Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
La_Oliveira

Análise Log Hijackthis

Recommended Posts

SOCORRO!!!!! Isso é bizarro.

Bom, o caso é o seguinte: Estão aparecendo mensagens de um anti-vírus falso aqui no meu pc, chamado "RapidVirus". Do nada aparecem popups dizendo que o computador foi infectado por spyware, por trojan (sempre em inglês) e sempre dois botões "sim" e "não" para escolher se deseja escanear o computador com esse tal "RapidVirus". Além disso, periodicamente, quase de 5 em 5 minutos, a configuração do monitor fica gigante e, do nada, aparece uma tela tosca(daquela de erro) do windows cheia de códigos, em inglês, dizendo para reiniciar a máquina se for a 1ª vez q estiver vendo a mensagem, para passar um antivirus na maquina, coisas assim. Em seguida a essa tela, aparece a tela de inicialização do windows xp com a seguinte mensagem: "Unregistered copy of RapidVirus software found. Microsoft Security Center recommends you to activate your antivirus protection software." Detalhe: Eu tenho windows Vista aqui no micro. Daí, após essa tela, o computador volta do mesmo jeito que estava quando foi pra tela azul, com todos os programas abertos. Sem falar que, do nada, apareceram arquivos como "Gayfetishsex" no meu desktop.

Enfim, já falei a situação geral aqui. Vamos ao que interessa:

Sim, já passei antivirus : tenho o AVG 8.0 ele achou varias coisas e eu movi pra quarentena.

Sim, já passei antivirus pela internet, mas só foi possível eliminar um, dos 23 que ele achou.

Estou baixando um antispyware agora o "Spyware Terminator" e já vou passá-lo. Eu tinha o

Fiz um log do HijackThis e estou postando ele aqui abaixo. Por favor me ajudem!!!!!!

Logfile of HijackThis v1.99.1

Scan saved at 19:35:29, on 08/11/2008

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Windows\System32\loader.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\System32\msiconf.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\conime.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EX00.398\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Proteção para a Família\fssbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Proteção para a Família\fssui.exe" -autorun

O4 - HKLM\..\Run: [loader.exe] C:\Windows\System32\loader.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [msiexec.exe] msiconf.exe

O4 - HKCU\..\Run: [loader.exe] C:\Windows\System32\loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldpt-br.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_c6f2043d\STacSV.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só complementando, ai está o relatório do Spyware Terminator:

Logfile of Spyware Terminator v2.3.0.507 (db:2.011.007.000)

Scan Time: 08/11/2008 20:20:00 length: 538 s

Platform: VISTA (6.0.0.6001)

User: Admin

Boot Mode: Normal

Scan type: Fast_Spyware_Scan

Scanned Objects: 41349 (Critical:2)

Filter: No System items, No Safe items, No Invalid items

Running Processes

SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe

aawservice.exe [Lavasoft] : C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

NBHGui.exe [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

InCD.exe [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\InCD.exe

igfxpers.exe [intel Corporation] : C:\Windows\system32\igfxpers.exe

hpwuSchd2.exe [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

sttray.exe [iDT, Inc.] : C:\Program Files\IDT\WDM\sttray.exe

avgtray.exe [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgtray.exe

SearchProtection.exe [Yahoo! Inc.] : C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

loader.exe [Microsoft Corporation] : C:\Windows\system32\loader.exe

igfxsrvc.exe [intel Corporation] : C:\Windows\system32\igfxsrvc.exe

msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe

avgwdsvc.exe [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgwdsvc.exe

fsssvc.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Proteção para a Família\fsssvc.exe

sidebar.exe [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sidebar.exe

msiconf.exe : C:\Windows\system32\msiconf.exe

hpqtra08.exe [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

InCDsrv.exe [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

PnkBstrA.exe : C:\Windows\system32\PnkBstrA.exe

RichVideo.exe : C:\Program Files\CyberLink\Shared Files\RichVideo.exe

stacsv.exe [iDT, Inc.] : C:\Windows\system32\DriverStore\FileRepository\stwrt.inf_c6f2043d\stacsv.exe

iexplore.exe [Microsoft Corporation] : C:\Program Files\Internet Explorer\iexplore.exe

avgrsx.exe [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgrsx.exe

avgemc.exe [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgemc.exe

conime.exe [Microsoft Corporation] : C:\Windows\system32\conime.exe

Ymsgr_tray.exe [Yahoo! Inc.] : C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe

WLLoginProxy.exe [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe

iexplore.exe [Microsoft Corporation] : C:\Program Files\Internet Explorer\iexplore.exe

infocard.exe [Microsoft Corporation] : C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

Internet Settings

R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.google.com/ie

R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://br.yahoo.com

R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =

R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO

02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

02 - BHO: Windows Live OneCare Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - [Microsoft Corporation] : C:\Program Files\Windows Live\Proteção para a Família\fssbho.dll

02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - [Google Inc.] : C:\Program Files\google\googletoolbar2.dll

02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll

02 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - [Yahoo! Inc] : C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

Toolbars

03 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - [Google Inc.] : C:\Program Files\google\googletoolbar2.dll

03 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

03 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - [Microsoft Corporation] : C:\Program Files\Windows Live Toolbar\msntb.dll

StartUps

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MsnMsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Sidebar : [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sidebar.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, YSearchProtection : [Yahoo! Inc.] : C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Messenger (Yahoo!) : [Yahoo! Inc.] : C:\Program Files\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msiexec.exe : : C:\Windows\system32\msiconf.exe

04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, loader.exe : [Microsoft Corporation] : C:\Windows\system32\loader.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, LanguageShortcut : : C:\Program Files\CYBERLINK\POWERDVD\LANGUAGE\LANGUAGE.EXE

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SecurDisc : [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, InCD : [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\InCD.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Persistence : [intel Corporation] : C:\Windows\system32\igfxpers.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HP Software Update : [Hewlett-Packard Co.] : C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SysTrayApp : [iDT, Inc.] : C:\Program Files\IDT\WDM\sttray.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVG8_TRAY : [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgtray.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, YSearchProtection : [Yahoo! Inc.] : C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, fssui : [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PROTEçãO PARA A FAMíLIA\FSSUI.EXE

04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, loader.exe : [Microsoft Corporation] : C:\Windows\system32\loader.exe

04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [AVG Technologies CZ, s.r.o.] : C:\Windows\system32\avgrsstx.dll

04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\Windows\system32\lsdelete.exe

04 - Startup: %STARTUPALL%\HP Digital Imaging Monitor.lnk [Hewlett-Packard Co.] : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Shell Extensions

CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\Windows\MSAgent\agentpsh.dll

CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll

Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll

&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll

- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll

Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\RUNDLL32.EXE

Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll

PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll

Windows Defender IOfficeAntiVirus implementation - {2781761E-28E0-4109-99FE-B9D127C57AFE} - [Microsoft Corporation] : C:\Program Files\Windows Defender\MpOav.dll

Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll

Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll

InCDShellExt Class - {CAE3251E-9B15-4810-B268-852AD9792A59} - [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\incdshx.dll

NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

InCDUdfPerm Class - {B3D9AEDE-B2C3-406d-A254-6BE07767B08B} - [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\InCDUP.dll

WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll

Pastas da Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\Web Folders\MSONSEXT.DLL

Minhas Pastas de Compartilhamento - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll

AVG8 Shell Extension Class - {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} - [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgse.dll

CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

Windows Live Photo Gallery Import Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

Protocol Handler

XPLPPFilter Class - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgpp.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll

- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

Data Page Pluggable Protocol mso-offdap Handler - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL

Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services

23 - [Lavasoft] : C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

23 - [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgemc.exe

23 - [AVG Technologies CZ, s.r.o.] : C:\Program Files\AVG\AVG8\avgwdsvc.exe

23 - [AVG Technologies CZ, s.r.o.] : C:\Windows\system32\Drivers\avgldx86.sys

23 - [AVG Technologies CZ, s.r.o.] : C:\Windows\system32\Drivers\avgmfx86.sys

23 - [AVG Technologies CZ, s.r.o.] : C:\Windows\system32\Drivers\avgwfpx.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\bowser.sys

23 - [Microsoft Corporation] : C:\Windows\system32\Drivers\dfsc.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\flpydisk.sys

23 - [Microsoft Corporation] : C:\Program Files\Windows Live\Proteção para a Família\fsssvc.exe

23 - [Microsoft Corporation] : C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23 - [intel Corporation] : C:\Windows\system32\DRIVERS\igdkmd32.sys

23 - [Nero AG] : C:\Windows\system32\drivers\InCDFs.sys

23 - [Nero AG] : C:\Windows\system32\drivers\InCDPass.sys

23 - [Nero AG] : C:\Windows\system32\drivers\InCDRm.sys

23 - [Nero AG] : C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\msiscsi.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mrxsmb10.sys

23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys

23 - [Panda Security, S.L.] : C:\Windows\system32\drivers\pavboot.sys

23 - : C:\Windows\system32\PnkBstrA.exe

23 - [Microsoft Corporation] : C:\Windows\system32\drivers\rdpencdd.sys

23 - : C:\Program Files\CyberLink\Shared Files\RichVideo.exe

23 - [Realtek Semiconductor Corporation] : C:\Windows\system32\DRIVERS\Rtnicxp.sys

23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe

23 - [iDT, Inc.] : C:\Windows\system32\DriverStore\FileRepository\stwrt.inf_c6f2043d\stacsv.exe

23 - [iDT, Inc.] : C:\Windows\system32\DRIVERS\stwrt.sys

Winlogon Notify

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName : [intel Corporation] : C:\Windows\system32\igfxdev.dll

IE URL Search Hooks

Barra de Ferramentas do Yahoo! - {{EF99BD32-C1FB-11D2-892F-0090271D4F88}} - [Yahoo! Inc.] : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

Advanced Files Report

%SYSDIR%\SLsvc.exe [Microsoft Corporation] [sistema Operacional Microsoft® Windows®] MD5=0BA91E1358AD25236863039BB2609A2E SIZE=2623488

%PROGRAMFILES%\Lavasoft\Ad-Aware\aawservice.exe [Lavasoft] [Ad-Aware Service] MD5=17067069B9A7865028C1F2E6971D0CCC SIZE=611664

%PROGRAMFILES%\Lavasoft\Ad-Aware\CEAPI.dll [Lavasoft] [CEAPI Dynamic Link Library] MD5=4E0BC5EA2FAF42E7702F80BC69EF7EAB SIZE=804200

%PROGRAMFILES%\Lavasoft\Ad-Aware\PKArchive85u.dll [PKWARE, Inc.] [PKWARE Archive API] MD5=46374252AFA0A37F4F7AF528F6F16B96 SIZE=907096

%SYSDIR%\igfxpph.dll [intel Corporation] [intel® Common User Interface] MD5=B8AE7F8ED128063437F2EF3F1742C887 SIZE=204800

%SYSDIR%\hccutils.DLL [intel Corporation] [intel® Common User Interface] MD5=86F047B6AE9C3C7ADE3140B657F00D5A SIZE=102400

%SYSDIR%\igfxres.dll [intel Corporation] [intel® Common User Interface] MD5=7C2B1E496AC62357A6E287E27A924984 SIZE=180224

%SYSDIR%\igfxress.dll [intel Corporation] [intel® Common User Interface] MD5=8E1E9E626BE68083E860E91B6DDAEF34 SIZE=3293184

%SYSDIR%\igfxsrvc.dll [intel Corporation] [intel® Common User Interface] MD5=C6C8DB2C5BE7665768DBE2D50EA13A65 SIZE=48128

%PROGRAMFILES%\CyberLink\PowerDVD\CLRCEngine3.dll [CyberLink Corp.] [Cyberlink PowerCinema] MD5=D7FC7B3BDAE8C0202961A4DF17B0F293 SIZE=69632

%PROGRAMFILES%\Nero\Nero 7\InCD\NBHStr.dll [Nero AG] [Nero SecurDisc client] MD5=69300E589F5A369CBFA1F88441F7F783 SIZE=552496

%PROGRAMFILES%\Nero\Nero 7\InCD\NBHApi.dll [Nero AG] [Nero SecurDisc client] MD5=0B8D1AD7133DA4549F1F38BB93DCF3EC SIZE=83504

%PROGRAMFILES%\Nero\Nero 7\InCD\InCDgui.dll [Nero AG] [Nero AG InCD] MD5=975339D1888C1C759DF0DD6A7AF8FA1B SIZE=2295856

%COMMONFILES%\Ahead\Lib\AdvrCntr2.dll [Nero AG] [AdvrCntr Module] MD5=955F8AEDF2B5335A8D98A53E3CCD2ACE SIZE=3069488

%COMMONFILES%\Ahead\Lib\ShellManager.dll [Nero AG] [shellManager.dll] MD5=554BCD354338D0DF1FECAB737962C42F SIZE=988720

%PROGRAMFILES%\Nero\Nero 7\InCD\InCDAPI2.dll [Nero AG] [Nero AG InCDapi2] MD5=A037843D88AD724DD0C3EF7FC5288329 SIZE=1488432

%SYSDIR%\igfxTMM.dll [intel Corporation] [intel® Common User Interface] MD5=66397A699206CF9A5F9C66A79B978125 SIZE=241664

%SYSDIR%\hpz3l4v2.dll [Hewlett-Packard Company] [Language Monitor] MD5=953D495FABF4574A97AC6644A2A427BC SIZE=117760

%SYSDIR%\spool\PRTPROCS\W32X86\hpzpp4v2.dll [Hewlett-Packard Corporation] [HP Print Processor] MD5=1B557A1718B7AF07FC35F0D29530089C SIZE=273920

%PROGRAMFILES%\IDT\WDM\STLang.dll [iDT, Inc.] [iDT Audio] MD5=C668C359EBF62C52E4BBB6622AE118BE SIZE=2129920

%SYSDIR%\stapi32.dll [iDT, Inc.] [iDT Audio] MD5=3F5F90B6E637AC431FE23FB462C5C74D SIZE=391680

%PROGRAMFILES%\AVG\AVG8\avglogx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=B1B76B1EB05C900E7BF3F9C9537A1AA2 SIZE=161048

%PROGRAMFILES%\AVG\AVG8\avgcfgx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=EF3C4B17F48C2CFEAA656C67B4B0299F SIZE=557336

%PROGRAMFILES%\AVG\AVG8\avglngx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=B0F827B1CDF4B75C494B4086E15DEF51 SIZE=153368

%PROGRAMFILES%\AVG\AVG8\AVGUIRES.DLL [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=A03ADC38419D2AF1DD21C0E97045D276 SIZE=1948440

%PROGRAMFILES%\AVG\AVG8\avgsrmx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=69C4C000181FB2DDADA78D19CC8582FB SIZE=358168

%PROGRAMFILES%\AVG\AVG8\avgvvx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=A9EF8813AE4B65AB6A2DA628388D702D SIZE=309016

%PROGRAMFILES%\Yahoo!\Search Protection\fdload.dll [Yahoo! Inc.] [fdLoad Dynamic Link Library] MD5=7085D33AC832EE1D2F9F9F41A2974733 SIZE=385264

%SYSDIR%\igfxsrvc.exe [intel Corporation] [intel® Common User Interface] MD5=8BEB7107A0CE4BB1C4F7294C377DF3E9 SIZE=256536

%SYSDIR%\igfxdev.dll [intel Corporation] [intel® Common User Interface] MD5=F3870C2935A3B36117EAB30FE389461A SIZE=200704

%PROGRAMFILES%\AVG\AVG8\avgwdsvc.exe [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=9B40D378D4E521464212E878BE8216A4 SIZE=231704

%PROGRAMFILES%\AVG\AVG8\avgwd.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=DA705898F1AE91C40BC86820CF818D6B SIZE=840984

%PROGRAMFILES%\AVG\AVG8\avgsched.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=1C0555F8791D939049D592B1665570AB SIZE=330520

%PROGRAMFILES%\AVG\AVG8\avgwdwsc.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=9B41D18E917A2ACC0A0F9602E4FB9D18 SIZE=223512

%PROGRAMFILES%\Google\GoogleToolbarNotifier\1.2.1128.5462\res_en.dll [Google Inc.] [GoogleToolbarNotifier] MD5=19079359E311CCF5565D067FFE1C9212 SIZE=47104

%PROGRAMFILES%\Windows Live\Proteção para a Família\fsssvc.exe [Microsoft Corporation] [Windows Live™ OneCare™ Family Safety] MD5=04034887E76799D0A4BAAA50344B3DE7 SIZE=523816

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=1BA45CDEF852381DA4A95D056DDB4B48 SIZE=210520

%PROGRAMFILES%\HP\Digital Imaging\bin\hpquio08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=354D0D3FA5CD831509CE97DAFF2174D5 SIZE=151552

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqtra08.rsc [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=8689D0D11B8C3484A44705846F396F7D SIZE=47104

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqtao08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=B768327A1B2F192CAA67267A89AF3A31 SIZE=98304

%PROGRAMFILES%\HP\Digital Imaging\bin\hpotra08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=472D66BB5D6DD9720B3FE85F7AC20202 SIZE=274432

%PROGRAMFILES%\HP\Digital Imaging\bin\hpotra08.rsc [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=75A226660058D721DEB76CBA9FCBD599 SIZE=12800

%PROGRAMFILES%\HP\Digital Imaging\bin\hpotradd.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=D99A1ACF8918677F333B356C6393BC2E SIZE=77824

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqrif08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=FE181F58353FBE4D6D96276CE523D2CB SIZE=290816

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqmif08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=0E983BC4924CBE36E56D53ECE0E29CA8 SIZE=299008

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqddusr.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=03BE14F5169B8B0665267B325EF454C9 SIZE=61440

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqddcmn.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=4F1EA8710CEF4CF052C81A960A4A15E5 SIZE=184320

%PROGRAMFILES%\HP\Digital Imaging\bin\hpqusg.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=E2B8F1EF9A74A83157427225873F5331 SIZE=401408

%PROGRAMFILES%\hp\digital imaging\bin\hpqddsvc.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=2E7BEE4AA776CF1C37836B26D1D29403 SIZE=131072

%PROGRAMFILES%\hp\digital imaging\bin\hpqcxs08.dll [Hewlett-Packard Co.] [hp digital imaging - hp all-in-one series] MD5=682358F730B84B63E09C6B4EDC1DE7AE SIZE=225280

%PROGRAMFILES%\Nero\Nero 7\InCD\InCDsrv.exe [Nero AG] [Nero AG incdsrv] MD5=C773D093D5C18765E71C7992AEE051A2 SIZE=1550896

%COMMONFILES%\Ahead\Lib\DriveLocker.dll [Nero AG] [Nero AG DriveLocker] MD5=7C44ADC4D855FCF1968F4D5AAA7826EE SIZE=169520

%PROGRAMFILES%\Nero\Nero 7\InCD\incdshx.dll [Nero AG] [Nero AG InCD] MD5=770ABAAE7106A9B8D12FC69B0C7CEB2D SIZE=96816

%SYSDIR%\hpzinw12.dll [Hewlett-Packard] [bidi User Mode] MD5=51C6D8BFBD4EA5B62A1BA7F4469250D3 SIZE=43520

%SYSDIR%\hpzipm12.dll [Hewlett-Packard] [bidi User Mode] MD5=79834AA2FBF9FE81EEBB229024F6F7FC SIZE=53248

%SYSDIR%\PnkBstrA.exe MD5=A9D6B1E7EF097C7F3B5DC4F56C0E7386 SIZE=66872

%PROGRAMFILES%\CyberLink\Shared Files\RichVideo.exe [RichVideo Module] MD5=BD517C7FB119997EFFBE39D5E4B37B05 SIZE=167936

%SYSDIR%\DriverStore\FileRepository\stwrt.inf_c6f2043d\stacsv.exe [iDT, Inc.] [iDT Audio] MD5=7F0F7EAE6B3234840D08664D5500A864 SIZE=212992

%PROGRAMFILES%\Internet Explorer\iexplore.exe [Microsoft Corporation] [Windows® Internet Explorer] MD5=5B92133D3E7FB2644677686305E29E81 SIZE=625664

%PROGRAMFILES%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Inc.] [Yahoo! Toolbar] MD5=6A2E0E49A4F2A9DF3E6293E37E7486BD SIZE=882416

%PROGRAMFILES%\AVG\AVG8\avgxpl.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=46E496E55B46296A2424711FB866BD13 SIZE=308504

%PROGRAMFILES%\AVG\AVG8\avgapix.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=1EC5E75A99CF4BD64DA2C12B38B13037 SIZE=550168

%PROGRAMFILES%\AVG\AVG8\avgscanx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=BCF1CEDC91F5D694F8274782C26FC62C SIZE=294168

%PROGRAMFILES%\AVG\AVG8\avgcorex.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=2B92EE81D2566A27D9F4237744378FE9 SIZE=1352984

%PROGRAMFILES%\AVG\AVG8\avgcrlpx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=97A5373C9534FDA276986EA9FF027BE2 SIZE=67352

%PROGRAMFILES%\AVG\AVG8\avgmvflx.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=D7DC98FF8B0C3F777F83603C538E6295 SIZE=281880

%PROGRAMFILES%\google\googletoolbar2.dll [Google Inc.] [Google Toolbar for IE] MD5=6319F2D4708DBCAE37CFA03DA10782C0 SIZE=2403392

%SYSDIR%\xrwcscd.dll [Xerox Corporation] [WorkCentre/Pro] MD5=0DE9ACF3287002C3D982CA80BE2289A5 SIZE=96768

%SYSDIR%\xrwc4ppb.dll [Xerox] [Xerox WorkCentre/Pro] MD5=28804418C0109F94CC700050678CA437 SIZE=83456

%PROGRAMFILES%\AVG\AVG8\avgrsx.exe [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=BA1CE056CE1466CA28CE118585EA86C4 SIZE=287000

%PROGRAMFILES%\AVG\AVG8\avgemc.exe [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=EC5B6AFF1A0BD1480B3B40CE78FAA527 SIZE=875288

%PROGRAMFILES%\AVG\AVG8\libsasl.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=9D50FB52A2770AF7EB99458BFBE4C49E SIZE=53528

%PROGRAMFILES%\AVG\AVG8\saslcrammd5.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=6BAA6A0F08955544332E5EC5344BA601 SIZE=18200

%PROGRAMFILES%\AVG\AVG8\sasldigestmd5.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=5E0975E031FB32F104C4668E3EE3B4CA SIZE=36632

%PROGRAMFILES%\AVG\AVG8\sasllogin.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=9E39A00DBAE9632C48C5ACC04744A201 SIZE=16664

%PROGRAMFILES%\AVG\AVG8\saslplain.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=00976F7EFE6DDD338506F40C15F936D1 SIZE=16664

%SYSDIR%\conime.exe [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F96EBC5A624349D81DCC7600A3C5DC43 SIZE=69120

%PROGRAMFILES%\Yahoo!\Messenger\Ymsgr_tray.exe [Yahoo! Inc.] [Yahoo! Messenger] MD5=FEADF0273707238A9C4112F2C4CFCAF6 SIZE=79088

%PROGRAMFILES%\Yahoo!\Messenger\yui.dll [yui Dynamic Link Library] MD5=20E219ACE467C00896DEB193956800D5 SIZE=921600

%PROGRAMFILES%\Yahoo!\Messenger\res_msgr.dll [Yahoo! Brasil] [Yahoo! Messenger] MD5=2365935263D0DB98202E4E0E46111F36 SIZE=1359872

%COMMONFILES%\microsoft shared\Windows Live\WLLoginProxy.exe [Microsoft Corporation] [Microsoft® Windows Live Login Helper] MD5=7FA0AA2F3DABA5BEB2C4AC1EEC054EFA SIZE=118336

%SYSDIR%\Macromed\Flash\Flash9f.ocx [Adobe Systems, Inc.] [shockwave Flash] MD5=48FDF435B8595604E54125B321924510 SIZE=2991488

%SYSDIR%\igdumd32.dll [intel Corporation] [intel Graphics Accelerator Drivers for Windows Vista®] MD5=C9FC759D903B3ED249ACEC90678FB015 SIZE=2580480

%PROGRAMFILES%\AVG\AVG8\avgpp.dll [AVG Technologies CZ, s.r.o.] [AVG Internet Security] MD5=5E0B47F3AE5D516F3A185ED62FF437D9 SIZE=79128

%COMMONFILES%\Adobe\Acrobat\ActiveX\AcroPDF.PTB [Adobe Systems, Inc.] [Adobe PDF Browser Control] MD5=59D9DE428A9B65BFD1E14FF066033083 SIZE=319488

%SYSDIR%\rmoc3260.dll [RealNetworks, Inc.] [Real Player ActiveX Control] MD5=FC930F0D35CC25CE3FABCF8666A99E41 SIZE=185944

%WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [Microsoft Corporation] [Microsoft® .NET Framework] MD5=E7CC3AEAED9893A88876744CD439F76C SIZE=864256

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\AcroRd32.dll [Adobe Systems Incorporated] [Adobe Reader] MD5=E0F3EB94943FAF9EECFCEC29F3E51147 SIZE=13215088

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\AGM.dll [Adobe Systems Incorporated] [AGM] MD5=50206267E4701629C8387480B3A2EEF4 SIZE=4905984

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\CoolType.dll [Adobe Systems Incorporated] [CoolType] MD5=FECC04A2AA659868A3E47E6A06237DD1 SIZE=2281472

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\BIB.dll [Adobe Systems Incorporated] [bIB] MD5=329701BA5C5FE54619F38CB88D92702E SIZE=98816

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\ACE.dll [Adobe Systems Incorporated] [ACE] MD5=980918B5A4E21CD3D9313A9FE8DCC697 SIZE=674816

%PROGRAMFILES%\adobe\reader 8.0\reader\rdlang32.ptb [Adobe Systems Incorporated] [Adobe Reader] MD5=36CACA899566A62BDA73A6CD1175A29A SIZE=3047424

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=DE6BA794D7576F7A74B2A7DAABA44A76 SIZE=355427

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.api [Adobe Systems Incorporated] [Adobe Acrobat Forms] MD5=6858FB13B178A6B35E39D572DBBA20C2 SIZE=8657507

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Annots.api [Adobe Systems Incorporated] [Adobe Acrobat Annot] MD5=72964515EB477635998EA6E8A8597C8A SIZE=4124771

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Checkers.api [Adobe Systems Incorporated] [Adobe Acrobat Checkers] MD5=F7B8F55F895843D95806572BA7496829 SIZE=838755

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\DigSig.api [Adobe Systems Incorporated] [Adobe Acrobat Digital Signature Plug-in] MD5=36207723377CB723BE87AD5CF11A0725 SIZE=1149027

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\DVA.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=72BBA7F1DCC6245ACB76129D415E586B SIZE=125027

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\eBook.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=F2BD71EA4AE39E17E4017FD698EFF215 SIZE=51299

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\EScript.api [Adobe Systems Incorporated] [Adobe Acrobat Escript] MD5=80249DF188B3A163E1F57F28CDFECB64 SIZE=1415779

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\EWH32.api [Adobe Systems Incorporated] [Adobe Acrobat Browser] MD5=2BDDEA6D726884114CFF4739AD233A98 SIZE=125027

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\HLS.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=687D690E3DE9E5ACED9B9FE4CF93921E SIZE=51299

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\IA32.api [Adobe Systems Incorporated] [Adobe Acrobat Internet Access] MD5=04675C20BD7BF9583B27E30FC9CF647F SIZE=84067

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.API [Adobe Systems Inc.] [Adobe SVG Viewer] MD5=A465055E14342E731B6DD3CFB5053209 SIZE=467555

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.api [Adobe Systems Incorporated] [Adobe Acrobat Make Acccessible] MD5=DD7E7127B113B87B1292B6F23E828B2A SIZE=2034787

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=B3273812A48F83B17CA9546D1D2C2B6C SIZE=1347171

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\PDDom.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=B0F474F0066E0A6CBFA5F4DF8D80C36D SIZE=397411

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=9B885357341FF3E122F2A3D7B4F84CBC SIZE=5770339

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=C7E5299880162564376295D29E35ADF9 SIZE=106595

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\reflow.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=9833D199C0CF3188E036E1BAC248F9C9 SIZE=363107

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=6577E44F9A14BECAA41971C37BABA877 SIZE=300643

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Search.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=E0D5959BA8BE56DC14BDAA4C0266E149 SIZE=352867

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\SendMail.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=B56E5AA0A423110DA690A8095FDF3505 SIZE=124515

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Spelling.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=CDAD19861861DDBA0C97763C754B134B SIZE=268387

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Updater.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=4497BE951C0B596211CEAE1E9EBDAAEB SIZE=165475

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\weblink.api [Adobe Systems Incorporated] [Adobe Acrobat] MD5=DB05B883E2AD7DD3C59F9ED9377B9CEA SIZE=182883

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Spelling.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=43569C93D08A1AB4775F5E93E7A6A221 SIZE=36864

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=242792ED7E9D0AF3EC38AE952903D588 SIZE=954368

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=6017364EC8E41EF7F3CF22314D40C6F6 SIZE=77824

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.PTB [Adobe Systems Incorporated] [Adobe Acrobat Forms] MD5=78D48F3B21D40864DF736DB096D445F9 SIZE=802816

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Annots.PTB [Adobe Systems Incorporated] [Adobe Acrobat Annot] MD5=470D281C2BB45EB6D2C7D932FF46F2BF SIZE=1208320

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Checkers.PTB [Adobe Systems Incorporated] [Adobe Acrobat Checkers] MD5=625F8930C1C9BE759246ADE5F93DA3FB SIZE=188416

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\DigSig.PTB [Adobe Systems Incorporated] [Adobe Acrobat Digital Signature Plug-in] MD5=099EE52B5FA66A50F3E4D710F0958918 SIZE=212992

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\eBook.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=5B2A17FC66DFF068C399413EFA6CC2DA SIZE=28672

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\EScript.PTB [Adobe Systems Incorporated] [Adobe Acrobat Escript] MD5=AC369C9D62643C5D632CD671D06EAF7B SIZE=98304

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\EWH32.PTB [Adobe Systems Incorporated] [Adobe Acrobat Browser] MD5=93C1EC255BBBADD9A900960AFD3DBE09 SIZE=6144

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\HLS.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=75524BAF332BBA070EE1637A25D7B309 SIZE=13312

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.PTB [Adobe Systems Incorporated] [Adobe Acrobat Make Acccessible] MD5=90875ED1A69D265FE986C0B38995AF31 SIZE=81920

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=FB96FAB13D563201F561CCC76343F2AE SIZE=159744

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\PDDom.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=19C21565BF4684944992D3B6049BF948 SIZE=11264

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=27FDBC7AF6247E624098D334D27070CB SIZE=13312

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\reflow.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=8678CA3257987F52C810A89556DAF8A9 SIZE=8192

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=1C396FFCF040C1B1054CFB65FB9A4BD8 SIZE=20480

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Search.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=E010F0599D4A9A57C9418B600699F872 SIZE=53248

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\SendMail.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=BA532E8CD3E46A18C23D4ED60B8E433B SIZE=32768

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\Updater.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=423FDA24F53382C27DA0EF4437D4F252 SIZE=5120

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\plug_ins\weblink.PTB [Adobe Systems Incorporated] [Adobe Acrobat] MD5=A6DE0DEDE3975AD318D714745BF36238 SIZE=49152

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\AdobeLinguistic.dll [Adobe Systems Incorporated] [Adobe Linguisitc Library] MD5=1054BF0EF8E4B1C2F6B98D938F5CEF22 SIZE=466944

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\cryptocme2.dll MD5=4907FDADC0F7746EB0F365ECB03E2EF5 SIZE=397312

%PROGRAMFILES%\Adobe\Reader 8.0\Reader\ccme_base.dll MD5=9C1C58F41EB7509286883D7010599925 SIZE=475136

sm56hlpr.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Muito obrigada pela ajuda. Já consegui resolver sozinha. Não sei se é paliativo ou não, mas fucei em tudo aqui e consegui parar esse erro. Se eu fosse esperar a resposta aqui do fórum talvez nem mais computador eu tivesse aqui pra contar história.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se você tivesse lido as regras do fórum de Remoção de Malwares teria tido ajuda a um bom tempo já.

http://forum.clubedohardware.com.br/nao-responda-seu/386252

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×