerado um relatório (C:\lopR.txt). Cole o conteúdo desse relatório em sua próxima resposta.

    # Etapa nº 2 #

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Antes de postar os logs eu vou descrever o que houve.

    Quando fui fazer o Combofix, surgiu um pop-up dizendo que havia sido encontrado um vírus e que ele iria reiniciar e pedia para clicar OK.

    Eu cliquei OK e o Win reinicou e deu o mesmo problema de antes, de estar faltando um arquivo dentro do folder Windows\System32\Driver\xjezifn.sys

    Tive de usar o DVD do Win para reverter isto.

    Rodei novamente o Combofix (desta vez como admin, pois antes tinha dado uma mensagem de erro).

    O programa diz que ainda estou com o AVG ativado. Achei impossível pois decidi desintalar, mas pelo visto ele ainda está aqui dentro, nem sei como.

    Prossegui mesmo assim e no stage 2 trava e surge um pop-up do windows dizendo que o arquivo: PEV.cfxxe está com problema, quer achar uma solução na internet ou fechar.

    Esperei 30 minutos para ver se algo acontecia e nada, quando cliquei, o Combofix continuou normalmente e finalizou com o log.

    Então vamos lá. Espero que esteja limpo de vírus agora!

    Lop:

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft® Windows Vista™ Home Premium ( v6.0.6002 ) Service Pack 2

    X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU T8100 @ 2.10GHz )

    BIOS : Ver 1.00PARTTBL

    USER : Dominique ( Administrator )

    BOOT : Normal boot

    Antivirus : AVG Anti-Virus Free 8.0 (Activated)

    C:\ (Local Disk) - NTFS - Total:223 Go (Free:89 Go)

    D:\ (USB)

    E:\ (USB)

    F:\ (CD or DVD)

    Z:\ (Network Disk)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

    Option : [3] ( Fri 07/23/2010|12:06 )

    [ UAC => 1 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ REMOVIDOS

    Deletado! - C:\Users\DOMINI~1\AppData\Local\Temp\State.of.Play.2009.DVDRip.XviD-AMIABLE-[tracker.BTARENA.org].5051931.TPB.torrent

    Deletado! - C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@ecnext.advertserve[1].txt

    Deletado! - C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@adultfriendfinder[2].txt

    Deletado! - C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@advertisingwebservice[2].txt

    Deletado! - C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies\dominique@advertising[2].txt

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    --------------------\\ Lista de pastas em Local

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\<DIR> {4001873C-F6DC-434B-A7B6-ECB479EEB0ED}

    [02/10/2010|11:44] C:\Users\DOMINI~1\AppData\Local\<DIR> Adobe

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\120 Akakeyam.dat

    [10/15/2008|12:23] C:\Users\DOMINI~1\AppData\Local\<DIR> Apple

    [04/22/2009|11:12] C:\Users\DOMINI~1\AppData\Local\<DIR> Apple Computer

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> Application Data

    [04/22/2009|06:00] C:\Users\DOMINI~1\AppData\Local\<DIR> ArcSoft

    [10/27/2008|05:21] C:\Users\DOMINI~1\AppData\Local\<DIR> Corel

    [07/11/2010|08:59] C:\Users\DOMINI~1\AppData\Local\102,912 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [04/22/2009|10:53] C:\Users\DOMINI~1\AppData\Local\6 desktop.ini

    [04/29/2009|09:51] C:\Users\DOMINI~1\AppData\Local\85,736 GDIPFONTCACHEV1.DAT

    [06/08/2008|04:28] C:\Users\DOMINI~1\AppData\Local\<DIR> Google

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> History

    [11/15/2009|08:35] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft

    [10/14/2008|10:40] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft Games

    [06/13/2008|08:21] C:\Users\DOMINI~1\AppData\Local\<DIR> Microsoft Help

    [08/07/2009|07:47] C:\Users\DOMINI~1\AppData\Local\<DIR> Mozilla

    [07/20/2010|08:26] C:\Users\DOMINI~1\AppData\Local\<DIR> NPE

    [07/22/2010|08:45] C:\Users\DOMINI~1\AppData\Local\0 prvlcl.dat

    [07/23/2010|12:06] C:\Users\DOMINI~1\AppData\Local\<DIR> Temp

    [06/08/2008|05:22] C:\Users\DOMINI~1\AppData\Local\<JUNCTION> Temporary Internet Files

    [06/08/2008|05:24] C:\Users\DOMINI~1\AppData\Local\<DIR> VirtualStore

    [07/19/2010|06:30] C:\Users\DOMINI~1\AppData\Local\0 Wwuzutagesagubin.bin

    --------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

    [07/23/2010 09:02 AM][--a------] C:\Windows\tasks\Anti-spyware System Startup.job

    [07/20/2010 08:11 AM][--a------] C:\Windows\tasks\Anti-spyware Scheduled Scan.job

    [07/23/2010 11:23 AM][--ah-----] C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

    [07/23/2010 11:17 AM][--ah-----] C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\a862d6ec.job

    [07/23/2010 09:02 AM][--ah-----] C:\Windows\tasks\SA.DAT

    [07/20/2010 02:22 PM][--a------] C:\Windows\tasks\SCHEDLGU.TXT

    --------------------\\ Lista de pastas em C:\ProgramData

    [01/13/2007|06:39] C:\ProgramData\<DIR> {174892B1-CBE7-44F5-86FF-AB555EFD73A3}

    [10/15/2008|12:25] C:\ProgramData\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}

    [03/16/2009|07:49] C:\ProgramData\<DIR> Adobe

    [10/15/2008|12:22] C:\ProgramData\<DIR> Apple

    [10/15/2008|12:24] C:\ProgramData\<DIR> Apple Computer

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Application Data

    [05/09/2009|06:43] C:\ProgramData\<DIR> ArcSoft

    [07/19/2010|07:25] C:\ProgramData\<DIR> avg9

    [01/13/2007|06:41] C:\ProgramData\<DIR> Corel

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Desktop

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Documents

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Favorites

    [01/13/2007|06:28] C:\ProgramData\<DIR> FLEXnet

    [03/08/2009|08:26] C:\ProgramData\<DIR> GbPlugin

    [06/09/2008|07:36] C:\ProgramData\<DIR> Google

    [06/19/2008|10:47] C:\ProgramData\<DIR> Hewlett-Packard

    [06/19/2008|10:50] C:\ProgramData\<DIR> HP

    [07/09/2008|10:21] C:\ProgramData\1,592 hpzinstall.log

    [06/14/2010|04:35] C:\ProgramData\<DIR> Microsoft

    [07/20/2010|03:03] C:\ProgramData\<DIR> Microsoft Help

    [12/13/2007|09:27] C:\ProgramData\<DIR> Napster

    [07/20/2010|08:21] C:\ProgramData\<DIR> Norton

    [10/07/2008|09:14] C:\ProgramData\<DIR> NOS

    [07/31/2008|10:02] C:\ProgramData\<DIR> Office Genuine Advantage

    [03/25/2010|02:43] C:\ProgramData\<DIR> Real

    [12/20/2009|02:55] C:\ProgramData\<DIR> Skype

    [12/24/2008|06:28] C:\ProgramData\<DIR> Sonic

    [08/11/2008|07:48] C:\ProgramData\<DIR> Sony Corporation

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Start Menu

    [06/09/2008|07:43] C:\ProgramData\<DIR> Symantec

    [07/20/2010|07:25] C:\ProgramData\<DIR> TEMP

    [11/02/2006|08:02] C:\ProgramData\<JUNCTION> Templates

    [02/10/2010|10:15] C:\ProgramData\<DIR> Thomson.ResearchSoft.Installers

    [01/13/2007|06:48] C:\ProgramData\<DIR> VAIO Media Platform

    [06/19/2008|10:53] C:\ProgramData\<DIR> WEBREG

    [06/12/2008|02:58] C:\ProgramData\<DIR> WLInstaller

    --------------------\\ Lista de pastas em C:\Program Files

    [01/13/2007|06:39] C:\Program Files\<DIR> Activation Assistant for the 2007 Microsoft Office suites

    [10/06/2008|06:12] C:\Program Files\<DIR> Adobe

    [10/15/2008|12:23] C:\Program Files\<DIR> Apple Software Update

    [04/22/2009|05:58] C:\Program Files\<DIR> ArcSoft

    [11/15/2009|08:38] C:\Program Files\<DIR> AVG

    [10/15/2008|12:24] C:\Program Files\<DIR> Bonjour

    [11/17/2008|12:07] C:\Program Files\<DIR> BrOffice.org 3

    [04/08/2010|12:14] C:\Program Files\<DIR> Common Files

    [12/13/2007|08:05] C:\Program Files\<DIR> CONEXANT

    [01/13/2007|06:40] C:\Program Files\<DIR> Corel

    [06/14/2010|04:19] C:\Program Files\<DIR> EndNote Demo

    [06/14/2010|04:39] C:\Program Files\<DIR> EndNote X

    [06/14/2010|04:27] C:\Program Files\<DIR> EndNote X3

    [10/13/2008|05:15] C:\Program Files\<DIR> ETS

    [07/22/2010|09:34] C:\Program Files\<DIR> GbPlugin

    [06/09/2008|07:43] C:\Program Files\<DIR> Google

    [06/19/2008|10:48] C:\Program Files\<DIR> Hewlett-Packard

    [10/21/2008|12:53] C:\Program Files\<DIR> HP

    [03/27/2010|06:59] C:\Program Files\<DIR> InstallShield Installation Information

    [12/13/2007|09:12] C:\Program Files\<DIR> intel

    [07/20/2010|08:09] C:\Program Files\<DIR> Internet Explorer

    [01/13/2007|06:53] C:\Program Files\<DIR> InterVideo

    [10/15/2008|12:24] C:\Program Files\<DIR> iPod

    [10/15/2008|12:25] C:\Program Files\<DIR> iTunes

    [01/15/2010|02:31] C:\Program Files\<DIR> Java

    [04/05/2009|09:40] C:\Program Files\<DIR> Microsoft

    [06/13/2008|08:22] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2

    [11/02/2006|07:37] C:\Program Files\<DIR> Microsoft Games

    [01/13/2007|06:38] C:\Program Files\<DIR> Microsoft Office

    [07/22/2010|09:34] C:\Program Files\<DIR> Microsoft Silverlight

    [04/05/2009|09:38] C:\Program Files\<DIR> Microsoft SQL Server Compact Edition

    [04/05/2009|09:39] C:\Program Files\<DIR> Microsoft Sync Framework

    [06/09/2009|07:36] C:\Program Files\<DIR> Microsoft Works

    [01/13/2007|06:38] C:\Program Files\<DIR> Microsoft.NET

    [06/10/2009|11:41] C:\Program Files\<DIR> Movie Maker

    [07/23/2010|09:06] C:\Program Files\<DIR> Mozilla Firefox

    [11/02/2006|07:37] C:\Program Files\<DIR> MSBuild

    [12/13/2007|08:42] C:\Program Files\<DIR> MSXML 4.0

    [12/13/2007|09:28] C:\Program Files\<DIR> Napster

    [10/07/2008|09:14] C:\Program Files\<DIR> NOS

    [04/22/2009|05:52] C:\Program Files\<DIR> Panasonic

    [10/15/2008|12:24] C:\Program Files\<DIR> QuickTime

    [04/08/2010|12:14] C:\Program Files\<DIR> Real

    [11/02/2006|07:37] C:\Program Files\<DIR> Reference Assemblies

    [12/13/2007|09:30] C:\Program Files\<DIR> Roxio

    [05/29/2010|11:33] C:\Program Files\<DIR> Skype

    [01/13/2007|06:51] C:\Program Files\<DIR> Sony

    [12/13/2007|09:35] C:\Program Files\<DIR> Sony Corporation

    [12/13/2007|08:05] C:\Program Files\<DIR> Synaptics

    [10/18/2008|10:48] C:\Program Files\<DIR> Ubisoft

    [11/02/2006|08:01] C:\Program Files\<DIR> Uninstall Information

    [10/17/2009|05:50] C:\Program Files\<DIR> USMLE

    [05/15/2010|10:31] C:\Program Files\<DIR> uTorrent

    [12/13/2007|09:13] C:\Program Files\<DIR> WIDCOMM

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Calendar

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Collaboration

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Defender

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Journal

    [01/06/2010|10:57] C:\Program Files\<DIR> Windows Live

    [04/05/2009|09:35] C:\Program Files\<DIR> Windows Live SkyDrive

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Mail

    [07/22/2010|09:35] C:\Program Files\<DIR> Windows Media Player

    [11/02/2006|07:37] C:\Program Files\<DIR> Windows NT

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Photo Gallery

    [06/10/2009|11:41] C:\Program Files\<DIR> Windows Sidebar

    [05/08/2009|02:21] C:\Program Files\<DIR> Xvid

    --------------------\\ Lista de pastas em C:\Program Files\Common Files

    [03/16/2009|07:49] C:\Program Files\Common Files\<DIR> Adobe

    [10/06/2008|06:12] C:\Program Files\Common Files\<DIR> Adobe AIR

    [10/15/2008|12:23] C:\Program Files\Common Files\<DIR> Apple

    [04/22/2009|05:59] C:\Program Files\Common Files\<DIR> ArcSoft

    [01/13/2007|06:41] C:\Program Files\Common Files\<DIR> Corel

    [01/13/2007|06:38] C:\Program Files\Common Files\<DIR> DESIGNER

    [06/19/2008|10:48] C:\Program Files\Common Files\<DIR> Hewlett-Packard

    [06/19/2008|10:49] C:\Program Files\Common Files\<DIR> HP

    [01/13/2007|06:35] C:\Program Files\Common Files\<DIR> InstallShield

    [01/13/2007|06:53] C:\Program Files\Common Files\<DIR> InterVideo

    [12/13/2007|09:27] C:\Program Files\Common Files\<DIR> Java

    [01/13/2007|06:28] C:\Program Files\Common Files\<DIR> Macrovision Shared

    [11/15/2009|08:36] C:\Program Files\Common Files\<DIR> microsoft shared

    [12/13/2007|09:28] C:\Program Files\Common Files\<DIR> Napster Shared

    [12/13/2007|09:31] C:\Program Files\Common Files\<DIR> PX Storage Engine

    [04/08/2010|12:15] C:\Program Files\Common Files\<DIR> Real

    [02/10/2010|10:14] C:\Program Files\Common Files\<DIR> ResearchSoft

    [06/14/2010|04:34] C:\Program Files\Common Files\<DIR> Risxtd

    [12/13/2007|09:30] C:\Program Files\Common Files\<DIR> Roxio Shared

    [11/02/2006|06:18] C:\Program Files\Common Files\<DIR> Services

    [12/13/2007|09:31] C:\Program Files\Common Files\<DIR> Sonic Shared

    [01/13/2007|06:48] C:\Program Files\Common Files\<DIR> Sony Shared

    [11/02/2006|06:18] C:\Program Files\Common Files\<DIR> SpeechEngines

    [06/09/2008|07:43] C:\Program Files\Common Files\<DIR> Symantec Shared

    [06/10/2009|11:41] C:\Program Files\Common Files\<DIR> System

    [04/05/2009|09:26] C:\Program Files\Common Files\<DIR> Windows Live

    [06/12/2008|03:01] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller

    [06/14/2010|04:31] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

    [04/08/2010|12:14] C:\Program Files\Common Files\<DIR> xing shared

    --------------------\\ Process

    ( 90 Processes )

    ... OK !

    --------------------\\ Procura pelo S_Lop

    Não foram encontradas pastas com o Lop!

    --------------------\\ Procura por Arquivos/Ficheiros e pastas do Lop

    Não foram encontradas pastas com o Lop!

    --------------------\\ Procura no Registro

    ..... OK !

    --------------------\\ Verificando o Arquivos/Ficheiros Hosts

    Arquivos/Ficheiros Hosts LIMPO

    --------------------\\ Procurando Arquivos/Ficheiros ocultos com o Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-07-23 12:07:14

    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden files ...

    scan completed successfully

    hidden processes: 0

    hidden files: 0

    --------------------\\ Procurando por outras infecções

    Não foram encontradas outras infecções.

    [F:2764][D:116]-> C:\Users\DOMINI~1\AppData\Local\Temp

    [F:2399][D:1]-> C:\Users\DOMINI~1\AppData\Roaming\MICROS~1\Windows\Cookies

    [F:6942][D:16]-> C:\Users\DOMINI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5

    [F:73][D:9]-> C:\$Recycle.Bin

    1 - "C:\Lop SD\LopR_1.txt" - Fri 07/23/2010| 9:18 - Option : [1]

    2 - "C:\Lop SD\LopR_2.txt" - Fri 07/23/2010|12:11 - Option : [3]

    --------------------\\ Verificação completa em 12:11:53

    [ UAC => 1 ]

    COMBOFIX:

    ComboFix 10-07-22.06 - Dominique 07/23/2010 13:37:56.1.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1730 [GMT -5:00]

    Running from: c:\users\Dominique\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    SP: Anti-spyware *disabled* (Updated) {8D8F6278-148C-4AB9-9FA0-418C1C93CBB5}

    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\users\Dominique\AppData\Local\{4001873C-F6DC-434B-A7B6-ECB479EEB0ED}

    c:\users\Dominique\AppData\Local\{4001873C-F6DC-434B-A7B6-ECB479EEB0ED}\chrome.manifest

    c:\users\Dominique\AppData\Local\{4001873C-F6DC-434B-A7B6-ECB479EEB0ED}\chrome\content\_cfg.js

    c:\users\Dominique\AppData\Local\{4001873C-F6DC-434B-A7B6-ECB479EEB0ED}\chrome\content\overlay.xul

    c:\users\Dominique\AppData\Local\{4001873C-F6DC-434B-A7B6-ECB479EEB0ED}\install.rdf

    c:\windows\$NtUninstallMTF1011$

    c:\windows\$NtUninstallMTF1011$\zrpt.xml

    c:\windows\system32\AutoRun.inf

    c:\windows\system32\ernel32.dll

    c:\windows\system32\znjep.dll

    c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

    c:\windows\xpsp1hfm.log

    Infected copy of c:\windows\system32\drivers\volmgrx.sys was found and disinfected

    Restored copy from - Kitty had a snack :P

    .

    ((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))

    .

    2010-07-23 19:21 . 2010-07-23 19:23 -------- d-----w- c:\users\Dominique\AppData\Local\temp

    2010-07-23 19:21 . 2010-07-23 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-07-23 14:12 . 2010-07-23 17:11 -------- d-----w- C:\Lop SD

    2010-07-20 19:32 . 2010-07-20 19:32 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll

    2010-07-20 19:32 . 2010-07-20 19:32 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll

    2010-07-20 19:32 . 2010-07-20 19:32 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

    2010-07-20 19:32 . 2010-07-20 19:32 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe

    2010-07-20 19:32 . 2010-07-20 19:32 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

    2010-07-20 18:53 . 2010-07-20 18:53 292840 ----a-w- c:\windows\system32\drivers\sjilisjf.sys

    2010-07-20 13:21 . 2010-07-20 13:21 -------- d-----w- c:\programdata\Norton

    2010-07-20 13:21 . 2010-07-20 13:26 -------- d-----w- c:\users\Dominique\AppData\Local\NPE

    2010-07-20 12:25 . 2010-07-20 12:26 -------- d-----w- c:\users\Dominique\AppData\Roaming\Anti-spyware

    2010-07-20 11:56 . 2010-07-20 11:56 292840 ----a-w- c:\windows\system32\drivers\liaytvzj.sys

    2010-07-20 03:57 . 2010-07-20 19:22 -------- d-----w- c:\windows\system32\MpEngineStore

    2010-07-19 23:30 . 2010-07-19 23:30 120 ----a-w- c:\users\Dominique\AppData\Local\Akakeyam.dat

    2010-07-19 23:30 . 2010-07-19 23:30 0 ----a-w- c:\users\Dominique\AppData\Local\Wwuzutagesagubin.bin

    2010-07-15 20:13 . 2010-07-15 20:13 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

    2010-07-15 20:13 . 2010-07-15 20:13 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys

    2010-07-15 20:12 . 2010-07-15 20:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    2010-07-15 20:11 . 2010-07-15 20:11 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll

    2010-07-15 20:11 . 2010-07-15 20:11 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe

    2010-07-15 20:11 . 2010-07-15 20:11 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

    2010-07-15 20:11 . 2010-07-15 20:11 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-07-23 20:53 . 2009-04-06 02:41 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-07-23 20:53 . 2009-03-09 01:26 -------- d-----w- c:\program files\GbPlugin

    2010-07-23 18:33 . 2007-12-13 12:42 12 ----a-w- c:\windows\bthservsdp.dat

    2010-07-23 17:55 . 2009-11-16 01:37 -------- d-----w- c:\programdata\avg9

    2010-07-23 01:45 . 2010-03-24 16:30 0 ----a-w- c:\users\Dominique\AppData\Local\prvlcl.dat

    2010-07-22 04:17 . 2008-06-10 01:03 -------- d-----w- c:\users\Dominique\AppData\Roaming\Skype

    2010-07-20 20:03 . 2007-01-13 23:37 -------- d-----w- c:\programdata\Microsoft Help

    2010-07-16 15:36 . 2008-11-17 05:11 1 ----a-w- c:\users\Dominique\AppData\Roaming\BrOffice.org\3\user\uno_packages\cache\stamp.sys

    2010-07-15 20:12 . 2009-02-03 21:53 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

    2010-07-15 20:12 . 2008-06-10 00:57 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

    2010-06-24 20:06 . 2008-10-14 21:45 -------- d-----w- c:\users\Dominique\AppData\Roaming\uTorrent

    2010-06-14 21:43 . 2010-02-11 03:23 -------- d-----w- c:\users\Dominique\AppData\Roaming\EndNote

    2010-06-14 21:39 . 2010-06-14 21:33 -------- d-----w- c:\program files\EndNote X

    2010-06-14 21:34 . 2010-02-11 03:15 -------- d-----w- c:\program files\Common Files\Risxtd

    2010-06-14 21:31 . 2010-02-10 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

    2010-06-14 21:27 . 2010-02-11 03:13 -------- d-----w- c:\program files\EndNote X3

    2010-06-14 21:19 . 2010-06-14 21:17 -------- d-----w- c:\program files\EndNote Demo

    2010-06-02 15:10 . 2008-06-10 00:57 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

    2010-05-29 16:33 . 2009-04-02 17:30 -------- d-----r- c:\program files\Skype

    2010-05-21 19:14 . 2009-10-02 22:50 221568 ----a-w- c:\windows\system32\MpSigStub.exe

    2010-05-04 05:59 . 2010-07-20 12:57 916480 ----a-w- c:\windows\system32\wininet.dll

    2010-05-04 05:55 . 2010-07-20 12:57 71680 ----a-w- c:\windows\system32\iesetup.dll

    2010-05-04 05:55 . 2010-07-20 12:57 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2010-05-04 04:31 . 2010-07-20 12:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2008-10-27 22:21 . 2008-10-27 22:21 88 --sh--r- c:\windows\System32\B2AB79BDAD.sys

    2008-10-27 22:22 . 2008-10-27 22:21 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 4423680]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]

    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-08 202256]

    c:\users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-4-22 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "VistaSp2"=hex(B):ba,d9,b5,6e,eb,e9,c9,01

    R1 pcgjlvop;pcgjlvop;c:\windows\system32\drivers\pcgjlvop.sys [x]

    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]

    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]

    R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]

    R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]

    R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]

    S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]

    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]

    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2008-05-16 47080]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 17920]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-11-16 28464]

    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-16 73472]

    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-16 43904]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]

    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - xjezifn

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HPService REG_MULTI_SZ HPSLPSVC

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    Contents of the 'Scheduled Tasks' folder

    2010-07-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-598579466-1016022064-3402684674-1000.job

    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://mail.terra.com.br/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///F:/data/index/ses_ocx/sessearch.ocx

    FF - ProfilePath - c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\2jgwwqmv.default\

    FF - prefs.js: browser.startup.homepage - hxxp://mail.terra.com.br/

    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Unattend0000000001{FE3358AD-C63B-4F3E-A738-80713562D20D} - c:\program files\Sony\First Experience\VAIOWelcome.exe

    HKLM-Run-MChk - c:\windows\system32\qnjep.exe

    HKLM-Run-Utigufolifasufol - c:\users\Dominique\AppData\Local\ojixosokaradewil.dll

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-07-23 14:23

    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    Completion time: 2010-07-23 14:25:33

    ComboFix-quarantined-files.txt 2010-07-23 19:25

    Pre-Run: 111,292,989,440 bytes free

    Post-Run: 112,601,669,632 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

    - - End Of File - - D09C4947C02790B2C84C5FF70F10B9C4

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Amigo, sua MP não procede... hoje é o terceiro dia!

    Quanto ao AVG ainda tem alguns serviços dele rodando, vou agora desistalá-lo por completo ;)

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    SecCenter::
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Anti-spyware *disabled* (Updated) {8D8F6278-148C-4AB9-9FA0-418C1C93CBB5}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    File::
    c:\windows\system32\drivers\liaytvzj.sys
    c:\users\Dominique\AppData\Local\Akakeyam.dat
    c:\users\Dominique\AppData\Local\Wwuzutagesagubin. bin
    c:\users\Dominique\AppData\Local\Wwuzutagesagubin.bin
    c:\windows\system32\drivers\pcgjlvop.sys
    c:\windows\System32\Drivers\avgldx86.sys
    c:\windows\System32\Drivers\avgtdix.sys

    Folder::
    c:\program files\AVG

    Driver::
    pcgjlvop
    avg9emc
    avg9wd
    AvgLdx86
    AvgTdiX

    Reglock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Segue o Log solicitado. Espero que este vírus ou seja lá o que for tenha sumido da máquima. ;-)

    ComboFix 10-07-22.06 - Dominique 07/27/2010 10:16:49.2.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1624 [GMT -5:00]

    Running from: c:\users\Dominique\Desktop\ComboFix.exe

    Command switches used :: c:\users\Dominique\Desktop\CFScript.txt

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::

    "c:\users\Dominique\AppData\Local\Akakeyam.dat"

    "c:\users\Dominique\AppData\Local\Wwuzutagesagubin. bin"

    "c:\users\Dominique\AppData\Local\Wwuzutagesagubin.bin"

    "c:\windows\System32\Drivers\avgldx86.sys"

    "c:\windows\System32\Drivers\avgtdix.sys"

    "c:\windows\system32\drivers\liaytvzj.sys"

    "c:\windows\system32\drivers\pcgjlvop.sys"

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\program files\AVG

    c:\program files\AVG\AVG9\avgabout.dll

    c:\program files\AVG\AVG9\avgamnot.dll

    c:\program files\AVG\AVG9\avgapix.dll

    c:\program files\AVG\AVG9\avgatend.stp

    c:\program files\AVG\AVG9\avgatupd.stp

    c:\program files\AVG\AVG9\avgcclix.dll

    c:\program files\AVG\AVG9\avgcertx.dll

    c:\program files\AVG\AVG9\avgcfgex.exe

    c:\program files\AVG\AVG9\avgcfgx.dll

    c:\program files\AVG\AVG9\avgchclx.dll

    c:\program files\AVG\AVG9\avgchjwx.dll

    c:\program files\AVG\AVG9\avgchsvx.exe

    c:\program files\AVG\AVG9\avgclitx.dll

    c:\program files\AVG\AVG9\avgcmgr.exe

    c:\program files\AVG\AVG9\avgcorex.dll

    c:\program files\AVG\AVG9\avgcrlpx.dll

    c:\program files\AVG\AVG9\avgcsrvx.exe

    c:\program files\AVG\AVG9\avgdumpx.exe

    c:\program files\AVG\AVG9\avgemc.exe

    c:\program files\AVG\AVG9\avgfrw.exe

    c:\program files\AVG\AVG9\avginet.dll

    c:\program files\AVG\AVG9\avgiproxy.exe

    c:\program files\AVG\AVG9\avglngx.dll

    c:\program files\AVG\AVG9\avglogx.dll

    c:\program files\AVG\AVG9\avglogx.dll.install_backup

    c:\program files\AVG\AVG9\avglvex.dll

    c:\program files\AVG\AVG9\avgmail.dll

    c:\program files\AVG\AVG9\avgmtrapx.dll

    c:\program files\AVG\AVG9\avgmvflx.dll

    c:\program files\AVG\AVG9\avgnsx.exe

    c:\program files\AVG\AVG9\avgpp.dll

    c:\program files\AVG\AVG9\avgresf.dll

    c:\program files\AVG\AVG9\avgrsx.exe

    c:\program files\AVG\AVG9\avgscanx.dll

    c:\program files\AVG\AVG9\avgscanx.exe

    c:\program files\AVG\AVG9\avgsched.dll

    c:\program files\AVG\AVG9\avgse.dll

    c:\program files\AVG\AVG9\avgsrmax.exe

    c:\program files\AVG\AVG9\avgsrmx.dll

    c:\program files\AVG\AVG9\avgssie.dll

    c:\program files\AVG\AVG9\avgtray.exe

    c:\program files\AVG\AVG9\avgui.exe

    c:\program files\AVG\AVG9\avguiadv.dll

    c:\program files\AVG\AVG9\avguires.dll

    c:\program files\AVG\AVG9\avgupd.dll

    c:\program files\AVG\AVG9\avgupd.exe

    c:\program files\AVG\AVG9\avgvvx.dll

    c:\program files\AVG\AVG9\avgwd.dll

    c:\program files\AVG\AVG9\avgwdsvc.exe

    c:\program files\AVG\AVG9\avgwdwsc.dll

    c:\program files\AVG\AVG9\avgwsc.exe

    c:\program files\AVG\AVG9\avgxpl.dll

    c:\program files\AVG\AVG9\dbghelp.dll

    c:\program files\AVG\AVG9\Firefox\chrome.manifest

    c:\program files\AVG\AVG9\Firefox\Components\avgssff.dll

    c:\program files\AVG\AVG9\fixcfg.exe

    c:\program files\AVG\AVG9\libsasl.dll

    c:\program files\AVG\AVG9\saslcrammd5.dll

    c:\program files\AVG\AVG9\sasldigestmd5.dll

    c:\program files\AVG\AVG9\sasllogin.dll

    c:\program files\AVG\AVG9\saslplain.dll

    c:\program files\AVG\AVG9\setup.exe

    c:\users\Dominique\AppData\Local\Akakeyam.dat

    c:\users\Dominique\AppData\Local\Wwuzutagesagubin.bin

    c:\windows\System32\Drivers\avgldx86.sys

    c:\windows\System32\Drivers\avgtdix.sys

    c:\windows\system32\drivers\liaytvzj.sys

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_AVGLDX86

    -------\Legacy_AVGTDIX

    -------\Service_avg9emc

    -------\Service_avg9wd

    -------\Service_AvgLdx86

    -------\Service_AvgTdiX

    -------\Service_pcgjlvop

    ((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))

    .

    2010-07-27 15:24 . 2010-07-27 15:25 -------- d-----w- c:\users\Dominique\AppData\Local\Temp

    2010-07-27 15:22 . 2010-07-27 15:22 -------- d-----w- c:\users\Public\AppData\Local\temp

    2010-07-27 15:22 . 2010-07-27 15:22 -------- d-----w- c:\users\Default\AppData\Local\temp

    2010-07-27 15:22 . 2010-07-27 15:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp

    2010-07-23 14:12 . 2010-07-23 17:11 -------- d-----w- C:\Lop SD

    2010-07-20 18:53 . 2010-07-20 18:53 292840 ----a-w- c:\windows\system32\drivers\sjilisjf.sys

    2010-07-20 13:21 . 2010-07-20 13:21 -------- d-----w- c:\programdata\Norton

    2010-07-20 13:21 . 2010-07-20 13:26 -------- d-----w- c:\users\Dominique\AppData\Local\NPE

    2010-07-20 12:25 . 2010-07-20 12:26 -------- d-----w- c:\users\Dominique\AppData\Roaming\Anti-spyware

    2010-07-20 03:57 . 2010-07-20 19:22 -------- d-----w- c:\windows\system32\MpEngineStore

    2010-07-15 20:12 . 2010-07-15 20:12 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-07-27 15:23 . 2007-12-13 12:42 12 ----a-w- c:\windows\bthservsdp.dat

    2010-07-27 15:09 . 2008-06-10 01:03 -------- d-----w- c:\users\Dominique\AppData\Roaming\Skype

    2010-07-26 04:11 . 2007-12-13 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information

    2010-07-23 20:53 . 2009-04-06 02:41 -------- d-----w- c:\program files\Microsoft Silverlight

    2010-07-23 20:53 . 2009-03-09 01:26 -------- d-----w- c:\program files\GbPlugin

    2010-07-23 17:55 . 2009-11-16 01:37 -------- d-----w- c:\programdata\avg9

    2010-07-23 01:45 . 2010-03-24 16:30 0 ----a-w- c:\users\Dominique\AppData\Local\prvlcl.dat

    2010-07-20 20:03 . 2007-01-13 23:37 -------- d-----w- c:\programdata\Microsoft Help

    2010-07-20 19:32 . 2010-07-20 19:32 1615200 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll

    2010-07-20 19:32 . 2010-07-20 19:32 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll

    2010-07-20 19:32 . 2010-07-20 19:32 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll

    2010-07-20 19:32 . 2010-07-20 19:32 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe

    2010-07-20 19:32 . 2010-07-20 19:32 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

    2010-07-16 15:36 . 2008-11-17 05:11 1 ----a-w- c:\users\Dominique\AppData\Roaming\BrOffice.org\3\user\uno_packages\cache\stamp.sys

    2010-07-15 20:13 . 2010-07-15 20:13 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys

    2010-07-15 20:13 . 2010-07-15 20:13 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys

    2010-07-15 20:11 . 2010-07-15 20:11 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll

    2010-07-15 20:11 . 2010-07-15 20:11 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe

    2010-07-15 20:11 . 2010-07-15 20:11 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll

    2010-07-15 20:11 . 2010-07-15 20:11 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe

    2010-06-24 20:06 . 2008-10-14 21:45 -------- d-----w- c:\users\Dominique\AppData\Roaming\uTorrent

    2010-06-14 21:43 . 2010-02-11 03:23 -------- d-----w- c:\users\Dominique\AppData\Roaming\EndNote

    2010-06-14 21:39 . 2010-06-14 21:33 -------- d-----w- c:\program files\EndNote X

    2010-06-14 21:34 . 2010-02-11 03:15 -------- d-----w- c:\program files\Common Files\Risxtd

    2010-06-14 21:31 . 2010-02-10 16:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

    2010-06-14 21:27 . 2010-02-11 03:13 -------- d-----w- c:\program files\EndNote X3

    2010-06-14 21:19 . 2010-06-14 21:17 -------- d-----w- c:\program files\EndNote Demo

    2010-06-02 15:10 . 2008-06-10 00:57 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

    2010-05-29 16:33 . 2009-04-02 17:30 -------- d-----r- c:\program files\Skype

    2010-05-21 19:14 . 2009-10-02 22:50 221568 ----a-w- c:\windows\system32\MpSigStub.exe

    2010-05-04 05:59 . 2010-07-20 12:57 916480 ----a-w- c:\windows\system32\wininet.dll

    2010-05-04 05:55 . 2010-07-20 12:57 71680 ----a-w- c:\windows\system32\iesetup.dll

    2010-05-04 05:55 . 2010-07-20 12:57 109056 ----a-w- c:\windows\system32\iesysprep.dll

    2010-05-04 04:31 . 2010-07-20 12:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe

    2008-10-27 22:21 . 2008-10-27 22:21 88 --sh--r- c:\windows\System32\B2AB79BDAD.sys

    2008-10-27 22:22 . 2008-10-27 22:21 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 4423680]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]

    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]

    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-08 202256]

    c:\users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]

    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-4-22 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "VistaSp2"=hex(B):ba,d9,b5,6e,eb,e9,c9,01

    R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]

    R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]

    R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-04-11 19968]

    S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2008-05-16 47080]

    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

    S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 125440]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 17920]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-11-16 28464]

    S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-16 73472]

    S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-16 43904]

    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]

    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-16 818688]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - xjezifn

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HPService REG_MULTI_SZ HPSLPSVC

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://mail.terra.com.br/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///F:/data/index/ses_ocx/sessearch.ocx

    FF - ProfilePath - c:\users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\2jgwwqmv.default\

    FF - prefs.js: browser.startup.homepage - hxxp://mail.terra.com.br/

    FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe

    AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-07-27 10:24

    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(4264)

    c:\windows\system32\btmmhook.dll

    c:\windows\system32\btncopy.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\conime.exe

    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    c:\program files\Bonjour\mDNSResponder.exe

    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    c:\windows\system32\PSIService.exe

    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    c:\program files\Sony\VAIO Event Service\VESMgr.exe

    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

    c:\windows\system32\DRIVERS\xaudio.exe

    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe

    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe

    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    c:\windows\system32\WUDFHost.exe

    c:\windows\system32\igfxext.exe

    c:\windows\system32\igfxsrvc.exe

    c:\program files\Sony\VAIO Power Management\SPMgr.exe

    c:\windows\system32\igfxsrvc.exe

    c:\program files\Windows Media Player\wmpnetwk.exe

    c:\program files\iPod\bin\iPodService.exe

    c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

    .

    **************************************************************************

    .

    Completion time: 2010-07-27 10:35:24 - machine was rebooted

    ComboFix-quarantined-files.txt 2010-07-27 15:35

    ComboFix2.txt 2010-07-23 19:25

    Pre-Run: 112,760,721,408 bytes free

    Post-Run: 112,544,493,568 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

    - - End Of File - - 39A3E3195C2F5B44B399978FFD3954B4

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    # Etapa nº 1 #

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    File::
    c:\windows\system32\drivers\sjilisjf.sys

    Folder::
    c:\programdata\avg9

    Salve este arquivo como: CFScript.txt

    2872959479_997d4500c4_o.gif

    Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    # Etapa nº 2 #

    Acesse o site 4y6d3b8.gif" Jotti's malware scan "

    • Na caixa que fica em cima (File to upload & scan);
    • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
      • c:\windows\system32\drivers\regi.sys

      [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

    Se o site acima estiver muito congestionado, tente num desses sites:

    Alternativa 1

    Alternativa 2

    # Etapa nº 3 #

    Faça um novo log com o GMER e poste.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • O Combofix pediu para ser atualizado e não atualizei de primeira. Nesta primeira tentativa ele travou e deixou a tela do laptop apenas com o fundo de tela.

    Reiniciei, rodei novamente o Combofix atualizado com o script e desta vez deu certo, mas ele fechou sem abrir o pop-up. Tive de ir lá no diretório copiar o log que segue:

    ComboFix 10-07-26.04 - Dominique 07/27/2010 19:31:07.4.2 - x86

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1894 [GMT -5:00]

    Running from: C:\Users\Dominique\Desktop\ComboFix.exe

    Command switches used :: C:\Users\Dominique\Desktop\CFScript.txt

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::

    "c:\windows\system32\drivers\sjilisjf.sys"

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ---- Previous Run -------

    .

    c:\programdata\avg9

    c:\programdata\avg9\Cfg\changecfgreg.cfg

    c:\programdata\avg9\Cfg\erd.cfg

    c:\programdata\avg9\Cfg\krnl.cfg

    c:\programdata\avg9\Cfg\mail.cfg

    c:\programdata\avg9\Cfg\malrep.cfg

    c:\programdata\avg9\Cfg\scan.cfg

    c:\programdata\avg9\Cfg\sched.cfg

    c:\programdata\avg9\Cfg\setup.cfg

    c:\programdata\avg9\Cfg\update.cfg

    c:\programdata\avg9\Cfg\updatecomps.cfg

    c:\programdata\avg9\Cfg\user.cfg

    c:\programdata\avg9\CfgAll\changecfgreg.cfg

    c:\programdata\avg9\CfgAll\falsealarm.cfg

    c:\programdata\avg9\CfgAll\srmall.cfg

    c:\programdata\avg9\CfgAll\updateall.cfg

    c:\programdata\avg9\CfgAll\userall.cfg

    c:\programdata\avg9\Chjw\8072f02372f02018\avgcchff.dat

    c:\programdata\avg9\Chjw\8072f02372f02018\avgcchmf.dat

    c:\programdata\avg9\Chjw\chjwr.dat

    c:\programdata\avg9\Chjw\cm-0-p.dat

    c:\programdata\avg9\Chjw\cm-1-p.dat

    c:\programdata\avg9\Chjw\cm-2-i.dat

    c:\programdata\avg9\Chjw\cm-2-p.dat

    c:\programdata\avg9\Chjw\cm-3-p.dat

    c:\programdata\avg9\Chjw\cm-4-p.dat

    c:\programdata\avg9\Chjw\e6d8f592d8f560eb\avgcchff.dat

    c:\programdata\avg9\Chjw\e6d8f592d8f560eb\avgcchmf.dat

    c:\programdata\avg9\emc\Log\emc.log

    c:\programdata\avg9\Log\avgcfg.log

    c:\programdata\avg9\Log\avgcfg.log.lock

    c:\programdata\avg9\Log\avgchjw.log

    c:\programdata\avg9\Log\avgchjw.log.1

    c:\programdata\avg9\Log\avgchjw.log.10

    c:\programdata\avg9\Log\avgchjw.log.2

    c:\programdata\avg9\Log\avgchjw.log.3

    c:\programdata\avg9\Log\avgchjw.log.4

    c:\programdata\avg9\Log\avgchjw.log.5

    c:\programdata\avg9\Log\avgchjw.log.6

    c:\programdata\avg9\Log\avgchjw.log.7

    c:\programdata\avg9\Log\avgchjw.log.8

    c:\programdata\avg9\Log\avgchjw.log.9

    c:\programdata\avg9\Log\avgchjw.log.lock

    c:\programdata\avg9\Log\avgchjwsrv.log

    c:\programdata\avg9\Log\avgchjwsrv.log.1

    c:\programdata\avg9\Log\avgchjwsrv.log.2

    c:\programdata\avg9\Log\avgchjwsrv.log.3

    c:\programdata\avg9\Log\avgchjwsrv.log.lock

    c:\programdata\avg9\Log\avgcore.log

    c:\programdata\avg9\Log\avgcore.log.1

    c:\programdata\avg9\Log\avgcore.log.10

    c:\programdata\avg9\Log\avgcore.log.2

    c:\programdata\avg9\Log\avgcore.log.3

    c:\programdata\avg9\Log\avgcore.log.4

    c:\programdata\avg9\Log\avgcore.log.5

    c:\programdata\avg9\Log\avgcore.log.6

    c:\programdata\avg9\Log\avgcore.log.7

    c:\programdata\avg9\Log\avgcore.log.8

    c:\programdata\avg9\Log\avgcore.log.9

    c:\programdata\avg9\Log\avgcore.log.lock

    c:\programdata\avg9\Log\avgfrw.log

    c:\programdata\avg9\Log\avgfrw.log.lock

    c:\programdata\avg9\Log\avgldr.log

    c:\programdata\avg9\Log\avgldr.log.lock

    c:\programdata\avg9\Log\avglng.log

    c:\programdata\avg9\Log\avglng.log.1

    c:\programdata\avg9\Log\avglng.log.lock

    c:\programdata\avg9\Log\avgns.log

    c:\programdata\avg9\Log\avgns.log.1

    c:\programdata\avg9\Log\avgns.log.lock

    c:\programdata\avg9\Log\avgrs.log

    c:\programdata\avg9\Log\avgrs.log.1

    c:\programdata\avg9\Log\avgrs.log.10

    c:\programdata\avg9\Log\avgrs.log.2

    c:\programdata\avg9\Log\avgrs.log.3

    c:\programdata\avg9\Log\avgrs.log.4

    c:\programdata\avg9\Log\avgrs.log.5

    c:\programdata\avg9\Log\avgrs.log.6

    c:\programdata\avg9\Log\avgrs.log.7

    c:\programdata\avg9\Log\avgrs.log.8

    c:\programdata\avg9\Log\avgrs.log.9

    c:\programdata\avg9\Log\avgrs.log.lock

    c:\programdata\avg9\Log\avgscan.log

    c:\programdata\avg9\Log\avgscan.log.lock

    c:\programdata\avg9\Log\avgsched.log

    c:\programdata\avg9\Log\avgsched.log.1

    c:\programdata\avg9\Log\avgsched.log.10

    c:\programdata\avg9\Log\avgsched.log.2

    c:\programdata\avg9\Log\avgsched.log.3

    c:\programdata\avg9\Log\avgsched.log.4

    c:\programdata\avg9\Log\avgsched.log.5

    c:\programdata\avg9\Log\avgsched.log.6

    c:\programdata\avg9\Log\avgsched.log.7

    c:\programdata\avg9\Log\avgsched.log.8

    c:\programdata\avg9\Log\avgsched.log.9

    c:\programdata\avg9\Log\avgsched.log.lock

    c:\programdata\avg9\Log\avgsrm.log

    c:\programdata\avg9\Log\avgsrm.log.lock

    c:\programdata\avg9\Log\avgsrmac.log

    c:\programdata\avg9\Log\avgsrmac.log.lock

    c:\programdata\avg9\Log\avgsrmacstat.log

    c:\programdata\avg9\Log\avgsrmacstat.log.1

    c:\programdata\avg9\Log\avgsrmacstat.log.2

    c:\programdata\avg9\Log\avgsrmacstat.log.lock

    c:\programdata\avg9\Log\avgtdi.log

    c:\programdata\avg9\Log\avgtdi.log.lock

    c:\programdata\avg9\Log\avgui.log

    c:\programdata\avg9\Log\avgui.log.1

    c:\programdata\avg9\Log\avgui.log.2

    c:\programdata\avg9\Log\avgui.log.3

    c:\programdata\avg9\Log\avgui.log.lock

    c:\programdata\avg9\Log\avguilog.cfg

    c:\programdata\avg9\Log\avgupd.log

    c:\programdata\avg9\Log\avgupd.log.1

    c:\programdata\avg9\Log\avgupd.log.2

    c:\programdata\avg9\Log\avgupd.log.lock

    c:\programdata\avg9\Log\avgwd.log

    c:\programdata\avg9\Log\avgwd.log.1

    c:\programdata\avg9\Log\avgwd.log.10

    c:\programdata\avg9\Log\avgwd.log.2

    c:\programdata\avg9\Log\avgwd.log.3

    c:\programdata\avg9\Log\avgwd.log.4

    c:\programdata\avg9\Log\avgwd.log.5

    c:\programdata\avg9\Log\avgwd.log.6

    c:\programdata\avg9\Log\avgwd.log.7

    c:\programdata\avg9\Log\avgwd.log.8

    c:\programdata\avg9\Log\avgwd.log.9

    c:\programdata\avg9\Log\avgwd.log.lock

    c:\programdata\avg9\Log\avgwdsvc.log

    c:\programdata\avg9\Log\avgwdsvc.log.1

    c:\programdata\avg9\Log\avgwdsvc.log.lock

    c:\programdata\avg9\Log\cfgexlog.cfg

    c:\programdata\avg9\Log\cfglog.cfg

    c:\programdata\avg9\Log\chjwlog.cfg

    c:\programdata\avg9\Log\commonpriv.log

    c:\programdata\avg9\Log\commonpriv.log.lock

    c:\programdata\avg9\Log\commonpub.log

    c:\programdata\avg9\Log\commonpub.log.lock

    c:\programdata\avg9\Log\corelog.cfg

    c:\programdata\avg9\Log\fixcfg.log

    c:\programdata\avg9\Log\fixcfg.log.lock

    c:\programdata\avg9\Log\history.xml

    c:\programdata\avg9\Log\ldrlog.cfg

    c:\programdata\avg9\Log\lnglog.cfg

    c:\programdata\avg9\Log\nslog.cfg

    c:\programdata\avg9\Log\privlog.cfg

    c:\programdata\avg9\Log\publog.cfg

    c:\programdata\avg9\Log\rslog.cfg

    c:\programdata\avg9\Log\scanlog.cfg

    c:\programdata\avg9\Log\schedlog.cfg

    c:\programdata\avg9\Log\srmlog.cfg

    c:\programdata\avg9\Log\tdilog.cfg

    c:\programdata\avg9\Log\updlog.cfg

    c:\programdata\avg9\Log\vault.log

    c:\programdata\avg9\Log\vault.log.lock

    c:\programdata\avg9\Log\vaultlog.cfg

    c:\programdata\avg9\Log\wdlog.cfg

    c:\programdata\avg9\Log\wdsvclog.cfg

    c:\programdata\avg9\scanlogs\I_00000001.log

    c:\programdata\avg9\scanlogs\I_00000003.log

    c:\programdata\avg9\scanlogs\I_00000009.log

    c:\programdata\avg9\scanlogs\I_00000010.log

    c:\programdata\avg9\scanlogs\I_00000011.log

    c:\programdata\avg9\scanlogs\I_00000012.log

    c:\programdata\avg9\scanlogs\I_00000013.log

    c:\programdata\avg9\scanlogs\I_00000014.log

    c:\programdata\avg9\scanlogs\I_00000015.log

    c:\programdata\avg9\scanlogs\I_00000016.log

    c:\programdata\avg9\scanlogs\I_00000017.log

    c:\programdata\avg9\scanlogs\I_00000018.log

    c:\programdata\avg9\scanlogs\I_00000019.log

    c:\programdata\avg9\scanlogs\I_00000020.log

    c:\programdata\avg9\scanlogs\I_00000021.log

    c:\programdata\avg9\scanlogs\I_00000022.log

    c:\programdata\avg9\scanlogs\srm.idx

    c:\programdata\avg9\Temp\00714213-c27c-4df0-929b-e3502a6f94f6-28c-oopp.tmp

    c:\programdata\avg9\Temp\02d684ea-9471-48fd-9294-ba75eef73170-28c-oopp.tmp

    c:\programdata\avg9\Temp\0520c75d-ab81-4042-9c10-dafcc0e8451e-28c-oopp.tmp

    c:\programdata\avg9\Temp\0c97a07c-30a6-4071-9109-49fdba6b4bbf-28c-oopp.tmp

    c:\programdata\avg9\Temp\0fc99e01-5c30-4807-92f9-61418b617271-28c-oopp.tmp

    c:\programdata\avg9\Temp\1129f48a-56fa-48be-8e93-54143a488ea0-28c-oopp.tmp

    c:\programdata\avg9\Temp\12e449b8-020d-4565-b77c-ae8a0df0f9f4-28c-oopp.tmp

    c:\programdata\avg9\Temp\15a44662-34bb-4223-acdf-4f972b9a7d35-28c-oopp.tmp

    c:\programdata\avg9\Temp\16ad1604-ad86-407e-a048-5d6855904c7d-28c-oopp.tmp

    c:\programdata\avg9\Temp\18218b6f-4d44-4a18-8c16-36517eac6dfc-28c-oopp.tmp

    c:\programdata\avg9\Temp\1ad20de7-aa9c-434b-adcb-d307773154a2-28c-oopp.tmp

    c:\programdata\avg9\Temp\1b41642c-703e-4693-9f46-5e9b874d0f78-28c-oopp.tmp

    c:\programdata\avg9\Temp\1d514b0d-6188-4907-8e76-b0dc7c24c581-28c-oopp.tmp

    c:\programdata\avg9\Temp\1e3af73f-dbdb-4ece-b309-e5e22dbd2552-28c-oopp.tmp

    c:\programdata\avg9\Temp\201048b7-9337-46c5-83da-51e99ace49c3-294-oopp.tmp

    c:\programdata\avg9\Temp\2205b7bf-c11c-4676-9ebf-81f6d81f790c-28c-oopp.tmp

    c:\programdata\avg9\Temp\238adb48-14ea-44f1-8a75-431afd91d206-28c-oopp.tmp

    c:\programdata\avg9\Temp\23cc93eb-06be-4b1a-986c-f28c6d2a80c9-28c-oopp.tmp

    c:\programdata\avg9\Temp\2565d275-7990-449e-b096-86ff64b47a74-24c-oopp.tmp

    c:\programdata\avg9\Temp\2812679f-fdbd-417b-8dec-3f644898dfd0-28c-oopp.tmp

    c:\programdata\avg9\Temp\2ac3e917-5b15-4aad-ada1-dc1a401ec676-28c-oopp.tmp

    c:\programdata\avg9\Temp\2e8d6ec5-ff00-40c7-ae93-8965c82e0169-28c-oopp.tmp

    c:\programdata\avg9\Temp\302100b9-3c9a-41bc-abac-32351c871278-28c-oopp.tmp

    c:\programdata\avg9\Temp\31582d45-e441-476f-9849-257a738f5524-27c-oopp.tmp

    c:\programdata\avg9\Temp\33d08ffe-5e2a-4d60-8976-e1b4b14cf8ed-28c-oopp.tmp

    c:\programdata\avg9\Temp\35a2ed47-b46c-4927-9128-55a4629e3675-28c-oopp.tmp

    c:\programdata\avg9\Temp\361d84ec-0c0f-4e6c-ac8e-f7c4748d741e-290-oopp.tmp

    c:\programdata\avg9\Temp\369c07df-3edd-4f09-8c53-7c369c1c3412-28c-oopp.tmp

    c:\programdata\avg9\Temp\37b9381b-018e-4b0d-983e-67cbb2b9a257-28c-oopp.tmp

    c:\programdata\avg9\Temp\3ae74a52-54ec-474d-96cf-9cbd6e0d48c0-28c-oopp.tmp

    c:\programdata\avg9\Temp\3b5131d9-fa7f-48b2-b24e-54a186a64eee-28c-oopp.tmp

    c:\programdata\avg9\Temp\3d12279d-c991-4437-a826-ecc956305248-28c-oopp.tmp

    c:\programdata\avg9\Temp\3d90b170-824e-45ad-8cac-850125de76da-2a8-oopp.tmp

    c:\programdata\avg9\Temp\3df14bcb-d0a7-41a3-812a-14909d63fb66-298-oopp.tmp

    c:\programdata\avg9\Temp\3eb963c9-569f-48d5-a69b-74f056c01ceb-27c-oopp.tmp

    c:\programdata\avg9\Temp\3ef28d44-7bf2-46ed-a4cc-1dc2f90e11f3-1bbc-oopp.tmp

    c:\programdata\avg9\Temp\40ff7b4a-c780-4916-9834-686553cbca06-294-oopp.tmp

    c:\programdata\avg9\Temp\413a536c-a560-4759-a0e2-464e4c03f54d-290-oopp.tmp

    c:\programdata\avg9\Temp\41ab5c2d-02d8-446a-acf9-c76a4d6e18a5-28c-oopp.tmp

    c:\programdata\avg9\Temp\41fa8f02-c902-4e1e-8e9f-7a32e52c6304-28c-oopp.tmp

    c:\programdata\avg9\Temp\42c3a01a-ed5d-4418-b585-cfad4f6a05a1-28c-oopp.tmp

    c:\programdata\avg9\Temp\43bf7214-7040-45fb-88d7-f4acc958e9a8-28c-oopp.tmp

    c:\programdata\avg9\Temp\4525ad05-e099-4ecf-8946-c1ed3ec0073a-28c-oopp.tmp

    c:\programdata\avg9\Temp\45a23ec4-d6a0-42dc-a621-5928028fc6fc-28c-oopp.tmp

    c:\programdata\avg9\Temp\47d7307d-3ef1-4702-aafb-5ea33645eee1-28c-oopp.tmp

    c:\programdata\avg9\Temp\480e5622-84fc-4d7d-990d-47043f2db2a5-28c-oopp.tmp

    c:\programdata\avg9\Temp\48f02ccd-22e8-43b1-8bad-655377b0c246-28c-oopp.tmp

    c:\programdata\avg9\Temp\4a0542b4-9150-4442-a78b-9395f39a9449-28c-oopp.tmp

    c:\programdata\avg9\Temp\4b1d44ea-d8e3-4129-87c8-a3298224e796-28c-oopp.tmp

    c:\programdata\avg9\Temp\4dd1fb4e-14f5-4ab1-93b6-24c54fdb691c-24c-oopp.tmp

    c:\programdata\avg9\Temp\4e220b14-d769-4808-ae0c-37574112a1e5-f18-oopp.tmp

    c:\programdata\avg9\Temp\4fb57f5f-74c6-4294-8a26-88aec9822cdb-28c-oopp.tmp

    c:\programdata\avg9\Temp\518b1190-ce14-4e52-8345-eb64a804eafa-28c-oopp.tmp

    c:\programdata\avg9\Temp\51c89b2d-44ca-455e-a58f-bfd5938b7dc5-28c-oopp.tmp

    c:\programdata\avg9\Temp\526601d8-d11e-4bc7-aadb-2565c1081381-28c-oopp.tmp

    c:\programdata\avg9\Temp\537c10d9-dde9-4b1f-882e-48c2eed1659c-28c-oopp.tmp

    c:\programdata\avg9\Temp\53ac61f7-488e-4107-854e-1a6d7ea3da32-28c-oopp.tmp

    c:\programdata\avg9\Temp\53cf71b5-2031-45f1-9782-d68b0ba1ccf3-28c-oopp.tmp

    c:\programdata\avg9\Temp\5563c9d7-1b75-4458-aad7-91913caac33b-28c-oopp.tmp

    c:\programdata\avg9\Temp\565fdc89-4349-4801-a678-ad3f270941f1-28c-oopp.tmp

    c:\programdata\avg9\Temp\56de607c-7417-499d-863d-32b14f9901e4-28c-oopp.tmp

    c:\programdata\avg9\Temp\58317c8b-3c7d-488f-9778-19dd4acc1927-28c-oopp.tmp

    c:\programdata\avg9\Temp\5b6088dc-2d40-4396-967d-44eab8013fa8-28c-oopp.tmp

    c:\programdata\avg9\Temp\5d015a30-fdda-4688-bd80-03460f2dd38b-2c0-oopp.tmp

    c:\programdata\avg9\Temp\5d4312d3-efad-4db1-8b78-b1b780c7824e-280-oopp.tmp

    c:\programdata\avg9\Temp\5e8ba7df-45d7-4347-9123-8ca51194e3df-28c-oopp.tmp

    c:\programdata\avg9\Temp\5e8f5275-7a10-4bd7-ac34-7749b4c4cc7b-28c-oopp.tmp

    c:\programdata\avg9\Temp\62152b4b-f160-4d39-9b44-89eb687a5679-294-oopp.tmp

    c:\programdata\avg9\Temp\6235071c-ea4a-40cd-8240-60242047ad5b-28c-oopp.tmp

    c:\programdata\avg9\Temp\6437b684-ac30-437c-8711-a6bd616b6078-28c-oopp.tmp

    c:\programdata\avg9\Temp\64660d87-7970-4a9c-82bb-824c405c54f4-28c-oopp.tmp

    c:\programdata\avg9\Temp\64b63977-ddfe-4318-a6d6-2b3088fa206b-28c-oopp.tmp

    c:\programdata\avg9\Temp\64bb26c5-b629-4f6f-aa35-0e829d9ba2b6-280-oopp.tmp

    c:\programdata\avg9\Temp\65b53f5d-3f9a-4551-a561-3414d71a9f53-28c-oopp.tmp

    c:\programdata\avg9\Temp\66cb4f5e-4b65-45a9-83b4-587203e4f16e-28c-oopp.tmp

    c:\programdata\avg9\Temp\68b1085c-8af1-4de2-a55d-a14052bc4f0d-28c-oopp.tmp

    c:\programdata\avg9\Temp\6b6190ba-49e5-484d-849d-47db9861b69a-28c-oopp.tmp

    c:\programdata\avg9\Temp\6c7899d6-f314-466d-a365-6154760b88ce-28c-oopp.tmp

    c:\programdata\avg9\Temp\6d131232-a63d-417f-a452-e39290e79d40-28c-oopp.tmp

    c:\programdata\avg9\Temp\6fa7a527-e3d6-4274-a16b-8c61e440ae4f-28c-oopp.tmp

    c:\programdata\avg9\Temp\7010d44c-8ff7-48d8-a5c3-46d9bd69cd13-28c-oopp.tmp

    c:\programdata\avg9\Temp\70402469-f99b-4ebf-a2e2-18834d3b42a9-28c-oopp.tmp

    c:\programdata\avg9\Temp\72316b4b-3352-4f2d-95da-8156ad97bb98-2a0-oopp.tmp

    c:\programdata\avg9\Temp\7340e09d-7fba-43df-a4c9-71e62b9ef394-28c-oopp.tmp

    c:\programdata\avg9\Temp\738f542a-e9d6-415a-b0bd-1b5d34cdd8a1-28c-oopp.tmp

    c:\programdata\avg9\Temp\7458e2d2-c74d-40c6-8406-817bba2947e1-28c-oopp.tmp

    c:\programdata\avg9\Temp\789ef73f-613e-49ee-a1d3-c70106083f96-28c-oopp.tmp

    c:\programdata\avg9\Temp\78a22545-dd5c-480b-8e81-a2028d1a5b8f-28c-oopp.tmp

    c:\programdata\avg9\Temp\7b7ce261-fd50-4c2b-863e-71b67cd962de-290-oopp.tmp

    c:\programdata\avg9\Temp\7c3c181d-73b1-4477-a906-85f413e7873f-28c-oopp.tmp

    c:\programdata\avg9\Temp\7cf5bbc9-ae40-47f6-be88-f5c34e3d70c7-28c-oopp.tmp

    c:\programdata\avg9\Temp\8213d330-7211-433c-808d-90f79e7e10b8-28c-oopp.tmp

    c:\programdata\avg9\Temp\82983c8b-1a6e-4ef6-a427-eed78b90d20f-28c-oopp.tmp

    c:\programdata\avg9\Temp\83ffb34e-ca1d-4959-8f58-a9e224490a69-28c-oopp.tmp

    c:\programdata\avg9\Temp\84c841f6-a894-48c5-a4a1-1000aba579a9-28c-oopp.tmp

    c:\programdata\avg9\Temp\85519485-7880-455d-bd04-ad255629ec9c-28c-oopp.tmp

    c:\programdata\avg9\Temp\859f8c88-fd54-4e84-b5e7-7223ca961d33-294-oopp.tmp

    c:\programdata\avg9\Temp\85c455a8-cf69-4c6f-a042-2cae9604f75f-28c-oopp.tmp

    c:\programdata\avg9\Temp\897a78bb-296e-44df-87b1-fc35326e9254-28c-oopp.tmp

    c:\programdata\avg9\Temp\8cf7ff80-e6e9-4f9a-9136-db9df8f11cc9-28c-oopp.tmp

    c:\programdata\avg9\Temp\8eedea11-f23c-475f-9fb4-262fac5dfe6d-28c-oopp.tmp

    c:\programdata\avg9\Temp\903f0d06-1d3f-4789-af79-163ff5b09596-28c-oopp.tmp

    c:\programdata\avg9\Temp\925129d4-ee42-4a53-8ae2-4d66bfb9e680-28c-oopp.tmp

    c:\programdata\avg9\Temp\941ab87c-cbb9-49bf-9f2b-b383461554c0-28c-oopp.tmp

    c:\programdata\avg9\Temp\94e67b10-88ea-4881-9eac-fe87a1a25ee1-28c-oopp.tmp

    c:\programdata\avg9\Temp\95d41390-db68-489e-869e-16de67dc3ffb-28c-oopp.tmp

    c:\programdata\avg9\Temp\96cc3af4-2911-42f1-bfe0-503a3e9a3b67-28c-oopp.tmp

    c:\programdata\avg9\Temp\97c36058-77bb-4b44-b821-8995155837d2-294-oopp.tmp

    c:\programdata\avg9\Temp\97e7305d-ab6c-4b68-a207-4d0531e690e5-28c-oopp.tmp

    c:\programdata\avg9\Temp\98b334aa-0b8f-4ef0-8ad7-90b7fee433b4-28c-oopp.tmp

    c:\programdata\avg9\Temp\9b2e7f9c-87b4-471d-a999-8155a016a362-28c-oopp.tmp

    c:\programdata\avg9\Temp\9de2b390-7ce1-4918-a3e9-129489ebf28b-290-oopp.tmp

    c:\programdata\avg9\Temp\a03f1ccb-9c80-4d78-9c24-221524318b70-28c-oopp.tmp

    c:\programdata\avg9\Temp\a33ed7fe-229e-4398-9e0a-7b7802943c5b-28c-oopp.tmp

    c:\programdata\avg9\Temp\a38d4b8c-8cba-4113-aaff-26ee0bc32168-28c-oopp.tmp

    c:\programdata\avg9\Temp\a69f2d87-1b68-424f-9ba4-6f4bb27b588b-28c-oopp.tmp

    c:\programdata\avg9\Temp\a850afff-78c0-4b81-bb59-0b01aa003f31-28c-oopp.tmp

    c:\programdata\avg9\Temp\aae63b0d-53be-4a3d-b9e7-aaedaf3ad159-28c-oopp.tmp

    c:\programdata\avg9\Temp\acb7e1f5-af8e-4c04-a971-206f201d2876-28c-oopp.tmp

    c:\programdata\avg9\Temp\adb4ad09-d0d4-4bae-bd38-3b8a4ceb8d96-28c-oopp.tmp

    c:\programdata\avg9\Temp\b0322ce7-2bb3-4531-8833-100dc34f9824-28c-oopp.tmp

    c:\programdata\avg9\Temp\b19b5b0c-d6d4-4b94-8c8b-ca859b78b7e8-28c-oopp.tmp

    c:\programdata\avg9\Temp\b292479e-e327-4359-9a09-16164fe4998c-290-oopp.tmp

    c:\programdata\avg9\Temp\b2943ad2-1eef-4fe8-9df3-024db2a59abd-28c-oopp.tmp

    c:\programdata\avg9\Temp\b35c1018-02f4-4353-9915-6afef9912293-28c-oopp.tmp

    c:\programdata\avg9\Temp\b417a7ff-52f9-44c1-ab4c-bb233daa2795-28c-oopp.tmp

    c:\programdata\avg9\Temp\b4f9be61-94d6-4ebc-863b-d121e79ed1e5-28c-oopp.tmp

    c:\programdata\avg9\Temp\b5b02641-68be-400c-abc4-4746a5a5baef-28c-oopp.tmp

    c:\programdata\avg9\Temp\b65fb89a-603d-43ca-9e5b-a6b4eb9555c9-28c-oopp.tmp

    c:\programdata\avg9\Temp\b871db4d-93de-48cb-b84e-e7bf03be259a-28c-oopp.tmp

    c:\programdata\avg9\Temp\baec33fa-4432-414c-a7c5-0bc95029413d-28c-oopp.tmp

    c:\programdata\avg9\Temp\bb71909b-b760-4cb3-bcaa-363d9301579f-28c-oopp.tmp

    c:\programdata\avg9\Temp\bbbfc956-df26-48a0-9ddb-f2ea78df22e4-28c-oopp.tmp

    c:\programdata\avg9\Temp\bbcf3ea2-51e0-4bf3-b2fe-ed5b50e43f98-2b8-oopp.tmp

    c:\programdata\avg9\Temp\bcaa6fa2-f7dc-4c2f-83e3-1e0adb5902cd-28c-oopp.tmp

    c:\programdata\avg9\Temp\be3b5600-ff3d-4593-a5ea-db378c822b40-28c-oopp.tmp

    c:\programdata\avg9\Temp\bebc9255-2a7d-4131-9dd7-5e16f381d29e-290-oopp.tmp

    c:\programdata\avg9\Temp\bef0cfc1-6e4c-426f-9d55-141298f4c87e-28c-oopp.tmp

    c:\programdata\avg9\Temp\c003eb8e-3e50-4538-b8be-4b3962fd1968-28c-oopp.tmp

    c:\programdata\avg9\Temp\c0d39b71-d4ac-4f50-bb9f-798fd12ca5d2-28c-oopp.tmp

    c:\programdata\avg9\Temp\c37e3681-ba75-4e65-977f-3cd704308915-288-oopp.tmp

    c:\programdata\avg9\Temp\c380309b-58d9-4d2d-98f5-32f3b5100a2e-28c-oopp.tmp

    c:\programdata\avg9\Temp\c3812ab5-f63c-4bf4-996a-280e67f08a47-28c-oopp.tmp

    c:\programdata\avg9\Temp\c49833d0-9f6c-4a14-b832-4387459a5d7b-28c-oopp.tmp

    c:\programdata\avg9\Temp\c7186b11-f4bc-4e98-9b52-1778fb6e4f73-28c-oopp.tmp

    c:\programdata\avg9\Temp\c796f4e9-8726-416c-b9a3-a5cf711d8e4e-260-oopp.tmp

    c:\programdata\avg9\Temp\c913489e-306c-4e92-be46-b5c200c9d0c2-1664-oopp.tmp

    c:\programdata\avg9\Temp\ca669ad1-e3f6-4233-a92d-1a51e200e56c-28c-oopp.tmp

    c:\programdata\avg9\Temp\cbadb252-54d8-4373-9bc6-0fc6df0b9387-28c-oopp.tmp

    c:\programdata\avg9\Temp\cdb15ace-d974-428a-a741-565c2b0dab74-298-oopp.tmp

    c:\programdata\avg9\Temp\cde2e6c4-5f1b-4b5f-88ef-0bef84325519-28c-oopp.tmp

    c:\programdata\avg9\Temp\d5059fc0-45eb-4584-96e3-e4d6d2568d11-28c-oopp.tmp

    c:\programdata\avg9\Temp\d736a42b-d312-4e53-955d-05fef26b34ab-28c-oopp.tmp

    c:\programdata\avg9\Temp\d8e18bed-9758-4a80-aee3-79c9952be6ea-28c-oopp.tmp

    c:\programdata\avg9\Temp\d909fc8f-c7b7-49e1-9e84-7009549df34c-28c-oopp.tmp

    c:\programdata\avg9\Temp\db829fff-e492-4298-b800-24f204cb2fc3-28c-oopp.tmp

    c:\programdata\avg9\Temp\dcc9f839-f966-46a0-93e7-10167247778d-28c-oopp.tmp

    c:\programdata\avg9\Temp\de1dcda9-bc3d-4092-bd48-f6aeadea763a-28c-oopp.tmp

    c:\programdata\avg9\Temp\df47375f-b052-4c5c-b593-eeeb773ae86c-28c-oopp.tmp

    c:\programdata\avg9\Temp\e0312449-cd97-45ea-8274-1b9f9a44e1eb-28c-oopp.tmp

    c:\programdata\avg9\Temp\e2c7b057-a895-44a6-8002-ba8aa07e7313-28c-oopp.tmp

    c:\programdata\avg9\Temp\e30ec8d8-1976-45e7-b39b-afff9c89212e-28c-oopp.tmp

    c:\programdata\avg9\Temp\e445ef7e-5f81-4a62-a2ad-985fa571e4f2-24c-oopp.tmp

    c:\programdata\avg9\Temp\e65ef1b3-a614-4749-82eb-a9f434fc383f-28c-oopp.tmp

    c:\programdata\avg9\Temp\e890f038-d29e-4fe0-83da-c03805f15ff2-28c-oopp.tmp

    c:\programdata\avg9\Temp\e90c80f7-c8a5-43ed-a0b6-5873cac01db4-28c-oopp.tmp

    c:\programdata\avg9\Temp\e9e682e0-627b-42ee-958c-cfc4dc1d7216-28c-oopp.tmp

    c:\programdata\avg9\Temp\e9e7761f-539d-413b-8c0c-a6398be2abd9-290-oopp.tmp

    c:\programdata\avg9\Temp\eb205527-931a-41b7-9345-8e07d3395508-28c-oopp.tmp

    c:\programdata\avg9\Temp\ebbec1b7-820a-4859-971c-fd7b50d56bab-28c-oopp.tmp

    c:\programdata\avg9\Temp\ed25387a-33ba-43bc-834e-b886e98ea305-24c-oopp.tmp

    c:\programdata\avg9\Temp\ed5547e0-fa6b-46dd-971f-938207ef7eec-28c-oopp.tmp

    c:\programdata\avg9\Temp\ee3f34ca-18b1-4f6a-a401-bf362af9776b-28c-oopp.tmp

    c:\programdata\avg9\Temp\ef381390-60cb-43be-b568-f7fe41275a40-28c-oopp.tmp

    c:\programdata\avg9\Temp\ef58ef61-59b5-4653-9c64-cf37f9f3b122-28c-oopp.tmp

    c:\programdata\avg9\Temp\efa476a1-eaa6-4a78-a4fa-965bee8114e4-28c-oopp.tmp

    c:\programdata\avg9\Temp\f13db52b-5d79-42fc-bc23-2acfe40b0e8f-28c-oopp.tmp

    c:\programdata\avg9\Temp\f2e5a8ba-e4f8-419a-92be-b162240bbf9c-28c-oopp.tmp

    c:\programdata\avg9\Temp\f44be4aa-5451-4a6f-932d-7ea39a73dd2e-28c-oopp.tmp

    c:\programdata\avg9\Temp\f4962a32-4150-4acd-b273-4d181c90a642-28c-oopp.tmp

    c:\programdata\avg9\Temp\f7f58c80-25a5-4b95-b358-5f96c3b4a4f7-294-oopp.tmp

    c:\programdata\avg9\Temp\f8818bb1-df25-437c-9a62-d29c5d6d3817-28c-oopp.tmp

    c:\programdata\avg9\Temp\f9aa3d05-d9c8-4444-ba86-cb6ce74ec2df-28c-oopp.tmp

    c:\programdata\avg9\Temp\f9cc12f0-7016-46a0-a2f7-99c051fb9ad9-28c-oopp.tmp

    c:\programdata\avg9\Temp\fad36ce8-8c87-4e80-870d-d5df8e4d1a4a-294-oopp.tmp

    c:\programdata\avg9\Temp\fbb09702-d0e7-4e83-9967-fda9cba25e98-28c-oopp.tmp

    c:\programdata\avg9\Temp\fc29348d-8a26-4501-b358-a8ae2cb01b29-28c-oopp.tmp

    c:\programdata\avg9\Temp\fcdcfad1-6260-4914-9227-eb0246d250e3-28c-oopp.tmp

    c:\programdata\avg9\Temp\file9514.tmp

    c:\programdata\avg9\update\backup\avg9us.lng

    c:\programdata\avg9\update\backup\avgcorex.dll

    c:\programdata\avg9\update\backup\avgemc.exe

    c:\programdata\avg9\update\backup\avgfree_us.mht

    c:\programdata\avg9\update\backup\avginet.dll

    c:\programdata\avg9\update\backup\avgiproxy.exe

    c:\programdata\avg9\update\backup\avgldx86.sys

    c:\programdata\avg9\update\backup\avgssff.dll

    c:\programdata\avg9\update\backup\avgssie.dll

    c:\programdata\avg9\update\backup\avgtdix.sys

    c:\programdata\avg9\update\backup\avgupd.dll

    c:\programdata\avg9\update\backup\avgupd.exe

    c:\programdata\avg9\update\backup\avgxpl.dll

    c:\programdata\avg9\update\backup\box_bottom_red.gif

    c:\programdata\avg9\update\backup\box_top_red.gif

    c:\programdata\avg9\update\backup\cty.cty

    c:\programdata\avg9\update\backup\incavi.avm

    c:\programdata\avg9\update\backup\install.rdf

    c:\programdata\avg9\update\backup\sb.dat

    c:\programdata\avg9\update\backup\sb.dat.xcd

    c:\programdata\avg9\update\backup\sc.dat

    c:\programdata\avg9\update\backup\sc.dat.xcd

    c:\programdata\avg9\update\backup\searchshield.jar

    c:\programdata\avg9\update\prepare\temp\cty.cty

    c:\windows\system32\drivers\sjilisjf.sys

    .

    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))

    .

    2010-07-28 00:35:40 . 2010-07-28 00:35:40 -------- d-----w- C:\Users\Public\AppData\Local\temp

    2010-07-28 00:35:40 . 2010-07-28 00:35:40 -------- d-----w- C:\Users\Default\AppData\Local\temp

    2010-07-28 00:35:40 . 2010-07-28 00:35:40 -------- d-----w- C:\Users\Administrator\AppData\Local\temp

    2010-07-23 14:12:16 . 2010-07-23 17:11:53 -------- d-----w- C:\Lop SD

    2010-07-20 13:21:23 . 2010-07-20 13:21:23 -------- d-----w- C:\ProgramData\Norton

    2010-07-20 13:21:17 . 2010-07-20 13:26:59 -------- d-----w- C:\Users\Dominique\AppData\Local\NPE

    2010-07-20 12:25:42 . 2010-07-20 12:26:23 -------- d-----w- C:\Users\Dominique\AppData\Roaming\Anti-spyware

    2010-07-20 03:57:39 . 2010-07-20 19:22:24 -------- d-----w- C:\Windows\system32\MpEngineStore

    2010-07-15 20:12:51 . 2010-07-15 20:12:51 12536 ----a-w- C:\Windows\system32\avgrsstx.dll

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-07-28 00:14:35 . 2007-12-13 12:42:39 12 ----a-w- C:\Windows\bthservsdp.dat

    2010-07-27 15:09:33 . 2008-06-10 01:03:52 -------- d-----w- C:\Users\Dominique\AppData\Roaming\Skype

    2010-07-26 04:11:03 . 2007-12-13 14:19:25 -------- d--h--w- C:\Program Files\InstallShield Installation Information

    2010-07-23 20:53:37 . 2009-04-06 02:41:02 -------- d-----w- C:\Program Files\Microsoft Silverlight

    2010-07-23 20:53:37 . 2009-03-09 01:26:56 -------- d-----w- C:\Program Files\GbPlugin

    2010-07-23 01:45:35 . 2010-03-24 16:30:27 0 ----a-w- C:\Users\Dominique\AppData\Local\prvlcl.dat

    2010-07-20 20:03:06 . 2007-01-13 23:37:14 -------- d-----w- C:\ProgramData\Microsoft Help

    2010-07-16 15:36:35 . 2008-11-17 05:11:21 1 ----a-w- C:\Users\Dominique\AppData\Roaming\BrOffice.org\3\user\uno_packages\cache\stamp.sys

    2010-06-24 20:06:25 . 2008-10-14 21:45:38 -------- d-----w- C:\Users\Dominique\AppData\Roaming\uTorrent

    2010-06-14 21:43:02 . 2010-02-11 03:23:46 -------- d-----w- C:\Users\Dominique\AppData\Roaming\EndNote

    2010-06-14 21:39:10 . 2010-06-14 21:33:09 -------- d-----w- C:\Program Files\EndNote X

    2010-06-14 21:34:50 . 2010-02-11 03:15:11 -------- d-----w- C:\Program Files\Common Files\Risxtd

    2010-06-14 21:31:37 . 2010-02-10 16:37:04 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard

    2010-06-14 21:27:30 . 2010-02-11 03:13:40 -------- d-----w- C:\Program Files\EndNote X3

    2010-06-14 21:19:04 . 2010-06-14 21:17:48 -------- d-----w- C:\Program Files\EndNote Demo

    2010-06-02 15:10:53 . 2008-06-10 00:57:53 29584 ----a-w- C:\Windows\system32\drivers\avgmfx86.sys

    2010-05-29 16:33:08 . 2009-04-02 17:30:50 -------- d-----r- C:\Program Files\Skype

    2010-05-21 19:14:28 . 2009-10-02 22:50:24 221568 ----a-w- C:\Windows\system32\MpSigStub.exe

    2010-05-04 05:59:21 . 2010-07-20 12:57:37 916480 ----a-w- C:\Windows\system32\wininet.dll

    2010-05-04 05:55:42 . 2010-07-20 12:57:36 71680 ----a-w- C:\Windows\system32\iesetup.dll

    2010-05-04 05:55:42 . 2010-07-20 12:57:36 109056 ----a-w- C:\Windows\system32\iesysprep.dll

    2010-05-04 04:31:05 . 2010-07-20 12:57:36 133632 ----a-w- C:\Windows\system32\ieUnatt.exe

    2008-10-27 22:21:13 . 2008-10-27 22:21:12 88 --sh--r- C:\Windows\System32\B2AB79BDAD.sys

    2008-10-27 22:22:36 . 2008-10-27 22:21:11 2828 --sha-w- C:\Windows\System32\KGyGaAvL.sys

    .

    ((((((((((((((((((((((((((((( SnapShot_2010-07-28_00.05.10 )))))))))))))))))))))))))))))))))))))))))

    .

    + 2007-12-13 14:12:12 . 2010-07-28 00:17:28 53400 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    - 2007-12-13 14:12:12 . 2010-07-26 23:34:46 53400 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

    - 2006-11-02 13:05:11 . 2010-07-27 15:26:23 75572 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2006-11-02 13:05:11 . 2010-07-28 00:17:29 75572 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

    + 2008-06-08 22:23:45 . 2010-07-28 00:17:29 14252 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-598579466-1016022064-3402684674-1000_UserData.bin

    + 2007-01-13 23:28:26 . 2010-07-28 00:15:38 49152 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    - 2007-01-13 23:28:26 . 2010-07-27 15:24:22 49152 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

    + 2007-01-13 23:28:26 . 2010-07-28 00:15:38 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    - 2007-01-13 23:28:26 . 2010-07-27 15:24:22 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

    + 2010-07-28 00:15:38 . 2010-07-28 00:15:38 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2010-07-27 15:24:23 . 2010-07-27 15:24:23 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

    - 2010-07-27 15:24:23 . 2010-07-27 15:24:23 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2010-07-28 00:15:38 . 2010-07-28 00:15:38 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

    + 2006-11-02 10:33:01 . 2010-07-28 00:23:28 595684 C:\Windows\System32\perfh009.dat

    - 2006-11-02 10:33:01 . 2010-07-27 15:32:14 595684 C:\Windows\System32\perfh009.dat

    - 2006-11-02 10:33:01 . 2010-07-27 15:32:14 101350 C:\Windows\System32\perfc009.dat

    + 2006-11-02 10:33:01 . 2010-07-28 00:23:28 101350 C:\Windows\System32\perfc009.dat

    - 2007-01-13 23:28:26 . 2010-07-27 15:24:22 458752 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    + 2007-01-13 23:28:26 . 2010-07-28 00:15:38 458752 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-11 06:28:03 1233920]

    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 21:44:34 3883856]

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:40 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 07:38:40 1008184]

    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-06 19:18:19 4423680]

    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-19 13:20:31 141848]

    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-19 13:19:32 154136]

    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-19 13:20:05 137752]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 03:38:14 835584]

    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 19:09:58 311296]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 20:09:14 413696]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 23:57:12 289576]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 21:24:20 54840]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 22:10:28 35696]

    "ArcSoft Connection Service"="C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 16:19:26 207360]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 09:17:36 149280]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2010-04-08 17:14:07 202256]

    C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

    PHOTOfunSTUDIO -viewer-.lnk - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2009-4-22 40960]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

    2007-08-15 04:05:20 98304 ----a-w- C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    "AppInit_DLLs"=C:\Windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

    "VistaSp2"=hex(B):ba,d9,b5,6e,eb,e9,c9,01

    R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 00:51:06 745472]

    R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 23:34:50 397312]

    R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 23:34:50 1089536]

    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 05:11:44 292128]

    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 02:52:32 79136]

    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 06:15:00 16896]

    R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-04-11 05:06:26 19968]

    S2 GbpSv;Gbp Service;C:\PROGRA~1\GbPlugin\GbpSv.exe [2008-05-16 21:01:18 47080]

    S2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-18 04:09:28 11032]

    S2 uCamMonitor;CamMonitor;C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2007-10-31 17:40:08 125440]

    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2007-10-30 03:30:30 17920]

    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-11-16 13:12:00 28464]

    S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-10-16 13:28:34 73472]

    S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-10-16 13:28:34 43904]

    S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-29 02:58:06 9344]

    S3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-11-16 14:01:53 818688]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PXLDAPOD

    *Deregistered* - pxldapod

    *Deregistered* - xjezifn

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    bthsvcs REG_MULTI_SZ BthServ

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    HPService REG_MULTI_SZ HPSLPSVC

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://mail.terra.com.br/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///F:/data/index/ses_ocx/sessearch.ocx

    FF - ProfilePath - C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\2jgwwqmv.default\

    FF - prefs.js: browser.startup.homepage - hxxp://mail.terra.com.br/

    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

    FF - plugin: C:\Program Files\Microsoft\Office Live\npOLW.dll

    FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2010-07-27 19:35:53

    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(1448)

    C:\Windows\system32\btmmhook.dll

    .

    Completion time: 2010-07-27 19:38:19

    ComboFix-quarantined-files.txt 2010-07-28 00:38:02

    ComboFix2.txt 2010-07-27 15:35:24

    ComboFix3.txt 2010-07-23 19:25:33

    Pre-Run: 113,383,059,456 bytes free

    Post-Run: 113,366,892,544 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

    - - End Of File - - C680A0E6F92060881E8697220A9B80E7

    O Jotti's foi bem rápido e informou que nada foi encontrado.

    Log do GMER:

    GMER 1.0.15.15281 - http://www.gmer.net

    Rootkit scan 2010-07-27 20:18:30

    Windows 6.0.6002 Service Pack 2

    Running: gmer.exe; Driver: C:\Users\DOMINI~1\AppData\Local\Temp\pxldapod.sys

    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\Drivers\xjezifn.sys A device attached to the system is not functioning. !

    ? C:\Users\DOMINI~1\AppData\Local\Temp\pxldapod.sys Access is denied. !

    ? C:\Users\DOMINI~1\AppData\Local\Temp\catchme.sys Access is denied. !

    ? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

    ? C:\Users\DOMINI~1\AppData\Local\Temp\mbr.sys Access is denied. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.exe[1448] kernel32.dll!FreeLibrary 75793DB4 5 Bytes JMP 0706A310 C:\Windows\Downloaded Program Files\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

    .text C:\Windows\Explorer.exe[1448] kernel32.dll!FreeLibraryAndExitThread 75794642 5 Bytes JMP 0706A040 C:\Windows\Downloaded Program Files\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [73E17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [73E6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73E1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73E0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [73E175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73E0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73E1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [73E0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [73E0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [73E071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73E9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73E3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73E0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [73E06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [73E0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.exe[1448] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73E12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 86683118

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Services - GMER 1.0.15 ----

    Service C:\PROGRA~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

    Service (*** hidden *** ) [bOOT] xjezifn <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

    Será que desta vez foi ou esta peste de vírus ainda está aqui?

    Editado por Rmpessoa

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Vamos utilizar o GMER para eliminar um serviço e remover o arquivo:

    • Abra a pasta do gmer e dê duplo clique em gmer.exe
    • Quando iniciada, a ferramenta GMER irá fazer um breve scan, permita que esse scan seja concluído, e depois clique em No, caso seja questionado para rodar um full scan.

    GMER1.jpg

    • Clique na tab Services

    GMER_Services_Tab.jpg

    • Localize o seguinte serviço: (Nota: Deverá estar a vermelho)

      xjezifn

    • Clique no nome do serviço para o selecionar, e depois clique direito do mouse e escolha Delete...

      GMER_Delete_Service.jpg

    • Clique OK na primeira caixa de dialogo para remover o serviço
    • Clique OK na segunda caixa de dialogo para confirmar a remoção do arquivo
    • Clique OK para sair do programa

    Avise-me caso tenha tido algum problema ao executar esta tarefa.

    >>>> Depois faça um novo log do GMER e poste aqui!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tentei deletar mas estes erros aparecem:

    Error 0xC0000010: Service "xjezifn" was not deleted.

    Depois vem este:

    File "" couldn't be deleted. Error 0x0000007B !: The filename, directory name, or volume label syntax is incorrect.

    Não consegui deletar este arquivo seguindo o seu passo a passo. :-(

    Tem um outro arquivo em vermelho na lista, ele se chama: GbpSv AUTO Service for G-Buster Browser Defense.

    Alguma sugestão? :-(

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Tentei deletar mas estes erros aparecem:

    Error 0xC0000010: Service "xjezifn" was not deleted.

    Depois vem este:

    File "" couldn't be deleted. Error 0x0000007B !: The filename, directory name, or volume label syntax is incorrect.

    Deve ser porque o arquivo não mais existe, somente o serviço, mas vamos ver isso ;)
    Tem um outro arquivo em vermelho na lista, ele se chama: GbpSv AUTO Service for G-Buster Browser Defense.
    Esse é legítimo, é um plugin de banco :)

    # Etapa nº 1 #

    Faça o donwload do OTL by OldTimer e salve em seu Desktop.

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Deixe a tela principal configurada conforme figura abaixo:

    4046743195_16d3cb1e94_o.jpg

    • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dl
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    /md5stop


    • Clique no botão 3978388475_e858baec2d_o.jpg
    • Não interrompa o scan em hipótese alguma;
    • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
    • Reinicie o computador;
    • Poste os dois logs em sua próxima resposta.
    • Não exclua o OTL

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Seguem os logs solicitados. Será que desta vez foi? ;-)

    OTL:

    OTL logfile created on: 8/4/2010 12:05:31 PM - Run 1

    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dominique\Desktop

    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18928)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free

    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 223.26 Gb Total Space | 108.92 Gb Free Space | 48.79% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: DOMI

    Current User Name: Dominique

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010/08/04 11:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dominique\Desktop\OTL.exe

    PRC - [2010/04/08 12:14:07 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    PRC - [2010/03/24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    PRC - [2009/04/11 01:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

    PRC - [2009/01/08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe

    PRC - [2008/05/16 16:01:18 | 000,047,080 | ---- | M] () -- C:\Program Files\GbPlugin\GbpSv.exe

    PRC - [2008/01/19 02:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

    PRC - [2007/10/31 16:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

    PRC - [2007/10/31 12:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

    PRC - [2007/10/30 14:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    PRC - [2007/10/30 14:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    PRC - [2007/09/19 14:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    PRC - [2007/09/19 08:20:05 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe

    PRC - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

    PRC - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    PRC - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

    PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

    PRC - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

    PRC - [2007/06/15 15:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

    PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

    PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    ========== Modules (SafeList) ==========

    MOD - [2010/08/04 11:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dominique\Desktop\OTL.exe

    MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

    MOD - [2008/01/19 02:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

    MOD - [2007/10/30 14:03:22 | 000,208,896 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtMmHook.dll

    MOD - [2007/10/30 13:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [unknown | Running] -- -- (GbpSv)

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

    SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)

    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

    SRV - [2008/01/19 02:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV - [2007/10/31 12:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)

    SRV - [2007/09/29 00:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

    SRV - [2007/09/20 21:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

    SRV - [2007/09/11 03:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

    SRV - [2007/08/28 19:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

    SRV - [2007/08/28 19:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

    SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

    SRV - [2007/06/28 11:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

    SRV - [2007/06/28 11:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

    SRV - [2007/06/20 18:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)

    SRV - [2007/06/20 18:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)

    SRV - [2007/06/20 18:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)

    SRV - [2007/06/20 18:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)

    SRV - [2007/06/20 18:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)

    SRV - [2007/06/20 18:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)

    SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

    SRV - [2007/01/13 18:28:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

    SRV - [2007/01/10 19:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)

    SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

    SRV - [2006/12/14 05:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

    SRV - [2006/12/14 05:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

    SRV - [2006/12/14 04:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

    SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\DOMINI~1\AppData\Local\Temp\catchme.sys -- (catchme)

    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

    DRV - [2010/06/02 10:10:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

    DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)

    DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)

    DRV - [2008/06/10 10:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

    DRV - [2008/01/19 01:15:00 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

    DRV - [2007/11/16 09:01:53 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)

    DRV - [2007/11/16 08:13:23 | 000,017,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)

    DRV - [2007/11/16 08:13:19 | 000,099,880 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)

    DRV - [2007/11/16 08:13:19 | 000,081,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)

    DRV - [2007/11/16 08:12:00 | 000,028,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)

    DRV - [2007/10/29 22:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

    DRV - [2007/10/16 08:28:34 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)

    DRV - [2007/10/16 08:28:34 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)

    DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

    DRV - [2007/09/19 16:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

    DRV - [2007/09/19 08:19:52 | 001,776,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

    DRV - [2007/09/06 08:24:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

    DRV - [2007/09/06 08:23:59 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

    DRV - [2007/09/06 08:23:56 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

    DRV - [2007/09/06 08:23:56 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

    DRV - [2007/08/28 21:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)

    DRV - [2007/05/24 20:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

    DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

    DRV - [2007/04/06 14:18:09 | 001,761,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

    DRV - [2007/03/07 22:38:05 | 000,181,560 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

    DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

    DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

    DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

    DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

    DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

    DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

    DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

    DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

    DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

    DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

    DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

    DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

    DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

    DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

    DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

    DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

    DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

    DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

    DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

    DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

    DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

    DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

    DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

    DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

    DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

    DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

    DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

    DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

    DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

    DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

    DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

    DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

    DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

    DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

    DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

    DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

    DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

    DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

    DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

    DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

    DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

    DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

    DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

    DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.terra.com.br/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://mail.terra.com.br/"

    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

    FF - prefs.js..network.proxy.no_proxies_on: "*.local"

    FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/19 17:35:39 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox

    FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/08 12:15:26 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/26 09:27:41 | 000,000,000 | ---D | M]

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/26 09:27:41 | 000,000,000 | ---D | M]

    [2009/08/07 19:48:20 | 000,000,000 | ---D | M] -- C:\Users\Dominique\AppData\Roaming\Mozilla\Extensions

    [2010/08/02 12:05:46 | 000,000,000 | ---D | M] -- C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\2jgwwqmv.default\extensions

    [2009/08/11 21:54:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\2jgwwqmv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    [2010/08/02 12:05:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/07/27 19:04:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

    O1 - Hosts: 127.0.0.1 localhost

    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Windows\Downloaded Program Files\gbiehabn.dll ()

    O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

    O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

    O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

    O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

    O4 - Startup: C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

    O16 - DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} file:///F:/data/index/ses_ocx/sessearch.ocx (SESSearchCtrl Class)

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

    O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab (GbPluginObj Class)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.72.134 68.87.77.134

    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll File not found

    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

    O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

    O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

    O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Windows\Downloaded Program Files\gbiehabn.dll ()

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *) - File not found

    O34 - HKLM BootExecute: (SsiEfr.exe) - File not found

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = ComFile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found

    NetSvcs: Ias - File not found

    NetSvcs: Nla - File not found

    NetSvcs: Ntmssvc - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: SRService - File not found

    NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: LogonHours - File not found

    NetSvcs: PCAudit - File not found

    NetSvcs: helpsvc - File not found

    NetSvcs: uploadmgr - File not found

    SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found

    SafeBootMin: Base - Driver Group

    SafeBootMin: Boot Bus estender - Driver Group

    SafeBootMin: Boot file system - Driver Group

    SafeBootMin: File system - Driver Group

    SafeBootMin: Filter - Driver Group

    SafeBootMin: HelpSvc - Service

    SafeBootMin: NTDS - File not found

    SafeBootMin: PCI Configuration - Driver Group

    SafeBootMin: PEVSystemStart - Service

    SafeBootMin: PNP Filter - Driver Group

    SafeBootMin: Primary disk - Driver Group

    SafeBootMin: procexp90.Sys - Driver

    SafeBootMin: sacsvr - Service

    SafeBootMin: SCSI Class - Driver Group

    SafeBootMin: System Bus estender - Driver Group

    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found

    SafeBootNet: Base - Driver Group

    SafeBootNet: Boot Bus estender - Driver Group

    SafeBootNet: Boot file system - Driver Group

    SafeBootNet: File system - Driver Group

    SafeBootNet: Filter - Driver Group

    SafeBootNet: HelpSvc - Service

    SafeBootNet: Messenger - Service

    SafeBootNet: NDIS Wrapper - Driver Group

    SafeBootNet: NetBIOSGroup - Driver Group

    SafeBootNet: NetDDEGroup - Driver Group

    SafeBootNet: Network - Driver Group

    SafeBootNet: NetworkProvider - Driver Group

    SafeBootNet: NTDS - File not found

    SafeBootNet: PCI Configuration - Driver Group

    SafeBootNet: PEVSystemStart - Service

    SafeBootNet: PNP Filter - Driver Group

    SafeBootNet: PNP_TDI - Driver Group

    SafeBootNet: Primary disk - Driver Group

    SafeBootNet: procexp90.Sys - Driver

    SafeBootNet: rdsessmgr - Service

    SafeBootNet: sacsvr - Service

    SafeBootNet: SCSI Class - Driver Group

    SafeBootNet: Streams Drivers - Driver Group

    SafeBootNet: System Bus estender - Driver Group

    SafeBootNet: TDI - Driver Group

    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

    SafeBootNet: WudfPf - Driver

    SafeBootNet: WudfUsbccidDriver - Driver

    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -

    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

    Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)

    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/08/04 11:59:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dominique\Desktop\OTL.exe

    [2010/07/28 18:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ResearchSoft

    [2010/07/28 18:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

    [2010/07/28 18:47:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi

    [2010/07/27 20:56:47 | 000,000,000 | ---D | C] -- C:\Users\Dominique\AppData\Local\Temp

    [2010/07/27 19:37:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

    [2010/07/27 19:29:09 | 000,000,000 | ---D | C] -- C:\ComboFix

    [2010/07/27 19:28:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

    [2010/07/23 13:08:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

    [2010/07/23 13:08:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

    [2010/07/23 13:08:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

    [2010/07/23 13:07:59 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

    [2010/07/23 12:26:17 | 000,000,000 | ---D | C] -- C:\Qoobox

    [2010/07/23 09:12:16 | 000,000,000 | ---D | C] -- C:\Lop SD

    [2010/07/20 08:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton

    [2010/07/20 08:21:17 | 000,000,000 | ---D | C] -- C:\Users\Dominique\AppData\Local\NPE

    [2010/07/20 07:57:37 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

    [2010/07/20 07:57:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

    [2010/07/20 07:57:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

    [2010/07/20 07:57:37 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

    [2010/07/20 07:57:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

    [2010/07/20 07:57:36 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

    [2010/07/20 07:57:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

    [2010/07/20 07:57:36 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

    [2010/07/20 07:57:36 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

    [2010/07/20 07:57:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

    [2010/07/20 07:57:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

    [2010/07/20 07:57:36 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

    [2010/07/20 07:57:36 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

    [2010/07/20 07:57:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

    [2010/07/20 07:57:36 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

    [2010/07/20 07:25:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

    [2010/07/20 07:25:42 | 000,000,000 | ---D | C] -- C:\Users\Dominique\AppData\Roaming\Anti-spyware

    [2010/07/19 22:57:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\MpEngineStore

    [2010/07/15 15:12:51 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

    [2010/07/14 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Dominique\Desktop\Biomedical-PPT-Toolkit-Suite

    [2010/07/14 12:00:47 | 000,000,000 | ---D | C] -- C:\Users\Dominique\Documents\Metastasis book.Data

    [2010/07/05 17:43:21 | 000,000,000 | ---D | C] -- C:\Users\Dominique\Desktop\Proteomics

    ========== Files - Modified Within 30 Days ==========

    [2010/08/04 12:07:12 | 000,766,976 | ---- | M] () -- C:\Windows\System32\drivers\xjezifn.sys

    [2010/08/04 12:06:28 | 003,932,160 | -HS- | M] () -- C:\Users\Dominique\ntuser.dat

    [2010/08/04 12:05:58 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

    [2010/08/04 12:05:58 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

    [2010/08/04 12:05:58 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    [2010/08/04 11:59:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dominique\Desktop\OTL.exe

    [2010/08/04 11:55:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

    [2010/08/04 11:55:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

    [2010/08/04 11:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2010/08/03 14:13:04 | 000,252,006 | ---- | M] () -- C:\Users\Dominique\Documents\Metastasis book.enl

    [2010/08/02 20:18:17 | 000,990,208 | ---- | M] () -- C:\Users\Dominique\Documents\Book1.doc

    [2010/08/02 11:01:18 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

    [2010/08/01 18:29:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

    [2010/08/01 18:28:55 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys

    [2010/08/01 18:27:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

    [2010/08/01 18:27:54 | 000,524,288 | -HS- | M] () -- C:\Users\Dominique\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

    [2010/08/01 18:27:54 | 000,065,536 | -HS- | M] () -- C:\Users\Dominique\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

    [2010/08/01 18:27:48 | 003,266,844 | -H-- | M] () -- C:\Users\Dominique\AppData\Local\IconCache.db

    [2010/07/28 11:24:34 | 002,008,576 | ---- | M] () -- C:\Users\Dominique\Documents\Power of Molecular Biology .ppt

    [2010/07/27 19:44:48 | 000,002,005 | ---- | M] () -- C:\Users\Dominique\Desktop\2ce586a63459e7e611b928caae7f38022e4968e9.htm

    [2010/07/27 19:44:31 | 000,002,005 | ---- | M] () -- C:\Users\Dominique\Desktop\2ce586a63459e7e611b928caae7f38022e4968e9.html

    [2010/07/27 19:43:41 | 000,002,005 | ---- | M] () -- C:\Users\Dominique\Desktop\ultimahtml.htm

    [2010/07/27 19:35:54 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini

    [2010/07/27 19:28:09 | 003,745,790 | R--- | M] () -- C:\Users\Dominique\Desktop\ComboFix.exe

    [2010/07/27 19:24:38 | 000,293,376 | ---- | M] () -- C:\Users\Dominique\Desktop\gmer.exe

    [2010/07/27 19:22:48 | 000,002,005 | ---- | M] () -- C:\Users\Dominique\Desktop\dde7089a56ba7d992856f6a56a44d574ae212d69.htm

    [2010/07/27 19:04:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

    [2010/07/22 20:58:28 | 000,026,112 | ---- | M] () -- C:\Users\Dominique\Documents\CARTA CONVITE_Rafa.doc

    [2010/07/22 20:45:35 | 000,000,000 | ---- | M] () -- C:\Users\Dominique\AppData\Local\prvlcl.dat

    [2010/07/21 22:09:29 | 004,489,079 | ---- | M] () -- C:\Users\Dominique\Documents\introduction_to_proteomics_part_1x.pdf

    [2010/07/20 07:51:08 | 062,233,142 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

    [2010/07/19 18:28:35 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

    [2010/07/15 15:12:51 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll

    [2010/07/12 23:11:13 | 000,130,048 | ---- | M] () -- C:\Users\Dominique\Documents\Draft molecular.doc

    [2010/07/12 19:39:22 | 001,645,568 | ---- | M] () -- C:\Users\Dominique\Documents\POSTER CAP 2010 updated FINAL VERSION.ppt

    [2010/07/11 20:59:23 | 000,102,912 | ---- | M] () -- C:\Users\Dominique\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    [2010/07/09 10:51:46 | 000,026,112 | ---- | M] () -- C:\Users\Dominique\Documents\Book.doc

    [2010/07/09 10:46:12 | 000,000,162 | -H-- | M] () -- C:\Users\Dominique\Documents\~$Book.doc

    [2010/07/09 10:45:58 | 000,000,162 | -H-- | M] () -- C:\Users\Dominique\Documents\~$aft molecular.doc

    [2010/07/09 10:30:18 | 002,020,940 | ---- | M] () -- C:\Users\Dominique\Documents\POSTER CAP 2010 updated FINAL VERSION.pdf

    ========== Files Created - No Company Name ==========

    [2010/07/28 11:24:32 | 002,008,576 | ---- | C] () -- C:\Users\Dominique\Documents\Power of Molecular Biology .ppt

    [2010/07/27 19:44:47 | 000,002,005 | ---- | C] () -- C:\Users\Dominique\Desktop\2ce586a63459e7e611b928caae7f38022e4968e9.htm

    [2010/07/27 19:44:31 | 000,002,005 | ---- | C] () -- C:\Users\Dominique\Desktop\2ce586a63459e7e611b928caae7f38022e4968e9.html

    [2010/07/27 19:43:41 | 000,002,005 | ---- | C] () -- C:\Users\Dominique\Desktop\ultimahtml.htm

    [2010/07/27 19:22:48 | 000,002,005 | ---- | C] () -- C:\Users\Dominique\Desktop\dde7089a56ba7d992856f6a56a44d574ae212d69.htm

    [2010/07/23 13:08:07 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

    [2010/07/23 13:08:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

    [2010/07/23 13:08:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

    [2010/07/23 13:08:07 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe

    [2010/07/23 13:08:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

    [2010/07/23 12:59:31 | 003,745,790 | R--- | C] () -- C:\Users\Dominique\Desktop\ComboFix.exe

    [2010/07/22 20:58:27 | 000,026,112 | ---- | C] () -- C:\Users\Dominique\Documents\CARTA CONVITE_Rafa.doc

    [2010/07/22 18:40:49 | 3211,190,272 | -HS- | C] () -- C:\hiberfil.sys

    [2010/07/21 22:09:11 | 004,489,079 | ---- | C] () -- C:\Users\Dominique\Documents\introduction_to_proteomics_part_1x.pdf

    [2010/07/19 18:29:35 | 000,766,976 | ---- | C] () -- C:\Windows\System32\drivers\xjezifn.sys

    [2010/07/19 18:28:34 | 000,000,150 | ---- | C] () -- C:\zrpt.xml

    [2010/07/14 12:00:47 | 000,252,006 | ---- | C] () -- C:\Users\Dominique\Documents\Metastasis book.enl

    [2010/07/09 11:51:50 | 000,990,208 | ---- | C] () -- C:\Users\Dominique\Documents\Book1.doc

    [2010/07/09 10:46:12 | 000,000,162 | -H-- | C] () -- C:\Users\Dominique\Documents\~$Book.doc

    [2010/07/09 10:46:11 | 000,026,112 | ---- | C] () -- C:\Users\Dominique\Documents\Book.doc

    [2010/07/09 10:45:58 | 000,130,048 | ---- | C] () -- C:\Users\Dominique\Documents\Draft molecular.doc

    [2010/07/09 10:45:58 | 000,000,162 | -H-- | C] () -- C:\Users\Dominique\Documents\~$aft molecular.doc

    [2010/07/09 10:30:18 | 002,020,940 | ---- | C] () -- C:\Users\Dominique\Documents\POSTER CAP 2010 updated FINAL VERSION.pdf

    [2010/07/07 16:14:29 | 001,645,568 | ---- | C] () -- C:\Users\Dominique\Documents\POSTER CAP 2010 updated FINAL VERSION.ppt

    [2010/06/06 13:41:20 | 000,000,272 | ---- | C] () -- C:\Windows\PhEdit.INI

    [2009/06/09 15:55:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

    [2009/05/08 14:21:08 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

    [2009/05/08 14:21:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

    [2009/04/22 17:53:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

    [2008/10/27 17:21:12 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\B2AB79BDAD.sys

    [2008/10/27 17:21:11 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys

    [2007/12/13 09:41:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

    [2007/12/13 08:05:36 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

    [2007/12/13 08:02:36 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

    [2007/12/13 08:02:36 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

    [2007/12/13 08:02:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll

    [2007/10/30 13:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

    [2007/01/13 18:47:35 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

    [2007/01/13 18:46:17 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    [2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

    ========== Custom Scans ==========

    < MD5 for: ATAPI.SYS >

    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys

    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

    [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

    [2008/01/19 02:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

    [2008/01/19 02:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

    [2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

    < MD5 for: CNGAUDIT.DLL >

    [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll

    [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

    [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

    < MD5 for: NETLOGON.DLL >

    [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

    [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll

    [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

    [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

    [2008/01/19 02:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

    < MD5 for: NVSTOR.SYS >

    [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

    [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

    [2008/01/19 02:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

    [2008/01/19 02:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

    < MD5 for: SCECLI.DLL >

    [2008/01/19 02:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

    [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

    [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll

    [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

    [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

    < End of report >

    Editado por Rmpessoa

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Tive de postar 2 vezes pois não estava conseguindo postar tudo junto. Segue o segundo log.

    EXTRAS:

    OTL Extras logfile created on: 8/4/2010 12:05:31 PM - Run 1

    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Dominique\Desktop

    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

    Internet Explorer (Version = 8.0.6001.18928)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free

    6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 223.26 Gb Total Space | 108.92 Gb Free Space | 48.79% Space Free | Partition Type: NTFS

    D: Drive not present or media not loaded

    E: Drive not present or media not loaded

    F: Drive not present or media not loaded

    G: Drive not present or media not loaded

    H: Drive not present or media not loaded

    I: Drive not present or media not loaded

    Computer Name: DOMI

    Current User Name: Dominique

    Logged in as Administrator.

    Current Boot Mode: Normal

    Scan Mode: Current user

    Company Name Whitelist: Off

    Skip Microsoft Files: Off

    File Age = 30 Days

    Output = Standard

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "cval" = 1

    "FirewallDisableNotify" = 0

    "AntiVirusDisableNotify" = 0

    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    "AntiVirusOverride" = 0

    "AntiSpywareOverride" = 0

    "FirewallOverride" = 0

    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{015E201B-B468-4224-9565-6C1DED2AC20F}" = lport=445 | protocol=6 | dir=in | app=system |

    "{0725B096-FAD0-4D68-A90C-476C28144F69}" = lport=138 | protocol=17 | dir=in | app=system |

    "{09D3ED0D-ECAC-4AB2-AAF1-0FC62EC5F0E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    "{16210A42-6729-453D-A34F-D3B313B5AD66}" = rport=139 | protocol=6 | dir=out | app=system |

    "{2373A2E3-4309-43DB-B5AC-37B98A63C496}" = rport=445 | protocol=6 | dir=out | app=system |

    "{69BFAF3D-591B-4C97-B31D-B4F5E167F9DA}" = rport=138 | protocol=17 | dir=out | app=system |

    "{788D993D-5C1B-4309-8B16-7B8CBE799C4B}" = lport=139 | protocol=6 | dir=in | app=system |

    "{91A83A68-3B43-41C9-9A21-3CC5FB7F8801}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    "{9A48250F-52B8-4F4C-9A19-A9E72178115F}" = rport=137 | protocol=17 | dir=out | app=system |

    "{B63D91F5-103B-4679-9139-9756F1E875A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    "{C7A124B4-4EEB-4F25-A60B-2885FF5BBBAA}" = lport=2869 | protocol=6 | dir=in | app=system |

    "{FCD23469-83AB-4D6E-ACE8-AC048A6BF716}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{01A1EDBD-99FB-4285-A0B3-691D6CBDF9A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{02A5F7DA-B53B-46CB-8C0E-5CC64E4FAB42}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{03336AC9-F10E-419A-B7C2-08A4040E0F51}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{052D45AC-76AD-4DB3-B7A3-6811D6C9AE25}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

    "{0895E645-4A21-4A91-99A6-C35D85548342}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{098F3DE5-DDC1-4B7B-AD2A-A205B405E03C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

    "{106D042A-918D-470A-9A1F-347A3FB7236B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{14552B19-960E-4085-A237-36A90CBC84FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{154EA35A-8EB4-486A-8614-68E6AE0ABE58}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{18EE174C-85EF-4472-BEE3-60F78AE6ED8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{1A30470D-E117-4C19-B266-EE05FB89B2AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{1B499581-5934-4FD8-A0D5-F6D0A01DD327}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{235C4837-BBD2-447B-87C0-878FC3E53C0E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{25D74CE6-E773-4E30-AB06-2BF33AECB20E}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

    "{28EC4B57-396F-4D0F-85C9-A96C54320D86}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    "{2B602634-33B8-4918-97D9-394FC9C0767F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{2E33B8F3-7283-491B-96D8-A48253AABAE5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{2FCB06E2-C36C-463F-A2F5-1BDB5C42C212}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{30133406-5A5F-4E99-8EAF-CF7BC0304BD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{321E3F97-7F8D-4E7C-BF63-9170EBE9B3DC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{385948AF-81C0-4CC3-BD77-8C1E08C6E293}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{3B11FBF6-7140-4A9B-B3F9-0FCCC785AB1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{422C2AB1-0BB9-4BF7-877E-90FB292DDFBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{433A68E0-A522-42E8-97E7-466191564636}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{4A4AC172-DAA1-4A8A-A850-55F8F54C6840}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{4B70C17F-F1DF-4129-8B9B-F9786E0FF41E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{4BE1F84C-5ACC-4F9A-A84B-E4CB5F3A48F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{4E5F4C96-0C21-4E32-9E27-2C642BA31CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{502E5198-3255-4867-8967-D47577EB0C2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{508E8CE8-E1C9-4DA4-A0B6-48F1DAE41400}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{51C1025C-AC75-4607-8A9D-7E908121370B}" = protocol=6 | dir=in | app=c:\program files\windows defender\msascui.exe |

    "{5B3EF4E6-3CE0-4662-8FA8-69F229099A82}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{5C876C7F-503F-4FF9-A3CA-2D66257C865A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{5DB183D5-7CAC-447C-A03F-D8499B80E2EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{614051A1-059A-49CB-926C-06AEEEF08484}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{627C0AC7-65A5-4563-966B-8E8A9C08BC92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

    "{66DC4D53-1E71-40F1-9D95-513F7B87C068}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{671CBB7E-55D7-4C1E-BC1D-53868D1B2CE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{6C0128CD-EF20-47A7-99EC-372D955ACEC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{711ADAD0-2301-4805-A123-FE84AC8EF34E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{71AA96E1-232B-44D9-991C-D69568910EE6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{71D67F3E-9A3C-4F81-BC0D-2B8EB22FD0C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{7202095A-EF1C-4A1E-B6EA-164567CFBBD1}" = protocol=17 | dir=in | app=c:\program files\windows defender\msascui.exe |

    "{762A42C3-DAA8-4061-A3BA-43409FD4E41C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{76483D22-2D33-4BBD-AD66-0F3F2D347C78}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{7925BEA1-D44C-43FC-BA18-F7C3C960B432}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

    "{7A2A5713-9078-40E7-8BF8-B45B501C1255}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    "{81728164-5997-4BA2-AD5B-1DA931700222}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{8213E2FF-F83A-451E-8746-5380CB7FCE5C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{8246C3B3-4004-40C0-B6D6-22FC01EBFEB7}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

    "{8695199A-339C-4DBE-8F9C-97AA0A49922E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{88CD663A-5820-440C-829D-8FAE48C377FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{8B1F24AA-E0FC-4351-AEFB-B2C0380BAA08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    "{8CABFA88-B424-445D-862C-6FE877D67548}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{8CD04A23-3EF2-49D2-8FAA-DF95D9267465}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{8F60EFD1-F670-4DD3-A802-D0BC4AA1C2A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{90578FD0-AE18-4568-85C5-819AEAA294CF}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

    "{91470CF2-9479-4A86-AE15-D98B9A2C632B}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

    "{9343004A-CAFA-4633-B5CC-62DCC7314A20}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{98E9B436-12D6-4B66-AB6D-A79C5F2B6062}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{9938DCD1-2D01-4AF2-B786-E786229545F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{9B8FCDF0-B012-4BBC-A443-33CE8ADCDE88}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{9D01C3C7-B040-4EFD-8FC7-3F4408F72D2F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{9D18E66C-8E38-4F5E-A763-6DACAA1463DB}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

    "{9D2EE73A-DED1-4859-ADB5-D0E0439E8032}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{9D42C8E4-DD41-4051-81B7-70BF657FE85C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{A4634858-55C2-47A8-AD79-599111531D08}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{A4FB4ED4-56D0-47AD-B980-A53481700761}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{A725E798-11B2-4B4D-8EB3-CEB9795482AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{A73371C2-85E5-4AA1-802A-5BF0266B866A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{A85EDFD2-8971-416A-8A49-0259F571A3E3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    "{A9D2FE06-1AA6-47B8-8DB1-91470AF122E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{AB570B41-8E91-4051-9411-CBFA5B24D975}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{B1F33B43-8732-4642-8665-FE07B1DE516F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{B216776B-CD2C-4CAD-9BDC-78D39EC19E1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{B42C41DC-37EF-4775-933C-19C463C9D416}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    "{B680F04A-2B26-4B5A-BF09-31370F4AD9AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{B91E7F8D-99D6-4F79-A3B9-8EF016C2542E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{B9805CE0-63CC-47B7-AD17-F89D7AA05710}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{BBBF346A-B66F-4BB0-AE0E-84801C784586}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{BEDEFD6A-B16A-4B76-9D5C-49695E8A347B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{BEFD1F00-FDED-4E2D-8820-BF057C28C7E4}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C156C8F7-6D8F-4B47-9CDC-19867F058B7E}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

    "{C1D0EE15-6F60-44B4-9F88-923EC5CE92AA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C3CEFECC-B345-4DB4-8D5D-0557AAD74543}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C4BCBC91-560B-4332-B7C6-D53F3B31324E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C4D03522-823B-4A27-A55E-A8593ACA1164}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C6FAACE5-CE17-4719-ABF5-D7060936F703}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{C8AC7BAC-02B7-4DB6-A2ED-A01CA0B2CD05}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{CA168323-25BD-4E14-A186-07AF507AD3A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{CA8A8092-CF47-46D0-B950-64F8F59F0BC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{D0620E55-7F05-454E-AC72-B974F158F1E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{D349026E-C85D-4FC7-ABF4-36D271233EED}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{D5044D4F-89CE-4ABA-9246-2E968D767CC2}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{D74FBA39-444A-406B-8AF6-42B4E080B837}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{D8E842DE-A7A4-4A9C-B6ED-E49FE2C2FE0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{DCA2DFCC-C10E-44C8-A773-51F95FBA0EAA}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{E1B9D795-784D-4C64-9B4E-F8BC5815E62B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    "{E599B1C7-7EBE-4506-B01E-3173E67E4AA3}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{E5C8391C-4D5F-414F-8DAF-4A3EDA710C6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{E61A1954-D156-4400-863F-6FA9C01A4786}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{E8D01952-9014-4FE9-B471-95E79D6F9563}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{EC67221F-2987-4BD6-B7CA-07521438FAFC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

    "{F6219E60-6F4C-4C5F-9514-8EEAEF1B706E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{FAC2057A-CBA0-4EDC-B152-BAC86125EF23}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

    "{FEE5191A-2203-43A9-B041-A99108F5CE48}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "TCP Query User{59F1803D-E006-49BC-9215-051B2B5CE6DA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

    "TCP Query User{6BFABEE7-E31B-42FE-BE28-09F354CDA356}C:\program files\usmle\2009fredv2step2\fredv2orient.exe" = protocol=6 | dir=in | app=c:\program files\usmle\2009fredv2step2\fredv2orient.exe |

    "TCP Query User{93A35EF8-4B9D-47DB-BA0D-51CF7A8514A9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    "TCP Query User{BF3C632C-DB52-4DE5-A907-E449F85155CE}C:\program files\usmle\2009fredv2step2\ned.exe" = protocol=6 | dir=in | app=c:\program files\usmle\2009fredv2step2\ned.exe |

    "UDP Query User{1092ED24-63BA-43A2-AC96-2E81C1198FD8}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

    "UDP Query User{5AEC78F4-38EF-42D5-BFAA-0BCD943F8521}C:\program files\usmle\2009fredv2step2\fredv2orient.exe" = protocol=17 | dir=in | app=c:\program files\usmle\2009fredv2step2\fredv2orient.exe |

    "UDP Query User{BE825F98-CAB6-489D-BC6D-016BDC647FB9}C:\program files\usmle\2009fredv2step2\ned.exe" = protocol=17 | dir=in | app=c:\program files\usmle\2009fredv2step2\ned.exe |

    "UDP Query User{C800E9CC-94AD-4D47-807C-9FB0D1E83C44}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

    "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager

    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200

    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp

    "{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety

    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0

    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 17

    "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story

    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

    "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility

    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

    "{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager

    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

    "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0

    "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager

    "{40A5DF56-329E-433C-8E79-99807E02F90F}" = Rayman Raving Rabbids

    "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library

    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax

    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

    "{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite

    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0

    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0

    "{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects

    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0

    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

    "{616F0D12-BB36-46A4-8EE9-19505F589931}" = BrOffice.org 3.0

    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360

    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2

    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

    "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting

    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

    "{6B31B392-F0BC-4113-B2DB-C97C3DB645D6}" = 2009FredV2Step2

    "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility

    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone

    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1

    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management

    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

    "{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}" = EndNote X3

    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour

    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

    "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime

    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer

    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

    "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery

    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

    "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support

    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

    "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

    "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-

    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

    "{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd

    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

    "{A9DC9256-709F-4BEA-B39D-4F11D90585AA}" = HP Smart Web Printing

    "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting

    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

    "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager

    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3

    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0

    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

    "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min

    "{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0

    "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library

    "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext

    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home

    "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software

    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

    "{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help

    "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager

    "{C5BD36D8-E66E-4BEA-BFD1-A23EED6487E9}" = VAIO OOBE and Welcome Center

    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

    "{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200

    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

    "{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media

    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

    "{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool

    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

    "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes

    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

    "{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio

    "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode

    "{E79467B0-7148-4E37-B91A-EB6107C3BB68}" = VAIO Help and Support

    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset

    "{EF0E9E8C-24B0-4BEC-A255-9B6819C5B21F}" = FRED

    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

    "{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc

    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

    "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates

    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status

    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update

    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0

    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

    "HDMI" = Intel® Graphics Media Accelerator Driver

    "HOMESTUDENTR" = Microsoft Office Home and Student 2007

    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0

    "HP Smart Web Printing" = HP Smart Web Printing

    "HPOCR" = HP OCR Software 9.0

    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01

    "PremElem40" = Adobe Premiere Elements 4.0

    "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates

    "RealPlayer 12.0" = RealPlayer

    "ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper

    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    "TOEFL Sample Questions" = TOEFL Sample Questions

    "WinLiveSuite_Wave3" = Windows Live Essentials

    "Xvid_is1" = Xvid 1.1.3 final uninstall

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Usmleworld Sim Exam V2" = Usmleworld Sim Exam V2

    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]

    Error - 7/20/2010 11:30:05 AM | Computer Name = Domi | Source = Microsoft-Windows-CAPI2 | ID = 131077

    Description =

    Error - 7/20/2010 11:31:13 AM | Computer Name = Domi | Source = Microsoft-Windows-CAPI2 | ID = 131077

    Description =

    Error - 7/20/2010 11:31:13 AM | Computer Name = Domi | Source = Microsoft-Windows-CAPI2 | ID = 131077

    Description =

    Error - 7/20/2010 2:46:45 PM | Computer Name = Domi | Source = Application Error | ID = 1000

    Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp

    0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,

    exception code 0xc000071b, fault offset 0x000888f5, process id 0x630, application

    start time 0x01cb280f1fdeafc2.

    Error - 7/20/2010 3:24:51 PM | Computer Name = Domi | Source = SideBySide | ID = 16842785

    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

    Dependent

    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/20/2010 3:24:51 PM | Computer Name = Domi | Source = SideBySide | ID = 16842785

    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

    Dependent

    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/20/2010 3:24:51 PM | Computer Name = Domi | Source = SideBySide | ID = 16842785

    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

    Dependent

    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/20/2010 3:24:51 PM | Computer Name = Domi | Source = SideBySide | ID = 16842785

    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

    Dependent

    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 7/20/2010 3:24:55 PM | Computer Name = Domi | Source = VzCdbSvc | ID = 7

    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

    code = 0x80042019)

    Error - 7/20/2010 3:31:23 PM | Computer Name = Domi | Source = VSS | ID = 8194

    Description =

    [ OSession Events ]

    Error - 3/23/2009 10:51:13 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session

    lasted 5 seconds with 0 seconds of active time. This session ended with a crash.

    Error - 3/23/2009 10:54:44 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session

    lasted 209 seconds with 120 seconds of active time. This session ended with a crash.

    Error - 4/6/2009 6:03:09 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session

    lasted 4643 seconds with 2040 seconds of active time. This session ended with a

    crash.

    Error - 4/18/2009 7:19:26 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session

    lasted 696 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 4/19/2009 5:38:33 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session

    lasted 192 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 8/10/2009 11:07:08 AM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

    12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3772

    seconds with 2520 seconds of active time. This session ended with a crash.

    Error - 2/17/2010 3:03:51 AM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

    lasted 26503 seconds with 9300 seconds of active time. This session ended with

    a crash.

    Error - 7/5/2010 11:43:32 AM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

    lasted 64864 seconds with 8100 seconds of active time. This session ended with

    a crash.

    Error - 7/12/2010 8:39:28 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

    lasted 19138 seconds with 1080 seconds of active time. This session ended with

    a crash.

    Error - 7/21/2010 11:10:57 PM | Computer Name = Domi | Source = Microsoft Office 12 Sessions | ID = 7001

    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

    12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13718

    seconds with 1620 seconds of active time. This session ended with a crash.

    [ System Events ]

    Error - 8/1/2010 12:42:06 PM | Computer Name = Domi | Source = DCOM | ID = 10016

    Description =

    Error - 8/1/2010 12:42:32 PM | Computer Name = Domi | Source = Service Control Manager | ID = 7000

    Description =

    Error - 8/1/2010 7:30:18 PM | Computer Name = Domi | Source = DCOM | ID = 10016

    Description =

    Error - 8/1/2010 7:30:18 PM | Computer Name = Domi | Source = DCOM | ID = 10016

    Description =

    Error - 8/1/2010 7:30:39 PM | Computer Name = Domi | Source = Service Control Manager | ID = 7000

    Description =

    Error - 8/1/2010 7:33:16 PM | Computer Name = Domi | Source = Print | ID = 6161

    Description = The document http://www.foodnetwork.com/..., owned by Dominique, failed

    to print on printer HP Officejet 7400 series. Try to print the document again,

    or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in

    bytes: 138484. Number of bytes printed: 0. Total number of pages in the document:

    2. Number of pages printed: 0. Client computer: \\DOMI. Win32 error code returned

    by the print processor: 2250. This network connection does not exist.

    Error - 8/2/2010 4:04:37 PM | Computer Name = Domi | Source = bowser | ID = 8003

    Description =

    Error - 8/2/2010 8:23:37 PM | Computer Name = Domi | Source = netbt | ID = 4321

    Description = The name "WORKGROUP :1d" could not be registered on the interface

    with IP address 192.168.1.110. The computer with the IP address 192.168.1.107 did

    not allow the name to be claimed by this computer.

    Error - 8/3/2010 11:14:02 AM | Computer Name = Domi | Source = bowser | ID = 8003

    Description =

    Error - 8/4/2010 12:36:38 PM | Computer Name = Domi | Source = bowser | ID = 8003

    Description =

    < End of report >

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    # Etapa nº 1 #

    Clique em iniciar > executar > digite cmd. No prompt digite ipconfig /flushdns

    # Etapa nº 2 #

    Poste um novo log do DDS

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Seguem os logs do DDS:

    DDS:

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by Dominique at 11:59:17.69 on Thu 08/05/2010

    Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17

    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1636 [GMT -5:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k rpcss

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k GPSvcGroup

    C:\Windows\system32\SLsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\PROGRA~1\GbPlugin\GbpSv.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\svchost.exe -k hpdevmgmt

    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\PSIService.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe

    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

    C:\Windows\System32\svchost.exe -k WerSvcGroup

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\system32\DRIVERS\xaudio.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\igfxext.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\system32\svchost.exe -k HPService

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Sony\ISB Utility\ISBMgr.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

    C:\Program Files\Java\jre6\bin\jusched.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\System32\svchost.exe -k HPZ12

    C:\Windows\system32\conime.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Users\Dominique\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://mail.terra.com.br/

    uInternet Settings,ProxyOverride = *.local

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\gbiehabn.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

    uRun: [sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun

    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

    mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

    mRun: [RtHDVCpl] RtHDVCpl.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

    mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe

    mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

    StartupFolder: c:\users\domini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\panasonic\photofunstudio -viewer-\PhAutoRun.exe

    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

    DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - file:///F:/data/index/ses_ocx/sessearch.ocx

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

    DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Notify: igfxcui - igfxdev.dll

    Notify: VESWinlogon - VESWinlogon.dll

    AppInit_DLLs: c:\windows\system32\avgrsstx.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\gbiehabn.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\domini~1\appdata\roaming\mozilla\firefox\profiles\2jgwwqmv.default\

    FF - prefs.js: browser.startup.homepage - hxxp://mail.terra.com.br/

    FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

    FF - plugin: c:\program files\microsoft\office live\npOLW.dll

    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-6-9 29584]

    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2007-1-13 125440]

    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-1-13 17920]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-13 28464]

    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-13 73472]

    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-13 43904]

    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-13 9344]

    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-13 818688]

    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2007-1-13 16896]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-6-9 19968]

    RUnknown GbpSv;GbpSv; [x]

    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-6 54632]

    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-13 745472]

    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-13 397312]

    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-13 1089536]

    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-12-13 292128]

    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-12-13 79136]

    =============== Created Last 30 ================

    2010-07-28 23:54:32 0 d-----w- c:\program files\common files\ResearchSoft

    2010-07-28 23:52:19 0 d-----w- c:\program files\common files\Wise Installation Wizard

    2010-07-28 00:37:26 0 d-sh--w- C:\$RECYCLE.BIN

    2010-07-28 00:29:09 0 d-----w- C:\ComboFix

    2010-07-23 18:08:07 98816 ----a-w- c:\windows\sed.exe

    2010-07-23 18:08:07 77312 ----a-w- c:\windows\MBR.exe

    2010-07-23 18:08:07 256512 ----a-w- c:\windows\PEV.exe

    2010-07-23 18:08:07 161792 ----a-w- c:\windows\SWREG.exe

    2010-07-23 14:12:16 0 d-----w- C:\Lop SD

    2010-07-20 13:21:23 0 d-----w- c:\programdata\Norton

    2010-07-20 12:25:42 0 d-----w- c:\users\domini~1\appdata\roaming\Anti-spyware

    2010-07-20 12:25:42 0 d-----w- c:\programdata\TEMP

    2010-07-20 03:57:39 0 d-----w- c:\windows\system32\MpEngineStore

    2010-07-19 23:29:35 766976 ----a-w- c:\windows\system32\drivers\xjezifn.sys

    2010-07-19 23:28:34 150 ----a-w- C:\zrpt.xml

    2010-07-15 20:12:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    ==================== Find3M ====================

    2010-05-21 19:14:28 221568 ----a-w- c:\windows\system32\MpSigStub.exe

    2009-06-10 16:48:43 51200 ----a-w- c:\windows\inf\infpub.dat

    2009-06-10 16:48:43 143360 ----a-w- c:\windows\inf\infstor.dat

    2009-06-10 16:48:42 143360 ----a-w- c:\windows\inf\infstrng.dat

    2009-06-10 16:39:17 665600 ----a-w- c:\windows\inf\drvindex.dat

    2007-01-14 00:59:41 174 --sha-w- c:\program files\desktop.ini

    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

    2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

    2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    2009-06-23 11:49:24 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    2009-10-17 02:44:20 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    2008-10-27 22:21:13 88 --sh--r- c:\windows\system32\B2AB79BDAD.sys

    2008-10-27 22:22:36 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

    ============= FINISH: 11:59:26.33 ===============

    Attach:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft® Windows Vista™ Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 6/8/2008 4:11:16 PM

    System Uptime: 8/5/2010 4:33:28 AM (7 hours ago)

    Motherboard: Sony Corporation | | VAIO

    Processor: Intel® Core2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 223 GiB total, 105.923 GiB free.

    D: is Removable

    E: is Removable

    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

    Description: HP Photosmart C7200

    Device ID: ROOT\IMAGE\0000

    Manufacturer: Hewlett-Packard

    Name: HP Photosmart C7200

    PNP Device ID: ROOT\IMAGE\0000

    Service: StillCam

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

    Description: Photosmart C7200 series

    Device ID: ROOT\MULTIFUNCTION\0000

    Manufacturer: HP

    Name: Photosmart C7200 series

    PNP Device ID: ROOT\MULTIFUNCTION\0000

    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

    Description: Officejet 7400 series

    Device ID: ROOT\MULTIFUNCTION\0001

    Manufacturer: HP

    Name: Officejet 7400 series

    PNP Device ID: ROOT\MULTIFUNCTION\0001

    Service:

    ==== System Restore Points ===================

    RP766: 7/23/2010 4:25:08 PM - Scheduled Checkpoint

    RP767: 7/24/2010 11:00:11 PM - Scheduled Checkpoint

    RP768: 7/25/2010 11:18:11 AM - Scheduled Checkpoint

    RP770: 7/25/2010 11:09:20 PM - Removed Napster

    RP771: 7/25/2010 11:09:46 PM - Removed Napster Burn Engine

    RP772: 7/26/2010 12:43:40 PM - Scheduled Checkpoint

    RP773: 7/27/2010 12:01:51 PM - Scheduled Checkpoint

    RP774: 7/28/2010 12:46:14 PM - Scheduled Checkpoint

    RP775: 7/28/2010 6:46:36 PM - Removed EndNote X3

    RP776: 7/28/2010 6:48:50 PM - Removed EndNote X Volume License Edition

    RP777: 7/28/2010 6:53:38 PM - Installed EndNote X3

    RP778: 8/1/2010 4:44:30 PM - Scheduled Checkpoint

    RP779: 8/3/2010 11:17:27 AM - Scheduled Checkpoint

    RP780: 8/4/2010 - Scheduled Checkpoint

    RP781: 8/4/2010 4:50:36 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    µTorrent

    2009FredV2Step2

    32 Bit HP CIO Components Installer

    Acrobat.com

    Activation Assistant for the 2007 Microsoft Office suites

    Adobe AIR

    Adobe Common File Installer

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Photoshop 7.0

    Adobe Photoshop Elements 6.0

    Adobe Premiere Elements 4.0

    Adobe Premiere Elements 4.0 Templates

    Adobe Reader 9.1.3

    AIO_Scan

    Apple Mobile Device Support

    Apple Software Update

    ArcSoft Magic-i Visual Effects

    ArcSoft Software Suite

    Bonjour

    BrOffice.org 3.0

    BufferChm

    C7200

    C7200_doccd

    c7200_Help

    Click to Disc

    Click to Disc Editor

    Compatibility Pack for the 2007 Office system

    Copy

    Corel Paint Shop Pro Photo X2

    Destination Component

    DeviceDiscovery

    DeviceManagementQFolder

    DocProc

    DocProcQFolder

    EndNote X3

    Fax

    FRED

    GearDrvs

    HDAUDIO SoftV92 Data Fax Modem with SmartCP

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

    HP Imaging Device Functions 9.0

    HP OCR Software 9.0

    HP Photosmart All-In-One Software 9.0

    HP Smart Web Printing

    HP Update

    Instant Mode

    Intel® Graphics Media Accelerator Driver

    iTunes

    Java 6 Update 17

    Java 6 Update 5

    Java 6 Update 7

    Java SE Runtime Environment 6

    Junk Mail filter update

    Microsoft .NET Framework 3.5 SP1

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Home and Student 2007

    Microsoft Office Live Add-in 1.3

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Search Enhancement Pack

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Works

    Mozilla Firefox (3.6.8)

    MSVCRT

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 4.0 SP2 (KB941833)

    MSXML 4.0 SP2 (KB954430)

    NetDeviceManager

    Norton 360

    OpenMG Limited Patch 4.7-07-15-19-01

    OpenMG Secure Module 4.7.00

    PanoStandAlone

    PHOTOfunSTUDIO -viewer-

    PS_AIO_02_ProductContext

    PS_AIO_02_Software

    PS_AIO_02_Software_min

    QuickTime

    Rayman Raving Rabbids

    RealPlayer

    Realtek High Definition Audio Driver

    RealUpgrade 1.0

    ResearchSoft Direct Export Helper

    Roxio Activation Module

    Roxio Easy Media Creator Home

    Scan

    Security Update for 2007 Microsoft Office System (KB969559)

    Security Update for 2007 Microsoft Office System (KB973704)

    Security Update for CAPICOM (KB931906)

    Security Update for Microsoft Office Excel 2007 (KB973593)

    Security Update for Microsoft Office PowerPoint 2007 (KB957789)

    Security Update for Microsoft Office system 2007 (972581)

    Security Update for Microsoft Office system 2007 (KB969613)

    Security Update for Microsoft Office system 2007 (KB974234)

    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

    Security Update for Microsoft Office Word 2007 (KB969604)

    Setting Utility Series

    Skype Toolbars

    Skype™ 4.2

    SonicStage Mastering Studio

    SonicStage Mastering Studio Audio Filter

    SonicStage Mastering Studio Audio Filter Custom Preset

    SonicStage Mastering Studio Plugins

    Sony Video Shared Library

    Status

    Synaptics Pointing Device Driver

    TOEFL Sample Questions

    Toolbox

    TrayApp

    UnloadSupport

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

    Usmleworld Sim Exam V2

    VAIO Camera Capture Utility

    VAIO Content Folder Setting

    VAIO Content Metadata Intelligent Analyzing Manager

    VAIO Content Metadata Manager Setting

    VAIO Content Metadata XML Interface Library

    VAIO Control Center

    VAIO DVD Menu Data Basic

    VAIO Entertainment Platform

    VAIO Event Service

    VAIO Help and Support

    VAIO Launcher

    VAIO Media

    VAIO Media 6.0

    VAIO Media AC3 Decoder 1.0

    VAIO Media Content Collection 6.0

    VAIO Media Integrated Server 6.1

    VAIO Media Redistribution 6.0

    VAIO Media Registration Tool

    VAIO Media Registration Tool 6.0

    VAIO Movie Story

    VAIO Movie Story Template Data

    VAIO MusicBox

    VAIO MusicBox Sample Music

    VAIO OOBE and Welcome Center

    VAIO Original Function Setting

    VAIO Power Management

    VAIO Update 3

    VAIO Wallpaper Contents

    WebReg

    WIDCOMM Bluetooth Software 6.1.0.2200

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Toolbar

    Windows Live Upload Tool

    Windows Live Writer

    WinDVD for VAIO

    Wireless Switch Setting Utility

    Xvid 1.1.3 final uninstall

    ==== Event Viewer Messages From Past Week ========

    8/4/2010 12:16:03 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    8/4/2010 12:15:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    8/4/2010 12:15:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    8/4/2010 11:36:38 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer SONYLAP2009 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A1CB272C-10B5-4441-893B-4188A2. The master browser is stopping or an election is being forced.

    8/2/2010 7:23:37 PM, Error: netbt [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.110. The computer with the IP address 192.168.1.107 did not allow the name to be claimed by this computer.

    8/1/2010 6:33:16 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document http://www.foodnetwork.com/..., owned by Dominique, failed to print on printer HP Officejet 7400 series. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 138484. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client computer: \\DOMI. Win32 error code returned by the print processor: 2250. This network connection does not exist.

    ==== End Of File ===========================

    Boas novidades? ;-)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Leia atentamente toda a instrução abaixo antes de executar o programa.

    Faça download do Kaspersky Removal Tool e salve em seu desktop.

    • Instale o programa normalmente, seguindo todas as instruções.
    • Uma pasta chamada Virus Removal Tool será criada no desktop.
    • Na tela do programa clique nas opções:
      • Meu computador
      • Hidden Startup objects
      • Disk boot sectors
      • System Memory

      [*]Clique no botão Start Scan.[*]Seja paciente, o scan é demorado![*]Conforme for scaneando provavelmente abrirá algumas janelas pequenas ao lado do relógio, não clique em nada.[*]Também há uma possibilidade de abrir uma janela maior contendo as seguintes opções:

      • Desinfection (quando possível)
      • Delete
      • Skip
    • Quando aparecer, marque primero a opção abaixo Apply to all objects e depois clique numa das opções acima.
    • Após completar tudo, clique no botão Reports, na janela que abrir nas opções acima deixe:
      • Autoscan
      • Group by result
      • All Events

      [*]Expanda Autoscan clicando no sinal ao lado de +[*]Expanda Result: Detected.[*]Clique com o botão direito do mouse e escolha Select all, e depois escolha Copy.[*]Atenção, ao fazer isso parece que o PC travou, mas não, aguarde uns minutos para liberar a memória.[*]Abra o Bloco de Notas e cole (ctrl + v) [*]Dê um nome para o arquivo e salve numa pasta de sua preferência.[*]Feche o resultado clicando no botão Exit.[*]Ao fazer isso será questionado se quer desinstalar a ferramenta, clique em Sim.[*]Reinicie o computador quando for pedido.[*]Poste o conteúdo desse arquivo em sua próxima resposta.

    OBSERVAÇÃO1:
    Atente para as janelas durante o scan elas possuem cores diferentes dependendo do risco. Portanto,
    • verde
      :
      baixo risco
    • amarelo
      :
      médio risco
    • vermelho
      :
      alto risco

    Antes de tomar qualquer medida verifique com cuidado o caminho/nome do arquivo para ver é de seu conhecimento, caso seja clique em
    Skip
    .

    OBSERVAÇÃO2:
    Se no resultado final do scan apenas tiver
    Result:
    OK
    , não precisa gerar um relatório, apenas informe deste.

    OBSERVAÇÃO3:
    Durante o scan pode ser que o Kaspersky acuse a seguinte pasta com vírus:
    c:\
    QooBox
    . Caso isto aconteça escolha a opção
    Skip
    , pois a mesma pertence ao
    ComboFix
    e será removida quando o mesmo for desinstalado.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue o resultado:

    Autoscan: completed 3 minutes ago (events: 412268, objects: 406375, time: 01:22:42)

    Result: OK (events: 404707)

    Result: Detected (events: 8)

    8/10/2010 2:18:46 PM C:\Documents and Settings\Dominique\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report18f0fef9\Report.cab/Nlsratr.dll.xor/PE-Crypt.XorPE

    8/10/2010 2:28:23 PM C:\Documents and Settings\Dominique\Local Settings\Microsoft\Windows\WER\ReportArchive\Report18f0fef9\Report.cab/Nlsratr.dll.xor/PE-Crypt.XorPE

    8/10/2010 2:58:32 PM C:\Qoobox\Quarantine\C\Windows\system32\znjep.dll.vir

    8/10/2010 2:58:32 PM C:\Qoobox\Quarantine\C\Windows\system32\Drivers\volmgrx.sys.vir

    8/10/2010 2:58:35 PM C:\Qoobox\Quarantine\C\Windows\system32\ernel32.dll.vir

    8/10/2010 3:01:42 PM C:\Users\Dominique\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report18f0fef9\Report.cab/Nlsratr.dll.xor/PE-Crypt.XorPE

    8/10/2010 3:06:12 PM C:\Users\Dominique\Local Settings\Microsoft\Windows\WER\ReportArchive\Report18f0fef9\Report.cab/Nlsratr.dll.xor/PE-Crypt.XorPE

    8/10/2010 3:22:11 PM C:\Windows\winsxs\x86_microsoft-windows-dynamicvolumemanager_31bf3856ad364e35_6.0.6002.18005_none_deee3b0e834aa238\volmgrx.sys

    Result: Archive (events: 6582)

    Result: Packed (events: 897)

    Result: Disinfected (events: 1)

    Result: Untreated (events: 6)

    Result: Deleted (events: 1)

    Result: Backed up (events: 2)

    Result: Not processed (events: 20)

    Result: Password protected (events: 41)

    Result: Disinfected (events: 1)

    Result: Task started (events: 1)

    Result: Task completed (events: 1)

    Foi desta vez. :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Log limpo :)

    >>>> Como está o computador?

    # Etapa nº 1 #

    Vamos desinstalar o ComboFix:

    Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

    Ou se preferir vá em,

    iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

    # Etapa nº 2 #

    Novamente com o OTL

    • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
    • Clique no botão 3979150508_cb492f5c9b_o.jpg
    • Aguarde...
    • Quando for pedido para reiniciar clique em OK.

    # Etapa nº 3 #

    O seu Java está desatualizado.

    Atenção: Desinstale TODAS as versões antigas do Java.

    • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
    • Acesse o site Java para Windows
    • Clique em 4531602912_e9606174d3_o.gif
    • Na janela que surgir clique em Executar;
    • Siga os procedimentos de instalação.

    # Etapa nº 4 #

    <<@>> Instale o CCleaner

    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


    • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    • Abra o programa e clique em Executar Limpeza;
    • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
      Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Depois de fazer tudo isto o programda da MS de tirar vírus achou este aqui:

    WinNT/Bubnix.gen!A

    Ele foi parcialmente deletado e seria totalmente após reiniciar. Como já fiz isto acredito que esteja livre agora. ;-)

    Alguma sugestão de anti-vírus free ou não? Venho usando o AVG desde que ele surgiu, mas agora estou preocupado se a versão free vale a pena.

    Mais uma vez MUITO obrigado pela ajuda, sem ela eu estava perdido!!! :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Rmpessoa

    Depois de fazer tudo isto o programda da MS de tirar vírus achou este aqui:

    WinNT/Bubnix.gen!A

    Teria como postar o relatório do scan do MS?
    Alguma sugestão de anti-vírus free ou não?
    Da uma lida aqui: http://www.av-comparatives.org/

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×