Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Curumo

Analise de Log - PC desligando

Posts recomendados

Bom o problema é q meu pc ta desligando do nada as vezes

normalmente quando to jogando mas ja aconceu 1x sem q eu estiesse fazendo nada

é a 1ª vez q eu uso o forum para esse tipo de ajuda então se tiver algo errado so fala q eu faço de novo

e outra coisa eu não consegui rodar o gmer porque diz q não consegue encontrar dbgeng.dll e por isso não consegui rodar esse prog e pegar esse log

opa editando aqui pra avisar q ja tinha passado o Avg o Spyboot e o Ad-Aware e ele achou infecções sempre mas foram retirados, mesmo assim o problema persiste

edit2-Eu andei pesquisando e estou a suspeitar não seja e q seja a fonte... como eu vejo se é isso?

bom o log fica ai por precaução

log DDS:

DDS (Ver_09-10-26.01) - NTFSx86

Run by Administrador at 18:35:27,98 on s*b 14/11/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.266 [GMT -2:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: avast! antivirus 4.8.1351 [VPS 091023-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\ARQUIV~1\AVG\AVG8\avgam.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgnsx.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\AVG\AVG8\avgcsrvx.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 114.127.246.36:8080

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg8\avgssie.dll

BHO: Softonic English TC Toolbar: {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - c:\arquivos de programas\softonic_english_tc\tbSof1.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Softonic English TC Toolbar: {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - c:\arquivos de programas\softonic_english_tc\tbSof1.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\arquivos de programas\avg\avg8\toolbar\IEToolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [symantec PIF AlertEng] "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [msnsyslog] c:\windows\msnlogm.exe

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [uSB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [zBrowser Launcher] c:\arquivos de programas\logitech\itouch\iTouch.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NodEnabler] c:\arquivos de programas\eset\nodenabler\NodEnabler.exe /s

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [nwiz] c:\arquivos de programas\nvidia corporation\nview\nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - c:\arquivos de programas\broffice.org 3\program\quickstart.exe

StartupFolder: c:\documents and settings\administrador\menu iniciar\programas\inicializar\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE

uPolicies-explorer: NoSMHelp = 1 (0x1)

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\arquivos de programas\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: awtsQKeB - awtsQKeB.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\arquivos de programas\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\arquivos de programas\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\arquivos de programas\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\arquivos de programas\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-4 12552]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-13 114768]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-4 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-4 108552]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-13 20560]

R2 avg8emc;AVG8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2009-9-4 908056]

R2 avg8wd;AVG8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2009-9-4 297752]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-18 14156]

S2 gupdate1ca4c69a56968ca;Google Update Service (gupdate1ca4c69a56968ca);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-10-13 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-13 25832]

=============== Created Last 30 ================

2009-11-14 20:27:42 2048 ----a-w- C:\Backup.bkf

2009-11-13 02:40:30 0 d-----w- c:\docume~1\alluse~1\dadosd~1\BioWare

2009-11-13 02:23:49 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP

2009-11-13 01:37:31 0 d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 01:37:29 0 d-----w- c:\arquivos de programas\arquivos comuns\BioWare

2009-10-26 21:04:05 0 d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45:54 0 d-----w- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2009-10-26 15:04:54 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2009-10-26 15:04:54 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2009-10-26 15:04:51 0 d-----w- c:\arquivos de programas\Cheat Engine

==================== Find3M ====================

2009-10-28 02:29:58 97946 ----a-w- c:\windows\system32\perfc016.dat

2009-10-28 02:29:58 508224 ----a-w- c:\windows\system32\perfh016.dat

2009-10-13 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-05 00:48:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-09-04 21:04:39 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 02:03:19 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-08-29 07:57:54 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01:18 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-08-18 02:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL

2009-08-17 06:04:24 2173472 ----a-w- c:\windows\system32\nvcplui.exe

2009-08-17 06:04:08 81920 ----a-w- c:\windows\system32\nvwddi.dll

2009-08-17 06:03:44 3170304 ----a-w- c:\windows\system32\nvwss.dll

2009-08-17 06:03:38 4026368 ----a-w- c:\windows\system32\nvvitvs.dll

2009-08-17 06:03:28 188416 ----a-w- c:\windows\system32\nvmccss.dll

2009-08-17 06:03:28 1286144 ----a-w- c:\windows\system32\nvmobls.dll

2009-08-17 06:03:22 3547136 ----a-w- c:\windows\system32\nvgames.dll

2009-08-17 06:03:02 4923392 ----a-w- c:\windows\system32\nvdisps.dll

2009-08-17 06:03:00 86016 ----a-w- c:\windows\system32\nvmctray.dll

2009-08-17 06:03:00 168004 ----a-w- c:\windows\system32\nvsvc32.exe

2009-08-17 06:03:00 143360 ----a-w- c:\windows\system32\nvcolor.exe

2009-08-17 06:03:00 13877248 ----a-w- c:\windows\system32\nvcpl.dll

2009-08-17 06:02:52 229376 ----a-w- c:\windows\system32\nvmccs.dll

2009-08-17 03:57:00 868352 ----a-w- c:\windows\system32\nvapi.dll

2009-08-17 03:57:00 5845760 ----a-w- c:\windows\system32\nv4_disp.dll

2009-08-17 03:57:00 485920 -c--a-w- c:\windows\system32\nvudisp.exe

2009-08-17 03:57:00 2189856 ----a-w- c:\windows\system32\nvcuvid.dll

2009-08-17 03:57:00 2002944 ----a-w- c:\windows\system32\nvcuda.dll

2009-08-17 03:57:00 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll

2009-08-17 03:57:00 1597690 ----a-w- c:\windows\system32\nvdata.bin

2009-08-17 03:57:00 155648 ----a-w- c:\windows\system32\nvcodins.dll

2009-08-17 03:57:00 155648 ----a-w- c:\windows\system32\nvcod.dll

2009-08-17 03:57:00 10457088 ----a-w- c:\windows\system32\nvoglnt.dll

2001-03-30 15:59:26 32768 --sha-r- c:\windows\system32\ftabrs.dll

2008-08-17 20:11:01 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081720080818\index.dat

2008-08-19 21:34:14 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 18:36:27,75 ===============

Log Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15/3/2008 17:53:40

System Uptime: 14/11/2009 18:13:11 (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2L

Processor: AMD Athlon 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 9,333 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP604: 5/11/2009 15:35:28 - Avg8 Update

RP605: 6/11/2009 19:31:57 - Ponto de verificação do sistema

RP606: 7/11/2009 21:15:26 - Ponto de verificação do sistema

RP607: 8/11/2009 22:07:22 - Ponto de verificação do sistema

RP608: 9/11/2009 22:48:47 - Ponto de verificação do sistema

RP609: 11/11/2009 09:37:01 - Software Distribution Service 3.0

RP610: 12/11/2009 10:09:38 - Ponto de verificação do sistema

RP611: 12/11/2009 22:48:05 - Removed Marvel - Ultimate Alliance

RP612: 14/11/2009 04:42:23 - Ponto de verificação do sistema

RP613: 14/11/2009 18:28:42 - 14/11/09

==== Installed Programs ======================

7-Zip 4.57

AAC Decoder

Ad-Aware

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS4

Adobe Photoshop CS4 1.0

Adobe Reader 7.0

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AdVantage

American McGee's Alice

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização para Windows Internet Explorer 8 (KB972636)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

aTube Catcher 1.0

AusLogics Disk Defrag

AutoUpdate

Avanquest update

avast! Antivirus

AVG 8.0

BitTorrent

BrOffice.org 3.0

CCleaner (remove only)

CDisplay 1.8

Cheat Engine 5.5

Command & Conquer™ Red Alert™ 3

ConvertXtoDVD 3.2.0.52

Counter-Strike 1.6

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DMIView B7.0108.01

DNA

Dragon Age: Origins

DreaMule 3.2

DScaler 5 Mpeg Decoders

Far Cry 2

Ferramenta de Carregamento do Windows Live

Game Maker 7.0

GIF Movie Gear 4.2

Google Chrome

Google Update Helper

H.264 Decoder

Hamachi 1.0.3.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

i-Cool

InpyrenoFsu

Java 6 Update 15

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

K-Lite Codec Pack 5.2.0 (Full)

LiveUpdate Notice (Symantec Corporation)

Lizardtech DjVu Control

Lizardtech DjVu Control (autoinstall)

Messenger Plus! Live

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mIRC

MKV Splitter

Motorola Driver Installation 3.2.0

Motorola Phone Tools

MouseWare 9.75 da Logitech

Mozilla Firefox (3.5.5)

Mozilla Thunderbird (2.0.0.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB925673)

NAXDOWN 2.47

Nero 7 Essentials

NodEnabler 3.0

NVIDIA Drivers

NVIDIA nView Desktop Manager

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PartyPoker

Pcsx2 0.9.2 Watermoose

Pcsx2 0.9.6

PDF Settings

Photoshop Camera Raw

Pivot Stickfigure Animator

Pivot Stickfigure Animator 3.1 BR

PokerStars.net

Prince of Persia Warrior Within

Project64 1.6

PunkBuster Services

QuickTime Alternative 2.9.2

RealPlayer

Realtek High Definition Audio Driver

RESIDENT EVIL 5

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

Skype™ 4.0

Softonic_English_TC Toolbar

Spybot - Search & Destroy

System Requirements Lab

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb975960)

USB Disk Win98 Driver

USB Vibration Joystick

VC80CRTRedist - 8.0.50727.762

VLC media player 1.0.1

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

WinUHA 2.0 RC1 (2005.02.27)

World of Warcraft

Wow-Bra Addons Pack 2.2

WoW-Brasil Launcher

WoW Legion BR

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Seja bem vindo(a) à Remoção de Malwares do Fórum do Clube do Hardware.

Se preferir, salve essa página em seus favoritos para acessar mais facilmente.

Tome nota do seguinte, por favor:

  • a partir de agora analisarei seus logs e orientar-lhe-ei quando necessário. Voltarei assim que possível!
    NÃO faça nenhuma alteração e aguarde.
  • O processo de análise não é instantâneo. Seja paciente e aguarde pelas minhas instruções.
  • As instruções serão específicas para o seu problema e apenas deverão ser usadas neste PC.
  • Se houver algo que não entenda e lhe deixe dúvidas, por favor pergunte antes de prosseguir com as instruções.
  • Por favor coloque as suas respostas neste topico. NÃO inicie um novo tópico!
  • Caso eu fique mais de 5 (cinco) dias sem lhe responder, me envie uma Mensagem Privada.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Mog.Lucas obrigado por analisar e eu estou esperando seu disgnostico e instruções

so para reforçar 1º eu achei q fosse malwere mas agora eu estou começando a suspeitar que possa ser a fonte (não entendo nada de computador mas estou me indentificando com as reclamações das pessoas que tem a fonte como problema)

Pode ser q a fonte fique mais sobrecarregada quando jogo graças a placa de video

O problema é q não faço ideia de como ver se é isso mesmo se você puder por favor me diga se o problema é malwere ou outro mesmo

Se esse for o caso eu ja peço desculpa por talves ter postado na parte errada

qnt a malware q ainda pode ser q seja isso mesmo

eu faço verificações mensas com o avg e Spybot - Search & Destroy (que conheci aqui no Clube do Hardware mesmo)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

O seu PC está infectado por um Backdoor.

Importante: Backdoor/IRCBot Trojans são extremamente perigosos, pois providenciam meios de acesso ao sistema operacional do computador. Atacantes remotos utilizam este tipo de malwares para ganhar acesso não autorizado ao seu PC e podem tomar total controle sem o seu conhecimento.

Se você faz ou fez algum tipo de transações financeiras (aceder a bancos, compras, etc) com este PC, ou se ele contém alguma informação sensível, recomendo-lhe que:

  1. Evite ao máximo utilizar a internet neste pc, até que ele esteja limpo.
  2. Use um PC limpo e seguro e troque todas as suas palavras-passe ou palavras-chave (online passwords).
  3. Entre em contacto com as suas instituições financeiras e informe-as desta sua situação.

Muitos dos especialistas em segurança acreditam que após um PC ser infectado com este tipo de malwares, a melhor coisa a fazer é formatar e reinstalar novamente o Sistema Operativo.

Deixe ao seu critério se quer formatar ou não o PC. As infeções estão identificadas e podemos removê-las, o que não lhe posso garantir com 100% de certeza é que o seu PC fique seguro.

Caso opte pela remoção, siga os passos abaixo. Se optar por formatar, por favor informe-me disso na sua próxima resposta.

Obrigado.

Remoção:

ETAPA #1

Vejo que possui dois programas antivirus instalados:

AV: AVG Internet Security

AV: avast! antivirus

Ao contrário do que muitos usuários pensam mais de um Software Antivirus não trás proteção extra ao computador. Ao contrário: um software pode causar conflitos com o outro fazendo com que nenhum funcione corretamente. Escolha apenas um software antivirus para manter desinstalando o outro pelo Adicionar/Remover Programas.

ETAPA #2

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Duplo-clique em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que marca a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar o PC, por favor, faça-o imediatamente.

ETAPA #3

Vá até VirusTotal

  • Na caixa que fica no centro (Enviar arquivo);
  • Copie e cole o seguinte:
    c:\arquivos de programas\usb disk win98 driver\Res.EXE
  • Clique no botão blav.png
  • Caso apareça uma mensagem informando que o arquivo já foi analisado, clique em:
    Reanalisar arquivo agora
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Repita o mesmo procedimento enviando agora:
    c:\documents and settings\administrador\menu iniciar\programas\inicializar\PowerReg Scheduler V3.exe
  • Copie e cole esses resultados, juntamente com novo log do DDS.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

ETAPA #4

eu não consegui rodar o gmer porque diz q não consegue encontrar dbgeng.dll e por isso não consegui rodar esse prog e pegar esse log

Faça o download da dbgeng.dll seguindo:

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola Mog.Lucas obrigado pela ajuda e eu preferi seguir os passos para a remoção do do q formatar o pc

E ainda bem q nunca usei o pc para nenhuma operação bancaria (ja eu nunca achei isso mt seguro sempre evitei usar), sorte

aqui esta o que você me pediu:

Passo 1:

desistalei o avast

Passo 2:

Malwarebytes' Anti-Malware 1.41

Versão do banco de dados: 3210

Windows 5.1.2600 Service Pack 3

21/11/2009 19:26:22

mbam-log-2009-11-21 (19-26-22).txt

Tipo de Verificação: Rápida

Objetos verificados: 119709

Tempo decorrido: 6 minute(s), 35 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 1

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

Passo 3:

Do Res.EXE

Antivírus Versão Última Atualização Resultado

a-squared 4.5.0.41 2009.11.21 -

AhnLab-V3 5.0.0.2 2009.11.20 -

AntiVir 7.9.1.72 2009.11.20 -

Antiy-AVL 2.0.3.7 2009.11.20 -

Authentium 5.2.0.5 2009.11.21 -

Avast 4.8.1351.0 2009.11.21 -

AVG 8.5.0.425 2009.11.21 -

BitDefender 7.2 2009.11.21 -

CAT-QuickHeal 10.00 2009.11.21 -

ClamAV 0.94.1 2009.11.21 -

Comodo 2989 2009.11.21 -

DrWeb 5.0.0.12182 2009.11.21 -

eSafe 7.0.17.0 2009.11.19 -

eTrust-Vet 35.1.7133 2009.11.20 -

F-Prot 4.5.1.85 2009.11.21 -

F-Secure 9.0.15370.0 2009.11.20 -

Fortinet 3.120.0.0 2009.11.21 -

GData 19 2009.11.21 -

Ikarus T3.1.1.74.0 2009.11.21 -

Jiangmin 11.0.800 2009.11.21 -

K7AntiVirus 7.10.901 2009.11.20 -

Kaspersky 7.0.0.125 2009.11.21 -

McAfee 5809 2009.11.21 -

McAfee+Artemis 5809 2009.11.21 -

McAfee-GW-Edition6.8.5 2009.11.21 -

Microsoft 1.5302 2009.11.21 -

NOD32 4627 2009.11.21 -

Norman 6.03.02 2009.11.21 -

nProtect 2009.1.8.0 2009.11.21 -

Panda 10.0.2.2 2009.11.21 -

PCTools 7.0.3.5 2009.11.21 -

Prevx 3.0 2009.11.21 -

Rising 22.22.05.04 2009.11.21 -

Sophos 4.47.0 2009.11.21 -

Sunbelt 3.2.1858.2 2009.11.21 -

Symantec 1.4.4.12 2009.11.21 -

TheHacker 6.5.0.2.075 2009.11.20 -

TrendMicro 9.0.0.1003 2009.11.21 -

VBA32 3.12.12.0 2009.11.20 -

ViRobot 2009.11.20.2047 2009.11.20 -

VirusBuster 5.0.21.0 2009.11.21 -

Informações adicionais

File size: 65536 bytes

MD5...: f708a2ca13f52ad594333765de034526

SHA1..: 920d8e719dbe9bb69f1d736a86fa555b57b24845

SHA256: ed2e257f6a0c7eba2ec0677660a54befc843c1f8b8ad58531c5600fee02b3473

ssdeep: 768:Xsp4XsCep3GYM1fpW6YL03Wn7+Pz64A6qEzYGTaPa4/huoW9F6BoFfOXnph:

8p4XsCep3dctYL0mZ/EkIaRhtW9QoVW

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x4cc0

timedatestamp.....: 0x43281b1d (Wed Sep 14 12:44:13 2005)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x78aa 0x8000 6.23 d650998aeede615f240111f0b37f20ab

.rdata 0x9000 0xfa2 0x1000 5.37 db2d3af3358ba70ef466cd0374d3f72c

.data 0xa000 0x1315c 0x1000 2.60 5fbf520a963ab88ab24f479903930b85

.rsrc 0x1e000 0x4260 0x5000 3.15 94087f881d82f6e1f8f871e11483b6b6

( 6 imports )

> KERNEL32.dll: GetOEMCP, GetACP, GetCPInfo, GetStringTypeW, GetStringTypeA, SetFilePointer, GetLastError, HeapReAlloc, VirtualAlloc, WriteFile, RtlUnwind, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, SetHandleCount, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LCMapStringW, LCMapStringA, MultiByteToWideChar, WideCharToMultiByte, HeapAlloc, HeapFree, ExitProcess, GetVersion, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, SetStdHandle, lstrcatA, GlobalAddAtomA, GlobalDeleteAtom, FreeLibrary, GetVersionExA, GetDiskFreeSpaceExA, LoadLibraryA, GetPrivateProfileStringA, CloseHandle, GetVolumeInformationA, lstrcmpiA, GetModuleFileNameA, lstrcpyA, lstrlenA, GetEnvironmentStringsW, FlushFileBuffers

> USER32.dll: GetParent, GetDlgItem, EnableWindow, InvalidateRect, GetCursorPos, TrackPopupMenu, CreatePopupMenu, AppendMenuA, LoadBitmapA, InsertMenuItemA, DestroyMenu, DefWindowProcA, DialogBoxParamA, MessageBoxA, KillTimer, PostQuitMessage, RegisterWindowMessageA, CreateWindowExA, ShowWindow, UpdateWindow, SetWindowTextA, SetForegroundWindow, EndDialog, LoadIconA, LoadCursorA, RegisterClassExA, FindWindowA, LoadAcceleratorsA, GetMessageA, IsDialogMessageA, TranslateAcceleratorA, TranslateMessage, DispatchMessageA, wsprintfA, SendMessageA, BeginPaint

> ADVAPI32.dll: RegEnumKeyA, RegOpenKeyA, RegSetValueExA, RegCreateKeyA, RegDeleteKeyA, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegCloseKey

> SHELL32.dll: Shell_NotifyIconA

> CFGMGR32.dll: CM_Get_Parent, CM_Get_Sibling, CM_Get_Child, CM_Get_DevNode_Registry_PropertyA, CM_Locate_DevNodeA, CM_Remove_SubTree, CM_Query_Remove_SubTree

> COMCTL32.dll: ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: ali

copyright....: Copyright _ 2002

product......: ali usb1

description..: usb1

original name: usb1.exe

internal name: usb1

file version.: 1, 0, 0, 1

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

trid..: Win64 Executable Generic (54.6%)

Win32 Executable MS Visual C++ (generic) (24.0%)

Windows Screen Saver (8.3%)

Win32 Executable Generic (5.4%)

Win32 Dynamic Link Library (generic) (4.8%)

Do PowerReg Scheduler V3.exe

Antivírus Versão Última Atualização Resultado

a-squared 4.5.0.41 2009.11.21 -

AhnLab-V3 5.0.0.2 2009.11.20 -

AntiVir 7.9.1.72 2009.11.20 -

Antiy-AVL 2.0.3.7 2009.11.20 -

Authentium 5.2.0.5 2009.11.21 -

Avast 4.8.1351.0 2009.11.21 -

AVG 8.5.0.425 2009.11.21 -

BitDefender 7.2 2009.11.21 -

CAT-QuickHeal 10.00 2009.11.21 Trojan.PowerRegScheduler

ClamAV 0.94.1 2009.11.21 -

Comodo 2989 2009.11.21 UnclassifiedMalware

DrWeb 5.0.0.12182 2009.11.21 -

eSafe 7.0.17.0 2009.11.19 Win32.ProgramPowerRe

eTrust-Vet 35.1.7133 2009.11.20 -

F-Prot 4.5.1.85 2009.11.21 -

F-Secure 9.0.15370.0 2009.11.20 -

Fortinet 3.120.0.0 2009.11.21 -

GData 19 2009.11.21 -

Ikarus T3.1.1.74.0 2009.11.21 -

Jiangmin 11.0.800 2009.11.21 -

K7AntiVirus 7.10.901 2009.11.20 -

Kaspersky 7.0.0.125 2009.11.21 -

McAfee 5809 2009.11.21 -

McAfee+Artemis 5809 2009.11.21 -

McAfee-GW-Edition6.8.5 2009.11.21 -

Microsoft 1.5302 2009.11.21 Program:Win32/PowerRegScheduler

NOD32 4627 2009.11.21 -

Norman 6.03.02 2009.11.21 -

nProtect 2009.1.8.0 2009.11.21 -

Panda 10.0.2.2 2009.11.21 Application/PRScheduler

PCTools 7.0.3.5 2009.11.21 -

Prevx 3.0 2009.11.21 -

Rising 22.22.05.04 2009.11.21 -

Sophos 4.47.0 2009.11.21 -

Sunbelt 3.2.1858.2 2009.11.21 -

Symantec 1.4.4.12 2009.11.21 -

TheHacker 6.5.0.2.075 2009.11.20 -

TrendMicro 9.0.0.1003 2009.11.21 -

VBA32 3.12.12.0 2009.11.20 -

ViRobot 2009.11.20.2047 2009.11.20 -

VirusBuster 5.0.21.0 2009.11.21 -

Informações adicionais

File size: 225280 bytes

MD5...: 0419b153fbcad8c197e2212ebb5a23db

SHA1..: b1d6b95f8d3032d62c85d02b25883d4b1a494e31

SHA256: a0b27375b920f6c285f6e98011467b5a48e6b1801645a548f4d4171986893a54

ssdeep: 3072:VtS48qi6ePSH5GLqUst7xG9ya6pJhnEop9NXTl+zLI:VX9HH5GOVtxHB9XR

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x362e

timedatestamp.....: 0x3bedc868 (Sun Nov 11 00:38:00 2001)

machinetype.......: 0x14c (I386)

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x15b56 0x16000 6.56 30b49029137d7bb6569f44d7d3964371

.rdata 0x17000 0x49dc 0x5000 4.60 bdb6392a19945972cb00d74a8fb6f96c

.data 0x1c000 0x57c8 0x2000 2.43 02416788261a3c84799ad6258d6ce736

.rsrc 0x22000 0x18f08 0x19000 2.55 0e0d2989c238d9fc66f6cd6630c7a5bf

( 6 imports )

> KERNEL32.dll: RtlUnwind, HeapFree, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapAlloc, HeapReAlloc, HeapSize, GetACP, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, RaiseException, GetEnvironmentStringsW, FreeLibrary, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, GetProfileStringA, WriteFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, ReadFile, GetOEMCP, SetErrorMode, GetProcessVersion, GetCPInfo, SizeofResource, GlobalFlags, GetLastError, TlsSetValue, TlsGetValue, LocalReAlloc, LeaveCriticalSection, EnterCriticalSection, GlobalReAlloc, DeleteCriticalSection, TlsFree, GlobalHandle, SetHandleCount, LocalFree, TlsAlloc, CreateProcessA, InitializeCriticalSection, LoadLibraryA, LocalAlloc, lstrcpynA, GetStdHandle, GetVersion, Sleep, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, WritePrivateProfileStringA, GetPrivateProfileStringA, MultiByteToWideChar, WideCharToMultiByte, lstrlenA, InterlockedDecrement, InterlockedIncrement, GlobalFree, LockResource, FindResourceA, LoadResource, GlobalUnlock, MulDiv, GetModuleHandleA, GetProcAddress, SetLastError, GetFileType, SetUnhandledExceptionFilter, FreeEnvironmentStringsW, GetEnvironmentStrings

> USER32.dll: CopyRect, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, IsDialogMessageA, SetWindowTextA, ShowWindow, InflateRect, LoadCursorA, GetClassNameA, PtInRect, GetSysColorBrush, LoadStringA, DestroyMenu, InvalidateRect, GetTopWindow, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, wsprintfA, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, DestroyWindow, GetDlgItem, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, ScreenToClient, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, EnableWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SendMessageA, LoadIconA, MessageBeep, DefWindowProcA, CreateWindowExA, EndDialog, OffsetRect, ShowCaret, IsWindowUnicode, CharNextA, DefDlgProcA, DrawFocusRect, ExcludeUpdateRgn, HideCaret, UnregisterClassA

> GDI32.dll: RestoreDC, SelectObject, GetStockObject, SetBkColor, SetBkMode, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, IntersectClipRect, DeleteDC, DeleteObject, GetDeviceCaps, CreateSolidBrush, RectVisible, TextOutA, PtVisible, Escape, ExtTextOutA, PatBlt, GetObjectA, DPtoLP, CreateFontIndirectA, CreateDIBitmap, BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateBitmap, SaveDC

> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter

> ADVAPI32.dll: RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegCreateKeyExA, RegDeleteKeyA, RegSetValueExA, RegDeleteValueA

> COMCTL32.dll: -

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable MS Visual C++ (generic) (65.2%)

Win32 Executable Generic (14.7%)

Win32 Dynamic Link Library (generic) (13.1%)

Generic Win/DOS Executable (3.4%)

DOS Executable Generic (3.4%)

sigcheck:

publisher....: Leader Technologies

copyright....: Copyright © 1999-2001

product......: PowerReg Scheduler

description..: PowerReg Scheduler

original name: PRegSchedulerV3.exe

internal name: PRegSchedulerV3

file version.: 3,0,0,0

comments.....:

signers......: -

signing date.: -

verified.....: Unsigned

DDS:

DDS (Ver_09-10-26.01) - NTFSx86

Run by Administrador at 20:05:31,29 on s*b 21/11/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.324 [GMT -2:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrador\Desktop\Mal-ware\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 114.127.246.36:8080

uURLSearchHooks: Softonic English TC Toolbar: {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - c:\arquivos de programas\softonic_english_tc\tbSof1.dll

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

BHO: Softonic English TC Toolbar: {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - c:\arquivos de programas\softonic_english_tc\tbSof1.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Softonic English TC Toolbar: {4ff5f6ea-ffaf-43e5-9a01-361c0893c3e8} - c:\arquivos de programas\softonic_english_tc\tbSof1.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\arquivos de programas\ask.com\GenericAskToolbar.dll

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [symantec PIF AlertEng] "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [msnsyslog] c:\windows\msnlogm.exe

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [uSB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [zBrowser Launcher] c:\arquivos de programas\logitech\itouch\iTouch.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NodEnabler] c:\arquivos de programas\eset\nodenabler\NodEnabler.exe /s

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - c:\arquivos de programas\broffice.org 3\program\quickstart.exe

StartupFolder: c:\documents and settings\administrador\menu iniciar\programas\inicializar\PowerReg Scheduler V3.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\arquivos de programas\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: awtsQKeB - awtsQKeB.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-21 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-21 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\avg\avg9\avgwdsvc.exe [2009-11-21 285392]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-18 14156]

S2 gupdate1ca4c69a56968ca;Google Update Service (gupdate1ca4c69a56968ca);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-10-13 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-13 25832]

=============== Created Last 30 ================

2009-11-21 21:15:49 0 d-----w- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-11-21 21:15:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 21:15:41 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-11-21 21:15:41 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 20:41:07 0 d--h--w- C:\$AVG

2009-11-21 20:40:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40:26 0 d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40:02 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9

2009-11-19 22:45:56 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45:56 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45:55 7090 ----a-w- c:\windows\system32\nvnrm.nvu

2009-11-19 22:45:54 485920 ----a-w- c:\windows\system32\nvunrm.exe

2009-11-16 19:35:09 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-11-16 19:35:09 285696 ----a-w- c:\windows\system32\cudart.dll

2009-11-16 19:35:08 27136 ----a-w- c:\windows\system32\PCWizard.cpl

2009-11-16 19:34:42 0 d-----w- c:\arquivos de programas\CPUID

2009-11-16 19:34:34 0 d-----w- c:\arquivos de programas\Ask.com

2009-11-14 20:27:42 2048 ----a-w- C:\Backup.bkf

2009-11-13 02:40:30 0 d-----w- c:\docume~1\alluse~1\dadosd~1\BioWare

2009-11-13 02:23:49 0 d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP

2009-11-13 01:37:31 0 d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 01:37:29 0 d-----w- c:\arquivos de programas\arquivos comuns\BioWare

2009-10-26 21:04:05 0 d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45:54 0 d-----w- c:\arquivos de programas\arquivos comuns\Macrovision Shared

2009-10-26 15:04:54 679936 ----a-w- c:\windows\system32\D3DX81ab.dll

2009-10-26 15:04:54 1970176 ----a-w- c:\windows\system32\d3dx9.dll

2009-10-26 15:04:51 0 d-----w- c:\arquivos de programas\Cheat Engine

==================== Find3M ====================

2009-11-19 23:01:01 98280 ----a-w- c:\windows\system32\perfc016.dat

2009-11-19 23:01:01 508922 ----a-w- c:\windows\system32\perfh016.dat

2009-10-13 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-09-27 20:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12:22 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24:18 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04:39 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 02:03:19 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-08-29 07:57:54 916480 ----a-w- c:\windows\system32\wininet.dll

2009-08-26 08:01:18 247326 ----a-w- c:\windows\system32\strmdll.dll

2001-03-30 15:59:26 32768 --sha-r- c:\windows\system32\ftabrs.dll

2008-08-17 20:11:01 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081720080818\index.dat

2008-08-19 21:34:14 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 20:06:14,03 ===============

Attach (não sei se quando você falou novo DDS se referiu ao log DDS ou o programa então to colocando o novo Attach so pra ter certeza)

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15/3/2008 17:53:40

System Uptime: 21/11/2009 19:58:00 (1 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2L

Processor: AMD Athlon 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 10,808 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP612: 14/11/2009 04:42:23 - Ponto de verificação do sistema

RP613: 14/11/2009 18:28:42 - 14/11/09

RP614: 15/11/2009 21:59:48 - Ponto de verificação do sistema

RP615: 17/11/2009 00:06:54 - Ponto de verificação do sistema

RP616: 18/11/2009 05:07:45 - Ponto de verificação do sistema

RP617: 19/11/2009 07:33:33 - Ponto de verificação do sistema

RP618: 19/11/2009 20:50:33 - Instalado NVIDIA ForceWare Network Access Manager

RP619: 21/11/2009 05:28:37 - Removed AVG 8.5

RP620: 21/11/2009 05:31:15 - Installed AVG 8.5

RP621: 21/11/2009 18:40:00 - Installed AVG Free 9.0

==== Installed Programs ======================

7-Zip 4.57

AAC Decoder

Ad-Aware

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS4

Adobe Photoshop CS4 1.0

Adobe Reader 7.0

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AdVantage

American McGee's Alice

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização para Windows Internet Explorer 8 (KB972636)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973815)

aTube Catcher 1.0

AusLogics Disk Defrag

AutoUpdate

Avanquest update

AVG Free 9.0

BitTorrent

BrOffice.org 3.0

CCleaner (remove only)

CDisplay 1.8

Cheat Engine 5.5

Command & Conquer™ Red Alert™ 3

ConvertXtoDVD 3.2.0.52

Counter-Strike 1.6

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DMIView B7.0108.01

DNA

Dragon Age: Origins

DreaMule 3.2

DScaler 5 Mpeg Decoders

Far Cry 2

Ferramenta de Carregamento do Windows Live

Game Maker 7.0

GIF Movie Gear 4.2

Google Chrome

Google Update Helper

H.264 Decoder

Hamachi 1.0.3.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

i-Cool

InpyrenoFsu

Java 6 Update 15

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

K-Lite Codec Pack 5.2.0 (Full)

LiveUpdate Notice (Symantec Corporation)

Lizardtech DjVu Control

Lizardtech DjVu Control (autoinstall)

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mIRC

MKV Splitter

Motorola Driver Installation 3.2.0

Motorola Phone Tools

MouseWare 9.75 da Logitech

Mozilla Firefox (3.5.5)

Mozilla Thunderbird (2.0.0.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 6.0 Parser (KB925673)

NAXDOWN 2.47

Nero 7 Essentials

NodEnabler 3.0

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PartyPoker

PC Wizard 2009.1.9111

Pcsx2 0.9.2 Watermoose

Pcsx2 0.9.6

PDF Settings

Photoshop Camera Raw

Pivot Stickfigure Animator

Pivot Stickfigure Animator 3.1 BR

PokerStars.net

Prince of Persia Warrior Within

Project64 1.6

PunkBuster Services

QuickTime Alternative 2.9.2

RealPlayer

Realtek High Definition Audio Driver

RESIDENT EVIL 5

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

Skype™ 4.0

Softonic_English_TC Toolbar

Spybot - Search & Destroy

System Requirements Lab

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb975960)

USB Disk Win98 Driver

USB Vibration Joystick

VC80CRTRedist - 8.0.50727.762

VLC media player 1.0.1

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

WinUHA 2.0 RC1 (2005.02.27)

World of Warcraft

Wow-Bra Addons Pack 2.2

WoW-Brasil Launcher

WoW Legion BR

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

==== End Of File ===========================

Passo 4:

Quanto a esse passo eu peguei o dbgeng.dll como você falou e pus na pasta mencionada so q agora quando vou rodar o GMER (seguindo os passos dados aqui) o programa abre (não aparece + o aviso de q o dbgeng.dll esta faltando) mas o programa fecha sozinho depois de alguns segundos

o que poderia ser? eu desativei a conexão a internet como dito la mas não da certo (tentei 3x e nas 3 o programa fechou sozinho em poucos segundos)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

Por favor perdoe-me pela demora para lhe responder..

ETAPA #1

Vejo que você possui um programa para crackear o Nod32:

mRun: [NodEnabler] c:\arquivos de programas\eset\nodenabler\NodEnabler.exe /s

Utilizar antivirus crackeados além de não trazerem total segurança para o computador podem até trazer problemas de segurança, já que cracks/keygens geralmente não são seguros.

Recomendo que desinstale este crack e o Nod32 e utilize um outro software antivirus, dois bons FREE são: Avira e Avast.

ETAPA #2

Caso não tenha conhecimento da seguinte toolbar instalada em seu computador:

  • Softonic_English_TC Toolbar
recomendo sua desinstalação pois a mesma pode possuir caracteristicas de Adware: malware capaz de exibir propagandas e modificar suas buscas/preferencias por produtos de interesse de seu desenvolvedor.
A decisão de remover ou não é sua.
Para remover, acesse o Painel de Controle -> Adicionar/Remover Programas; e remova os seguintes programas caso estejam presentes:
  • Softonic_English_TC Toolbar

ETAPA #3

  • Vá em Iniciar -> Executar digite cmd e aperte Enter.
  • Digite: regsvr32 dbgeng.dll
  • Reinicie o computador
  • Experimente rodar o GMER novamente

ETAPA #4
Faça o download de OTMoveIt3 by OldTimer e salve no desktop.
Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.
Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:
:processes
explorer.exe

:files
c:\windows\msnlogm.exe
c:\documents and settings\administrador\menu iniciar\programas\inicializar\PowerReg Scheduler V3.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnsyslog"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

:commands
[EmptyTemp]
[Reboot]


Clique agora no botão btnmoveit.png
Caso apareça o aviso para reiniciar o computador, faça isso.
Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png
Gere e cole também um novo log do DDS.
Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.
ETAPA #5
Vá até VirusTotal

  • Na caixa que fica no centro (Enviar arquivo);
  • Copie e cole o seguinte:
    c:\WINDOWS\system32\awtsQKeB.dll
  • Clique no botão blav.png
  • Caso apareça uma mensagem informando que o arquivo já foi analisado, clique em:
    Reanalisar arquivo agora
  • O arquivo irá ser examinado por diferentes programas antivirus, por favor aguarde.
  • Copie e cole esse resultado, juntamente com novo log do DDS.

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

ETAPA #6

Você tem conhecimento da seguinte proxy?

uInternet Settings,ProxyServer = 114.127.246.36:8080

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultados:

Etapa #1

Eu tinha tentado usar o nod32 crackeado uma vez mas não o estou usando mais, aliais eu nem encontrei essa pasta q você mencionou

Etapa #2

Desinstalei a toolbar

Etapa #3

Eu fiz o que você falou mais apareceu a seguinte mensagem "dbgeng foi carregado mas o ponto de entrada dllregisterserve não foi localizado. Esse arquivo não pode ser registrado" e continua acontecendo a mesmo coisa quando eu tento rodar o Gmer

Etapa #4

Log do OTMoveIt3 by OldTimer

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder c:\windows\msnlogm.exe not found.

c:\documents and settings\administrador\menu iniciar\programas\inicializar\PowerReg Scheduler V3.exe moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\msnsyslog deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 127687180 bytes

->Temporary Internet Files folder emptied: 38023804 bytes

->Java cache emptied: 27064637 bytes

->FireFox cache emptied: 60204882 bytes

User: All Users

User: Convidado

->Temp folder emptied: 2040563 bytes

->Temporary Internet Files folder emptied: 7516527 bytes

->FireFox cache emptied: 77907431 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService

->Temp folder emptied: 82513 bytes

->Temporary Internet Files folder emptied: 38777 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Outros

->Temp folder emptied: 642687 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2844725 bytes

%systemroot%\System32 .tmp files removed: 2969 bytes

Windows Temp folder emptied: 412149 bytes

RecycleBin emptied: 1419057180 bytes

Total Files Cleaned = 1681,92 mb

OTM by OldTimer - Version 3.1.2.0 log created on 12012009_003251

Files moved on Reboot...

Registry entries deleted on Reboot...

DDS:

DDS (Ver_09-10-26.01) - NTFSx86

Run by Administrador at 0:52:15,78 on ter 01/12/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.306 [GMT -2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [symantec PIF AlertEng] "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [uSB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [zBrowser Launcher] c:\arquivos de programas\logitech\itouch\iTouch.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [NodEnabler] c:\arquivos de programas\eset\nodenabler\NodEnabler.exe /s

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - c:\arquivos de programas\broffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\arquivos de programas\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: awtsQKeB - awtsQKeB.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-21 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-21 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\avg\avg9\avgwdsvc.exe [2009-11-21 285392]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-18 14156]

S2 gupdate1ca4c69a56968ca;Google Update Service (gupdate1ca4c69a56968ca);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-10-13 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-13 25832]

=============== Created Last 30 ================

2009-12-01 02:32:51 0 d-----w- C:\_OTM

2009-11-21 22:10:52 847872 ----a-w- c:\windows\system32\dbgeng.dll

2009-11-21 21:15:49 0 d-----w- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-11-21 21:15:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 21:15:41 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-11-21 21:15:41 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 20:41:07 0 d--h--w- C:\$AVG

2009-11-21 20:40:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40:26 0 d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40:02 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9

2009-11-19 22:45:56 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45:56 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45:55 7090 ----a-w- c:\windows\system32\nvnrm.nvu

2009-11-19 22:45:54 485920 ----a-w- c:\windows\system32\nvunrm.exe

2009-11-16 19:35:09 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-11-16 19:35:09 285696 ----a-w- c:\windows\system32\cudart.dll

2009-11-16 19:35:08 27136 ----a-w- c:\windows\system32\PCWizard.cpl

2009-11-16 19:34:42 0 d-----w- c:\arquivos de programas\CPUID

2009-11-16 19:34:34 0 d-----w- c:\arquivos de programas\Ask.com

2009-11-14 20:27:42 2048 ----a-w- C:\Backup.bkf

2009-11-13 02:40:30 0 d-----w- c:\docume~1\alluse~1\dadosd~1\BioWare

2009-11-13 01:37:31 0 d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 01:37:29 0 d-----w- c:\arquivos de programas\arquivos comuns\BioWare

==================== Find3M ====================

2009-11-19 23:01:01 98280 ----a-w- c:\windows\system32\perfc016.dat

2009-11-19 23:01:01 508922 ----a-w- c:\windows\system32\perfh016.dat

2009-10-13 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-11 06:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 20:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12:22 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24:18 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 21:04:39 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-09-04 02:03:19 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2001-03-30 15:59:26 32768 --sha-r- c:\windows\system32\ftabrs.dll

2008-08-17 20:11:01 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081720080818\index.dat

2008-08-19 21:34:14 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 0:52:54,78 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15/3/2008 17:53:40

System Uptime: 12/1/2009 00:35:02 (7752 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2L

Processor: AMD Athlon 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 5,135 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP618: 19/11/2009 20:50:33 - Instalado NVIDIA ForceWare Network Access Manager

RP619: 21/11/2009 05:28:37 - Removed AVG 8.5

RP620: 21/11/2009 05:31:15 - Installed AVG 8.5

RP621: 21/11/2009 18:40:00 - Installed AVG Free 9.0

RP622: 21/11/2009 22:31:54 - Avg8 Update

RP623: 21/11/2009 22:32:45 - Avg8 Update

RP624: 23/11/2009 00:55:25 - Ponto de verificação do sistema

RP625: 24/11/2009 10:22:06 - Ponto de verificação do sistema

RP626: 25/11/2009 09:42:06 - Software Distribution Service 3.0

RP627: 26/11/2009 19:21:30 - Ponto de verificação do sistema

RP628: 27/11/2009 22:36:28 - Ponto de verificação do sistema

RP629: 28/11/2009 02:41:32 - Installed Java 6 Update 17

RP630: 29/11/2009 09:44:43 - Ponto de verificação do sistema

RP631: 30/11/2009 10:07:25 - Ponto de verificação do sistema

==== Installed Programs ======================

7-Zip 4.57

AAC Decoder

Ad-Aware

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS4

Adobe Photoshop CS4 1.0

Adobe Reader 7.0

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AdVantage

American McGee's Alice

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização para Windows Internet Explorer 8 (KB972636)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

aTube Catcher 1.0

AusLogics Disk Defrag

AutoUpdate

Avanquest update

AVG Free 9.0

BitTorrent

BrOffice.org 3.0

CCleaner (remove only)

CDisplay 1.8

Cheat Engine 5.5

Command & Conquer™ Red Alert™ 3

ConvertXtoDVD 3.2.0.52

Counter-Strike 1.6

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DMIView B7.0108.01

DNA

Dragon Age: Origins

DreaMule 3.2

DScaler 5 Mpeg Decoders

Far Cry 2

Ferramenta de Carregamento do Windows Live

Game Maker 7.0

GIF Movie Gear 4.2

Google Chrome

Google Update Helper

H.264 Decoder

Hamachi 1.0.3.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

Hotfix para Windows XP (KB976098-v2)

i-Cool

InpyrenoFsu

Java 6 Update 17

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

K-Lite Codec Pack 5.2.0 (Full)

LiveUpdate Notice (Symantec Corporation)

Lizardtech DjVu Control

Lizardtech DjVu Control (autoinstall)

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mIRC

MKV Splitter

Motorola Driver Installation 3.2.0

Motorola Phone Tools

MouseWare 9.75 da Logitech

Mozilla Firefox (3.5.5)

Mozilla Thunderbird (2.0.0.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

NAXDOWN 2.47

Nero 7 Essentials

NodEnabler 3.0

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PartyPoker

PC Wizard 2009.1.9111

Pcsx2 0.9.2 Watermoose

Pcsx2 0.9.6

PDF Settings

Photoshop Camera Raw

Pivot Stickfigure Animator

Pivot Stickfigure Animator 3.1 BR

PokerStars.net

Prince of Persia Warrior Within

Project64 1.6

PunkBuster Services

QuickTime Alternative 2.9.2

RealPlayer

Realtek High Definition Audio Driver

RESIDENT EVIL 5

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

Skype™ 4.0

Spybot - Search & Destroy

System Requirements Lab

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb975960)

USB Disk Win98 Driver

USB Vibration Joystick

VC80CRTRedist - 8.0.50727.762

VLC media player 1.0.1

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

WinUHA 2.0 RC1 (2005.02.27)

World of Warcraft

Wow-Bra Addons Pack 2.2

WoW-Brasil Launcher

WoW Legion BR

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

1/12/2009 00:49:42, Informações: Windows File Protection [64005] - O sistema de arquivos protegido dbgeng.dll não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de arquivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é 5.1.2600.0.

==== End Of File ===========================

Etapa #5

Não consegui achar o awtsQKeB.dll copiando e colando ele diz não conseguiu encontrar e mesmo procurando manualmente no c:\WINDOWS\system32 não consegui econtrar

Etapa #6

Sim esse proxy me é familiar eu uso ele no IE para poder logar em duas contas em jogo (so para esclarecer não é proibido ter 2 contas nesse jogo mais para não ter q ficar logando uma de cada vez eu uso esse proxy para logar nas duas ao mesmo tempo) uma pelo Firefox e outra pelo IE com esse proxy (agora eu estou ate usando um outro proxy para fazer o mesmo)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá!

ETAPA #1

Faça o download de OTMoveIt3 by OldTimer e salve no desktop.

Duplo-Clique no icone otmi3desktopicon.png que está no seu desktop.

Copie o texto que está abaixo dentro do "Code" e cole na área abaixo de pasteline.png:

:processes
explorer.exe

:folder
c:\arquivos de programas\eset\nodenabler

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NodEnabler"=-

:commands
[EmptyTemp]
[Reboot]

Clique agora no botão btnmoveit.png

Caso apareça o aviso para reiniciar o computador, faça isso.

Na sua proxima resposta, copie e cole o todo o conteúdo que está em results.png

Gere e cole também um novo log do DDS.

Se o computador reiniciou e não lhe foi possível copiar o resultado, abra o Bloco de Notas (Iniciar ~> Programs ~> Acessorios ~> Bloco de Notas), clique em Arquivo ~> Abrir e na caixa "Nome do Arquivo", coloque *.log e dê enter; Procure a pasta C:\_OTMoveIt\MovedFiles, e abra o mais recente arquivo .log presente. Copie e cole todo o conteúdo desse arquivo.

ETAPA #2

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

@ECHO OFF
dir %windir%\awtsQKeB.* /S >> C:\FindFile.txt
start notepad C:\FindFile.txt
del C:\FindFile.txt
del %0

  • Em Salvar como Tipo coloque: Todos os arquivos
  • Salve este arquivo no seu desktop (Área de trabalho) como: FindFile.bat
  • Dê um clique duplo no FindFile.bat.
  • Uma janela do bloco de notas abrirá - copie e cole o conteúdo desta janela em sua próxima resposta.

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Etapa #1

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

Error: Unable to interpret <:folder> in the current context!

Error: Unable to interpret <c:\arquivos de programas\eset\nodenabler> in the current context!

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NodEnabler deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 17868807 bytes

->Temporary Internet Files folder emptied: 619795 bytes

->Java cache emptied: 12779 bytes

->FireFox cache emptied: 41314580 bytes

User: All Users

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Outros

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 82403 bytes

RecycleBin emptied: 70487822 bytes

Total Files Cleaned = 124,47 mb

OTM by OldTimer - Version 3.1.2.0 log created on 12062009_000533

Files moved on Reboot...

Registry entries deleted on Reboot...

DDS (Ver_09-10-26.01) - NTFSx86

Run by Administrador at 0:12:41,60 on dom 06/12/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.289 [GMT -2:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\USB Disk Win98 Driver\Res.EXE

C:\Arquivos de programas\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\ARQUIV~1\AVG\AVG9\avgtray.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Administrador\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

mURLSearchHooks: H - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\arquivos de programas\avg\avg9\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\arquivos de programas\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\arquivos de programas\windows live\toolbar\wltcore.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\ahead\lib\NMBgMonitor.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_0

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [symantec PIF AlertEng] "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\arquivos de programas\arquivos comuns\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [iSUSPM Startup] c:\arquiv~1\arquiv~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [GrooveMonitor] "c:\arquivos de programas\microsoft office\office12\GrooveMonitor.exe"

mRun: [uSB Storage Toolbox] c:\arquivos de programas\usb disk win98 driver\Res.EXE

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [zBrowser Launcher] c:\arquivos de programas\logitech\itouch\iTouch.exe

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\ahead\lib\NeroCheck.exe

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG9_TRAY] c:\arquiv~1\avg\avg9\avgtray.exe

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\arquivos de programas\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\broffi~1.lnk - c:\arquivos de programas\broffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\admini~1\menuin~1\progra~1\inicia~1\recort~1.lnk - c:\arquivos de programas\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE

mPolicies-explorer: HideRunAsVerb = 1 (0x1)

dPolicies-explorer: NoSMHelp = 1 (0x1)

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office12\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\arquivos de programas\partygaming\partypoker\RunApp.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\pokerstars.net\PokerStarsUpdate.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\arquivos de programas\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\arquiv~1\micros~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - hxxp://messenger.zone.msn.com/binary/Chess.cab57176.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\arquivos de programas\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg9\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

Notify: awtsQKeB - awtsQKeB.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\arquivos de programas\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\dadosd~1\mozilla\firefox\profiles\pbnmaciv.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (pt)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\avg\avg9\firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\arquivos de programas\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\arquivos de programas\microsoft\office live\npOLW.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\mozilla firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\arquivos de programas\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\arquivos de programas\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-21 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-21 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\avg\avg9\avgwdsvc.exe [2009-11-21 285392]

R2 SeaPort;SeaPort;c:\arquivos de programas\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]

R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcfltr.sys [2008-12-18 14156]

S2 gupdate1ca4c69a56968ca;Google Update Service (gupdate1ca4c69a56968ca);c:\arquivos de programas\google\update\GoogleUpdate.exe [2009-10-13 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\dragon age\bin_ship\daupdatersvc.service.exe [2009-11-13 25832]

=============== Created Last 30 ================

2009-12-01 02:32:51 0 d-----w- C:\_OTM

2009-11-21 22:10:52 847872 ----a-w- c:\windows\system32\dbgeng.dll

2009-11-21 21:15:49 0 d-----w- c:\docume~1\admini~1\dadosd~1\Malwarebytes

2009-11-21 21:15:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15:41 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 21:15:41 0 d-----w- c:\docume~1\alluse~1\dadosd~1\Malwarebytes

2009-11-21 21:15:41 0 d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 20:41:07 0 d--h--w- C:\$AVG

2009-11-21 20:40:51 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40:51 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40:46 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40:26 0 d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40:02 0 d-----w- c:\docume~1\alluse~1\dadosd~1\avg9

2009-11-19 22:45:56 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45:56 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45:55 7090 ----a-w- c:\windows\system32\nvnrm.nvu

2009-11-19 22:45:54 485920 ----a-w- c:\windows\system32\nvunrm.exe

2009-11-16 19:35:09 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-11-16 19:35:09 285696 ----a-w- c:\windows\system32\cudart.dll

2009-11-16 19:35:08 27136 ----a-w- c:\windows\system32\PCWizard.cpl

2009-11-16 19:34:42 0 d-----w- c:\arquivos de programas\CPUID

2009-11-16 19:34:34 0 d-----w- c:\arquivos de programas\Ask.com

2009-11-14 20:27:42 2048 ----a-w- C:\Backup.bkf

2009-11-13 02:40:30 0 d-----w- c:\docume~1\alluse~1\dadosd~1\BioWare

2009-11-13 01:37:31 0 d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 01:37:29 0 d-----w- c:\arquivos de programas\arquivos comuns\BioWare

==================== Find3M ====================

2009-11-19 23:01:01 98280 ----a-w- c:\windows\system32\perfc016.dat

2009-11-19 23:01:01 508922 ----a-w- c:\windows\system32\perfh016.dat

2009-10-13 18:00:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-11 06:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 20:20:04 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12:22 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24:18 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-11 14:19:14 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 02:03:19 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2001-03-30 15:59:26 32768 --sha-r- c:\windows\system32\ftabrs.dll

2009-09-04 22:36:42 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\index.dat

2008-08-17 20:11:01 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081720080818\index.dat

2008-08-19 21:34:14 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\histórico\history.ie5\mshist012008081920080820\index.dat

2009-09-04 22:36:42 32768 -csha-w- c:\windows\system32\config\systemprofile\configurações locais\temporary internet files\content.ie5\index.dat

2009-09-04 22:36:42 16384 -csha-w- c:\windows\system32\config\systemprofile\cookies\index.dat

============= FINISH: 0:13:24,76 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 15/3/2008 17:53:40

System Uptime: 12/6/2009 00:06:23 (4248 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | M61SME-S2L

Processor: AMD Athlon 64 X2 Dual Core Processor 4000+ | Socket M2 | 2109/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 21,848 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP623: 21/11/2009 22:32:45 - Avg8 Update

RP624: 23/11/2009 00:55:25 - Ponto de verificação do sistema

RP625: 24/11/2009 10:22:06 - Ponto de verificação do sistema

RP626: 25/11/2009 09:42:06 - Software Distribution Service 3.0

RP627: 26/11/2009 19:21:30 - Ponto de verificação do sistema

RP628: 27/11/2009 22:36:28 - Ponto de verificação do sistema

RP629: 28/11/2009 02:41:32 - Installed Java 6 Update 17

RP630: 29/11/2009 09:44:43 - Ponto de verificação do sistema

RP631: 30/11/2009 10:07:25 - Ponto de verificação do sistema

RP632: 1/12/2009 15:21:10 - Ponto de verificação do sistema

RP633: 2/12/2009 16:20:51 - Ponto de verificação do sistema

RP634: 3/12/2009 17:09:13 - Ponto de verificação do sistema

RP635: 4/12/2009 22:11:20 - Ponto de verificação do sistema

RP636: 5/12/2009 22:56:58 - Ponto de verificação do sistema

==== Installed Programs ======================

7-Zip 4.57

AAC Decoder

Ad-Aware

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge 1.0

Adobe Bridge CS4

Adobe Bridge Start Meeting

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS4

Adobe Photoshop CS4 1.0

Adobe Reader 7.0

Adobe Setup

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AdVantage

American McGee's Alice

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de Segurança para o Windows Media Player 9 (KB936782)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB950759)

Atualização de Segurança para Windows Internet Explorer 7 (KB953838)

Atualização de Segurança para Windows Internet Explorer 7 (KB956390)

Atualização de Segurança para Windows Internet Explorer 7 (KB958215)

Atualização de Segurança para Windows Internet Explorer 7 (KB960714)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 7 (KB969897)

Atualização de Segurança para Windows Internet Explorer 7 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB974455)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB923689)

Atualização de Segurança para Windows XP (KB923789)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB953839)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956391)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957095)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973525)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização para Windows Internet Explorer 8 (KB972636)

Atualização para Windows Internet Explorer 8 (KB976749)

Atualização para Windows XP (KB951072-v2)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

aTube Catcher 1.0

AusLogics Disk Defrag

AutoUpdate

Avanquest update

AVG Free 9.0

BitTorrent

BrOffice.org 3.0

CCleaner (remove only)

CDisplay 1.8

Cheat Engine 5.5

Command & Conquer™ Red Alert™ 3

ConvertXtoDVD 3.2.0.52

Counter-Strike 1.6

DivX Codec

DivX Converter

DivX Player

DivX Plus DirectShow Filters

DivX Version Checker

DivX Web Player

DMIView B7.0108.01

DNA

Dragon Age: Origins

DreaMule 3.2

DScaler 5 Mpeg Decoders

Far Cry 2

Ferramenta de Carregamento do Windows Live

Game Maker 7.0

GIF Movie Gear 4.2

Google Chrome

Google Update Helper

H.264 Decoder

Hamachi 1.0.3.0

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB970653-v3)

Hotfix para Windows XP (KB976098-v2)

i-Cool

InpyrenoFsu

Java 6 Update 17

Java 6 Update 5

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

K-Lite Codec Pack 5.2.0 (Full)

LiveUpdate Notice (Symantec Corporation)

Lizardtech DjVu Control

Lizardtech DjVu Control (autoinstall)

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 2.0 Language Pack - PTB

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

mIRC

MKV Splitter

Motorola Driver Installation 3.2.0

Motorola Phone Tools

MouseWare 9.75 da Logitech

Mozilla Firefox (3.5.5)

Mozilla Thunderbird (2.0.0.23)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB925673)

NAXDOWN 2.47

Nero 7 Essentials

NodEnabler 3.0

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA nView Desktop Manager

NVIDIA PhysX

OGA Notifier 2.0.0048.0

Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PartyPoker

PC Wizard 2009.1.9111

Pcsx2 0.9.2 Watermoose

Pcsx2 0.9.6

PDF Settings

Photoshop Camera Raw

Pivot Stickfigure Animator

Pivot Stickfigure Animator 3.1 BR

PokerStars.net

Prince of Persia Warrior Within

Project64 1.6

PunkBuster Services

QuickTime Alternative 2.9.2

RealPlayer

Realtek High Definition Audio Driver

RESIDENT EVIL 5

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

Skype™ 4.0

Spybot - Search & Destroy

System Requirements Lab

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Outlook 2007 Junk Email Filter (kb975960)

USB Disk Win98 Driver

USB Vibration Joystick

VC80CRTRedist - 8.0.50727.762

VLC media player 1.0.1

Windows Communication Foundation Language Pack - PTB

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Sync

Windows Live Toolbar

Windows Live Writer

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows Workflow Foundation BR Language Pack

Windows XP Service Pack 3

WinUHA 2.0 RC1 (2005.02.27)

World of Warcraft

Wow-Bra Addons Pack 2.2

WoW-Brasil Launcher

WoW Legion BR

Xbox 360 Controller for Windows

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

Xvid 1.2.2 final uninstall

==== Event Viewer Messages From Past Week ========

1/12/2009 00:49:42, Informações: Windows File Protection [64005] - O sistema de arquivos protegido dbgeng.dll não pôde ser restaurado para sua versão válida original porque o processo de restauração 'Proteção de arquivos do Windows' foi cancelado pela interação do usuário; o nome de usuário é Administrador. A versão do arquivo incorreto é 5.1.2600.0.

==== End Of File ===========================

Etapa #2

Fiz conforme você pediu e quando eu abri o FindFile.bat um bloco de notas vazio abriu com o seguinte aviso:

"Não é possivel localizar o arquivo C:\FindFile.txt

Deseja Criar um novo arquivo?

Sim Não Cancelar"

Obrigado por toda a ajuda Mog.lucas espero novas instruções

(estou começando a achar q formatar talves fosse a melhor escolha, hj o meu pc desligou sozinho enquanto eu jogava um jogo em flash um site de jogos online o http://www.kongregate.com antes isso so acontecia em jogos mais pesados)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Desculpe a demora, mas o nosso amigo Mog.Lucas está tendo problemas em seu trabalho, estarei assumindo o lugar dele, vou estudar seu caso e logo estarei postando :)

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado diego_moicano estou esperando o seu parecer porque como eu ja falei nos meus outros posts as coisas aqui estão estranhas lol

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Faça o donwload do OTL by OldTimer e salve em seu Desktop.

  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Deixe a tela principal configurada conforme figura abaixo:

4046743195_16d3cb1e94_o.jpg

  • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5


  • Clique no botão 3978388475_e858baec2d_o.jpg
  • Não interrompa o scan em hipótese alguma;
  • Quando terminar será gerado dois logs: OTL.txt e Extras.txt;
  • Reinicie o computador;
  • Poste os dois logs em sua próxima resposta.
  • Não exclua o OTL

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

diego_moicano vou postar agora os dois log gerados:

1º o OTL:

OTL logfile created on: 12/12/2009 07:11:01 - Run 1

OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,48 Mb Total Physical Memory | 103,80 Mb Available Physical Memory | 10,14% Memory free

2,89 Gb Paging File | 1,83 Gb Available in Paging File | 63,32% Paging File free

Paging file location(s): C:\pagefile.sys 2036 3572 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 15,26 Gb Free Space | 10,24% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PH

Current User Name: Administrador

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

PRC - [2009/11/21 18:40:19 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

PRC - [2009/11/21 18:40:18 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

PRC - [2009/11/21 18:40:18 | 00,502,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

PRC - [2009/11/21 18:40:16 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/21 18:40:09 | 02,020,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe

PRC - [2009/11/21 18:40:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

PRC - [2009/11/07 14:03:57 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe

PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

PRC - [2009/10/11 04:17:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\javaw.exe

PRC - [2009/10/07 10:29:05 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe

PRC - [2009/07/23 17:23:56 | 00,178,720 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

PRC - [2009/07/23 17:23:54 | 00,387,616 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

PRC - [2009/07/08 10:58:02 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/20 12:47:42 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe

PRC - [2009/04/20 12:47:23 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

PRC - [2009/03/05 17:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/10/25 12:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008/09/30 16:52:50 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

PRC - [2008/09/30 16:52:42 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

PRC - [2008/06/22 05:25:00 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/04/14 00:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/07/05 06:08:46 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2007/03/07 19:49:08 | 00,910,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/03/07 19:49:06 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

PRC - [2007/03/07 19:48:54 | 00,149,040 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

PRC - [2005/09/14 21:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe

PRC - [2005/02/17 08:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

PRC - [2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Arquivos de programas\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

MOD - [2002/11/21 09:50:00 | 00,006,144 | ---- | M] (Logitech Inc.) -- C:\Arquivos de programas\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UPS)

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2009/11/21 18:40:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/10/26 18:45:54 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/10/13 22:59:27 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe -- (gupdate1ca4c69a56968ca) Google Update Service (gupdate1ca4c69a56968ca)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/07/23 17:23:56 | 00,178,720 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2009/07/23 17:23:54 | 00,387,616 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2009/07/08 10:58:02 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/04/20 12:47:42 | 00,107,832 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2009/04/20 12:47:23 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/10/25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008/06/22 05:25:00 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2008/05/16 20:45:42 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/03/07 19:49:06 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007/03/07 19:46:40 | 00,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - [2009/11/21 18:40:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/11/21 18:40:46 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/11/21 18:40:46 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/13 22:17:44 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)

DRV - [2009/07/08 09:07:00 | 07,967,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/07/01 11:53:34 | 00,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2009/07/01 11:53:30 | 00,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2009/06/30 17:31:00 | 00,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)

DRV - [2008/09/06 15:55:29 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)

DRV - [2008/08/08 16:22:22 | 00,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)

DRV - [2008/08/02 17:55:01 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/04/13 16:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)

DRV - [2008/04/13 16:40:30 | 00,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\atapi.sys -- (atapi)

DRV - [2008/04/13 14:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/03/16 02:08:50 | 00,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2008/03/16 00:46:21 | 00,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)

DRV - [2007/11/13 08:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2007/07/18 09:26:04 | 04,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)

DRV - [2006/10/18 17:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)

DRV - [2006/07/02 00:12:36 | 00,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2004/08/09 09:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)

DRV - [2004/08/09 09:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)

DRV - [2004/07/19 12:49:54 | 00,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)

DRV - [2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)

DRV - [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)

DRV - [2003/12/01 13:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)

DRV - [2002/11/08 08:50:00 | 00,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)

DRV - [2002/11/08 08:50:00 | 00,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)

DRV - [2002/11/08 08:50:00 | 00,041,420 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)

DRV - [2002/11/08 08:50:00 | 00,023,838 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)

DRV - [2002/11/08 08:50:00 | 00,014,156 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr)

DRV - [2001/10/28 12:07:22 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 89.186.169.125:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.701

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20091031

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG9\Firefox [2009/11/21 18:40:03 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/11/08 11:45:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/11/07 14:04:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Arquivos de programas\Mozilla Thunderbird\components [2009/10/13 22:21:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Arquivos de programas\Mozilla Thunderbird\plugins [2009/10/13 23:00:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/06/20 02:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2009/12/11 06:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions

[2009/12/06 15:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009/10/30 12:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009/11/19 19:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/02 13:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\foxyproxy@eric.h.jung

[2008/08/17 18:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\nasanightlaunch@example(2).com

[2009/11/05 15:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\nasanightlaunch@example.com

[2009/05/02 06:23:23 | 00,002,360 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\baixaki.xml

[2008/03/16 02:12:34 | 00,002,920 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\daemon-search.xml

[2009/12/05 22:21:38 | 00,002,385 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\kongregate.xml

[2009/12/11 06:27:38 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2008/09/03 22:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

[2009/08/16 18:43:33 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/08/16 18:43:33 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/08/16 18:43:33 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/08/16 18:43:33 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (319658 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 127.0.0.1 163ns.com

O1 - Hosts: 127.0.0.1 www.163ns.com

O1 - Hosts: 10959 more lines...

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Arquivos de programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe (ali)

O4 - HKLM..\Run: [zBrowser Launcher] C:\Arquivos de programas\Logitech\iTouch\iTouch.exe File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [bitTorrent DNA] C:\Arquivos de programas\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -5

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359 (WUWebControl Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\awtsQKeB: DllName - awtsQKeB.dll - File not found

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/15 18:51:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\AutoRun\command - "" = USBSYSTEM/usp.exe

O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\explore\command - "" = USBSYSTEM/usp.exe

O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\open\command - "" = USBSYSTEM/usp.exe

O33 - MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\Shell\AutoRun\command - "" = F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe -- File not found

O33 - MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\Shell\open\command - "" = F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe -- File not found

O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup\rsrc\Autorun.exe -- File not found

O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/20 18:03:40 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

SafeBootMin: aawservice - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus estender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus estender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus estender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: Messenger - File not found

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus estender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0e8d0700-75df-11d3-8b4a-0008c7450c4a} - LizardTech DjVu Activex Control

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Ligação de dados de HTML dinâmico para Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Cancelar inscrição

ActiveX: {423290D4-DC50-48FA-9871-9D61FCAD7C13} - .NET Framework

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Criação avançada

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4CA7893E-7781-B619-CE41-47D106070927} - Internet Explorer

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes DirectAnimation para Java

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Atualização de Segurança para Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Agendador de tarefas

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()

Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)

Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)

Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2009/12/12 07:02:09 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/12/01 00:32:51 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/11/28 02:42:09 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/11/28 02:42:09 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/11/28 02:42:09 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/11/21 20:10:52 | 00,847,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbgeng.dll

[2009/11/21 19:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Malwarebytes

[2009/11/21 19:15:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/11/21 19:15:41 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/11/21 19:15:41 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Malwarebytes' Anti-Malware

[2009/11/21 19:15:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

[2009/11/21 18:41:07 | 00,000,000 | -H-D | C] -- C:\$AVG

[2009/11/21 18:40:51 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/21 18:40:51 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/21 18:40:46 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/21 18:40:46 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/21 18:40:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/11/21 18:40:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

[2009/11/21 18:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/21 18:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/21 18:38:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/11/21 18:38:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/11/19 20:45:56 | 00,701,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cohelper.dll

[2009/11/19 20:45:54 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe

[2009/11/18 21:14:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\AskToolbar

[2009/11/16 17:35:09 | 00,285,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cudart.dll

[2009/11/16 17:35:08 | 00,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl

[2009/11/16 17:34:42 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\CPUID

[2009/11/16 17:34:34 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Ask.com

[2009/11/13 00:40:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\BioWare

[2009/11/13 00:38:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrador\Meus documentos\BioWare

[2009/11/12 23:37:31 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Dragon Age

[2009/11/12 23:37:29 | 00,000,000 | ---D | C] -- C:\Arquivos de programas\Arquivos comuns\BioWare

[2009/10/13 23:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/10/13 23:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/08/28 06:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET

[2008/11/08 16:18:47 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2008/11/08 16:18:47 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[2008/09/06 15:55:29 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/12/12 07:01:00 | 00,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/12/12 06:28:00 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/12 01:19:11 | 46,509,712 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/12/12 01:18:50 | 00,123,577 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/12/11 23:50:57 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/11 19:28:01 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/10 13:47:38 | 00,509,620 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/12/10 13:47:38 | 00,471,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/10 13:47:38 | 00,098,614 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/12/10 13:47:38 | 00,085,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/10 13:47:37 | 00,003,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/10 13:46:36 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/10 13:45:18 | 00,231,840 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/12/10 13:45:11 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/12/10 13:45:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/10 13:44:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/10 11:07:58 | 11,272,192 | ---- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT

[2009/12/10 11:07:29 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini

[2009/11/28 06:18:57 | 01,577,328 | -H-- | M] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\IconCache.db

[2009/11/21 18:40:51 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/11/21 18:40:51 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/11/21 18:40:46 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/11/21 18:40:46 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/21 18:40:46 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/11/21 18:40:27 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/21 18:40:27 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/21 18:36:41 | 00,002,969 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2009/11/14 18:27:51 | 00,002,048 | ---- | M] () -- C:\Backup.bkf

[2009/11/14 18:26:36 | 00,002,048 | ---- | M] () -- C:\Documents and Settings\Administrador\Meus documentos\Backup.bkf

[2009/11/12 22:56:35 | 00,000,170 | ---- | M] () -- C:\WINDOWS\game.ini

========== Files Created - No Company Name ==========

[2009/11/21 18:40:46 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/11/21 18:40:27 | 46,509,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/11/21 18:40:27 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/11/21 18:40:27 | 00,123,577 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/11/21 18:40:26 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/11/19 20:45:56 | 00,006,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2009/11/19 20:45:55 | 00,007,090 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu

[2009/11/16 17:35:09 | 00,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll

[2009/11/16 17:34:39 | 00,000,266 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2009/11/14 18:27:42 | 00,002,048 | ---- | C] () -- C:\Backup.bkf

[2009/11/14 18:26:30 | 00,002,048 | ---- | C] () -- C:\Documents and Settings\Administrador\Meus documentos\Backup.bkf

[2009/10/26 13:04:54 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/10/13 22:33:39 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/10/13 22:33:39 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/10/13 22:33:38 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/13 22:33:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/19 05:30:53 | 00,006,144 | -HS- | C] () -- C:\Arquivos de programas\Thumbs.db

[2009/08/04 15:29:29 | 00,000,170 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/08 10:58:18 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/07/08 10:58:18 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/07/08 10:58:18 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/07/08 10:58:18 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/01 05:32:41 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/04/22 01:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/04/20 12:47:52 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/04/20 12:47:52 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

[2008/12/18 20:47:39 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini

[2008/12/10 17:03:08 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/11/21 23:18:24 | 00,000,152 | ---- | C] () -- C:\WINDOWS\dlgeditor.ini

[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/10/06 05:18:14 | 00,008,802 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini

[2008/10/06 05:18:14 | 00,007,763 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini

[2008/10/06 05:18:14 | 00,007,207 | ---- | C] () -- C:\WINDOWS\Disktool.INI

[2008/10/06 05:18:14 | 00,006,565 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini

[2008/10/06 05:18:14 | 00,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI

[2008/09/11 18:58:36 | 00,000,066 | ---- | C] () -- C:\WINDOWS\CS_MD_T.INI

[2008/09/06 15:56:00 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\vso_ts_preview.xml

[2008/09/06 15:55:45 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.log

[2008/09/06 15:55:29 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

[2008/09/06 15:55:29 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.cat

[2008/09/06 15:55:29 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.inf

[2008/08/28 17:05:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2008/06/20 15:49:27 | 00,000,560 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/20 15:29:17 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/06/19 19:01:32 | 00,162,304 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\unrar.dll

[2008/06/14 05:29:58 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/05/22 20:31:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008/05/19 16:44:46 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008/05/19 16:44:46 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008/05/19 16:44:46 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008/04/24 04:36:23 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/28 11:46:11 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2008/03/28 11:46:11 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2008/03/16 01:33:55 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2008/03/15 23:40:40 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/05/10 20:03:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2004/08/03 22:59:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[2001/03/30 13:59:26 | 00,032,768 | RHS- | C] () -- C:\WINDOWS\System32\ftabrs.dll

[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2004/08/04 00:45:22 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=BD18C87A4E1EA136C44D374296B981DC -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 00:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 00:20:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=A8CDC8DECE4735B86BBEF28460996C30 -- C:\WINDOWS\system32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2004/08/04 00:45:26 | 00,183,808 | ---- | M] (Microsoft Corporation) MD5=E95230A31F912E07B19F8335D4DFF110 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 00:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 00:20:40 | 00,184,832 | ---- | M] (Microsoft Corporation) MD5=879E802EF4EF2405014B170EA41E552B -- C:\WINDOWS\system32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2004/08/04 00:45:26 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=82777C1BE8E9F0B1574DAC5BC29C7D6F -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

[2008/04/14 00:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 00:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\netlogon.dll

[2008/04/14 00:20:34 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=49897D67B04E62F8E59EB8B1C7DF7072 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2004/08/03 22:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2008/04/13 16:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 16:40:30 | 00,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< End of report >

No proximo post ponho o extra porque não to conseguindo colocar tudo junto

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olha eu tentei postar o Extra varias vezes mas mesmo sabendo o erro ("Você colocou 14 imagens em sua mensangem. Você tem um limite de 10 imagens para cada post, então por favor volte e corrija o problema para assim continuar.

Imagens incluem uso de smilies, do vB código %7Boption%7D tag e HTML <img> tags")

Não consegui alterar de forma q resolvese então vou postar metade do extra e depois a outra metade, desculpe por esse flood de posts

OTL Extras logfile created on: 12/12/2009 07:11:01 - Run 1

OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,48 Mb Total Physical Memory | 103,80 Mb Available Physical Memory | 10,14% Memory free

2,89 Gb Paging File | 1,83 Gb Available in Paging File | 63,32% Paging File free

Paging file location(s): C:\pagefile.sys 2036 3572 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 15,26 Gb Free Space | 10,24% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PH

Current User Name: Administrador

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Arquivos de programas\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\ARQUIV~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Arquivos de programas\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Arquivos de programas\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

Compartilhar este post


Link para o post
Compartilhar em outros sites

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Arquivos de programas\Warcraft III\Warcraft III.exe" = C:\Arquivos de programas\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found

"C:\Arquivos de programas\Doom 3\Doom3.exe" = C:\Arquivos de programas\Doom 3\Doom3.exe:*:Enabled:DOOM 3 -- File not found

"C:\Arquivos de programas\Savage\silverback.exe" = C:\Arquivos de programas\Savage\silverback.exe:*:Enabled:silverback -- File not found

"C:\Arquivos de programas\DNA\btdna.exe" = C:\Arquivos de programas\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"C:\Arquivos de programas\BitTorrent\bittorrent.exe" = C:\Arquivos de programas\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Arquivos de programas\DreMule\emule.exe" = C:\Arquivos de programas\DreMule\emule.exe:*:Enabled:Dreamule -- (http://www.dreamule.org)

"C:\Dungeon Siege\DSLOA.exe" = C:\Dungeon Siege\DSLOA.exe:*:Enabled:Dungeon Siege: Legends of Aranna Game Executable -- File not found

"C:\Arquivos de programas\LimeWire\LimeWire.exe" = C:\Arquivos de programas\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found

"C:\kav\kis8.0\english\setup.exe" = C:\kav\kis8.0\english\setup.exe:*:Enabled:Kaspersky Internet Security 2009 Setup -- File not found

"C:\Arquivos de programas\Mozilla Firefox\firefox.exe" = C:\Arquivos de programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Arquivos de programas\Valve\hl.exe" = C:\Arquivos de programas\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Arquivos de programas\Valve\hlds.exe" = C:\Arquivos de programas\Valve\hlds.exe:*:Enabled:HLDS Launcher -- (Valve)

"C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe" = C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe:*:Disabled:MessengerDiscovery Live the Windows Live Messenger addon -- File not found

"C:\Arquivos de programas\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe" = C:\Arquivos de programas\LucasArts\Star Wars Empire at War\GameData\fpupdate.exe:*:Enabled:fpupdate -- File not found

"C:\World of Warcraft\Repair.exe" = C:\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility -- (Blizzard Entertainment, Inc.)

"C:\Arquivos de programas\Hamachi\hamachi.exe" = C:\Arquivos de programas\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)

"C:\Arquivos de programas\MSN Messenger\livecall.exe" = C:\Arquivos de programas\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

"C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\smh.exe" = C:\Arquivos de programas\DsNET Corp\aTube Catcher 1.0\smh.exe:*:Enabled:Smart Media Hunter 0.7 -- (DsNET Corp. 2007)

"C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)

"C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE" = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Arquivos de programas\Electronic Arts\Need for Speed Carbon\NFSC.exe" = C:\Arquivos de programas\Electronic Arts\Need for Speed Carbon\NFSC.exe:*:Enabled:NFSC -- File not found

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- File not found

"C:\Arquivos de programas\Electronic Arts\The Battle for Middle-earth II\game.dat" = C:\Arquivos de programas\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth II -- File not found

"C:\Arquivos de programas\Electronic Arts\The Battle for Middle-earth II\patchget.dat" = C:\Arquivos de programas\Electronic Arts\The Battle for Middle-earth II\patchget.dat:*:Enabled:patchgrabber -- File not found

"C:\Arquivos de programas\Curse\CurseClient.exe" = C:\Arquivos de programas\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found

"C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead.exe" = C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()

"C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe" = C:\Arquivos de programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Arquivos de programas\Sports Interactive\Football Manager 2008\fm.exe" = C:\Arquivos de programas\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 -- File not found

"C:\Arquivos de programas\City Interactive\Overspeed\LASR.exe" = C:\Arquivos de programas\City Interactive\Overspeed\LASR.exe:*:Enabled:Overspeed -- File not found

"C:\Arquivos de programas\City Interactive\Overspeed\dedicated server.exe" = C:\Arquivos de programas\City Interactive\Overspeed\dedicated server.exe:*:Enabled:Overspeed Dedicated Server -- File not found

"C:\Arquivos de programas\Unreal Tournament 3\Binaries\UT3.exe" = C:\Arquivos de programas\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:UT3 -- File not found

"C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FarCry2.exe" = C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)

"C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FC2Launcher.exe" = C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)

"C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FC2Editor.exe" = C:\Arquivos de programas\UBISOFT\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)

"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()

"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()

"C:\Arquivos de programas\Electronic Arts\Red Alert 3\Data\ra3_1.0.game" = C:\Arquivos de programas\Electronic Arts\Red Alert 3\Data\ra3_1.0.game:*:Enabled:Command & Conquer™ Red Alert™ 3 -- (Electronic Arts Inc.)

"C:\Arquivos de programas\Java\jre6\bin\java.exe" = C:\Arquivos de programas\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe" = C:\Arquivos de programas\Electronic Arts\The Lord of the Rings - Conquest™\Conquest.exe:*:Enabled:Game -- File not found

"C:\Arquivos de programas\Anonymizer\Anonymizer Software\Common\AnonProxy.exe" = C:\Arquivos de programas\Anonymizer\Anonymizer Software\Common\AnonProxy.exe:*:Enabled:AnonProxy -- File not found

"C:\Arquivos de programas\Taikodom\taikodom-game.exe" = C:\Arquivos de programas\Taikodom\taikodom-game.exe:*:Enabled:taikodom-game -- File not found

"C:\Arquivos de programas\mIRC\mirc.exe" = C:\Arquivos de programas\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Arquivos de programas\Activision\Marvel - Ultimate Alliance\Game.exe" = C:\Arquivos de programas\Activision\Marvel - Ultimate Alliance\Game.exe:*:Enabled:Game -- File not found

"C:\Arquivos de programas\Hive\GetAmped\amped.exe" = C:\Arquivos de programas\Hive\GetAmped\amped.exe:*:Enabled:amped -- File not found

"C:\Arquivos de programas\Skype\Phone\Skype.exe" = C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Arquivos de programas\EA GAMES\American McGee's Alice\alice.exe" = C:\Arquivos de programas\EA GAMES\American McGee's Alice\alice.exe:*:Enabled:American McGee's Alice -- (Rogue Entertainment)

"C:\Arquivos de programas\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE" = C:\Arquivos de programas\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9) -- (CAPCOM CO., LTD.)

"C:\Arquivos de programas\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE" = C:\Arquivos de programas\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10) -- (CAPCOM CO., LTD.)

"C:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found

"C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe" = C:\Arquivos de programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Arquivos de programas\Java\jre6\bin\javaw.exe" = C:\Arquivos de programas\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Arquivos de programas\Bonjour\mDNSResponder.exe" = C:\Arquivos de programas\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)

"C:\Arquivos de programas\Dragon Age\bin_ship\daorigins.exe" = C:\Arquivos de programas\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)

"C:\Arquivos de programas\Dragon Age\DAOriginsLauncher.exe" = C:\Arquivos de programas\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)

"C:\Arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)

"C:\Arquivos de programas\AVG\AVG9\avgupd.exe" = C:\Arquivos de programas\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Arquivos de programas\AVG\AVG9\avgnsx.exe" = C:\Arquivos de programas\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000416-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable

"{05B7B9BA-9EBC-4C5B-933D-49F372EFE7A1}" = Adobe Photoshop CS4

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0C405D1F-359E-41C5-A1A9-383A04BBD5E2}" = Windows Live Galeria de Fotos

"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6

"{0F99EAFA-4054-4ABC-A3D3-D2299210572F}" = Adobe Bridge CS4

"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Ferramenta de Carregamento do Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 17

"{28184E01-D57A-4933-A09B-F65403F16D82}" = i-Cool

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java 6 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32BC546A-8AA3-4239-AE92-9CF3291C35A6}" = Windows Live Call

"{33FA968D-199B-4FDB-865C-A507BE34CDD7}" = Windows Communication Foundation Language Pack - PTB

"{3418CD55-9677-4BF8-9B0F-8C65769C54F9}_is1" = NAXDOWN 2.47

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B7.0108.01

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{423290D4-DC50-48FA-9871-9D61FCAD7C13}" = Microsoft .NET Framework 2.0 Language Pack - PTB

"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE

"{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}" = USB Disk Win98 Driver

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{51A9E3DD-37B8-47BB-8E67-5B76B3EFBC48}" = Assistente de Conexão do Windows Live

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = MouseWare 9.75 da Logitech

"{616F0D12-BB36-46A4-8EE9-19505F589931}" = BrOffice.org 3.0

"{624DEAA0-B27D-444B-8BFE-70622B318A4A}" = Windows Live Toolbar

"{6A288CAE-32D0-4CA7-8166-210D380A8045}" = Windows Workflow Foundation BR Language Pack

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{70E0C991-2618-4FBB-941F-2C549EA81046}" = Nero 7 Essentials

"{74AD1846-2010-4FB1-8E24-B6F2B87150C2}" = Windows Live Mail

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.0.52

"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77B5AD60-8F14-11D4-9BC9-0050041A1090}" = American McGee's Alice

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0416-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISER_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISER_{9A141B2B-7C5E-47D2-8E9E-9AC6018F3C42}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISER_{02A880E2-B8B9-4BF5-8822-EA1374734E2E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{93676FC6-C7DB-45A6-A62B-74A324F17313}" = Windows Presentation Foundation Language Pack (PTB)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95120000-0122-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9555B4ED-09A3-4722-8E8C-57A49401D059}" = Windows Live Writer

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6

"{9E2EE2F7-33BD-4D30-9E5D-8469A9F32009}" = Windows Live Sync

"{A1C9D1DA-7803-4586-B509-450009938312}" = Adobe Setup

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B5ED7AB0-3838-4389-8549-7C8E22DD48F4}" = Windows Live Messenger

"{B63C1E49-2E0E-406B-BD8A-C703E4263E0A}" = AdVantage

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C4418DF9-5B57-4C5D-ACC2-D6B1338CCE09}" = Photoshop Camera Raw

"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =

"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F2CD4651-F948-467C-B014-71FD981B7F59}" = Windows Live Essentials

"{F407D6FB-D3AD-44CC-B77B-5B3F0FF1F22C}" = Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

"{FE943FB0-9555-4B58-A883-81F7F6AAA645}" = InpyrenoFsu

"7-Zip" = 7-Zip 4.57

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_b741c3c52d3108664cedeb2b76f6d96" = Adobe Photoshop CS4

"AVG9Uninstall" = AVG Free 9.0

"BCAB34F3D0437A511B21EE29B337548D35996EB3" = Pacote de Driver do Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

"CCleaner" = CCleaner (remove only)

"CDisplay_is1" = CDisplay 1.8

"Cheat Engine 5.5_is1" = Cheat Engine 5.5

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DjVu" = Lizardtech DjVu Control (autoinstall)

"DreaMule_is1" = DreaMule 3.2

"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders

"ENTERPRISER" = Microsoft Office Enterprise 2007

"Game Maker 7.0" = Game Maker 7.0

"GIF Movie Gear_is1" = GIF Movie Gear 4.2

"Google Chrome" = Google Chrome

"Hamachi" = Hamachi 1.0.3.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 2.0 Language Pack - PTB" = Microsoft .NET Framework 2.0 Language Pack - PTB

"Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack" = Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"mIRC" = mIRC

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NodEnabler" = NodEnabler 3.0

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"PartyPoker" = PartyPoker

"PC Wizard 2009_is1" = PC Wizard 2009.1.9111

"Pcsx2_is1" = Pcsx2 0.9.2 Watermoose

"Pivot Brasil_is1" = Pivot Stickfigure Animator 3.1 BR

"PokerStars.net" = PokerStars.net

"PunkBusterSvc" = PunkBuster Services

"QuicktimeAlt_is1" = QuickTime Alternative 2.9.2

"RealPlayer 6.0" = RealPlayer

"SystemRequirementsLab" = System Requirements Lab

"Tradução Adobe Photoshop CS4_is1" = Adobe Photoshop CS4 1.0

"VLC media player" = VLC media player 1.0.1

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = Arquivo do WinRAR

"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"World of Warcraft" = World of Warcraft

"WoW Legion BR2.0" = WoW Legion BR

"Wow-Bra Addons Pack 2.2" = Wow-Bra Addons Pack 2.2

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent" = BitTorrent

"BitTorrent DNA" = DNA

"WoW-Brasil Launcher" = WoW-Brasil Launcher

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

Error - 2/12/2009 22:49:51 | Computer Name = PH | Source = Adobe Version Cue CS3 | ID = 3

Description =

[ OSession Events ]

Error - 1/9/2009 22:36:25 | Computer Name = PH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session

lasted 14 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/9/2009 22:36:36 | Computer Name = PH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session

lasted 7 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/9/2009 22:36:48 | Computer Name = PH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session

lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error - 1/9/2009 22:46:13 | Computer Name = PH | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session

lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço LiveUpdate Notice Service foi encerrado inesperadamente.

Isso aconteceu 1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## foi

encerrado inesperadamente. Isso aconteceu 1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço ForceWare Intelligent Application Manager (IAM) foi encerrado

inesperadamente. Isso aconteceu 1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço Java Quick Starter foi encerrado inesperadamente. Isso

aconteceu 1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7031

Description = O serviço AVG Free WatchDog foi finalizado inesperadamente. Isto aconteceu

1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar

o serviço.

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço PnkBstrA foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço PnkBstrB foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço NMIndexingService foi encerrado inesperadamente. Isso aconteceu

1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço ForceWare IP service foi encerrado inesperadamente. Isso

aconteceu 1 vez(es).

Error - 5/12/2009 22:05:34 | Computer Name = PH | Source = Service Control Manager | ID = 7034

Description = O serviço SeaPort foi encerrado inesperadamente. Isso aconteceu 1

vez(es).

< End of report >

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Etapa nº 1 #

Acesse o Painel de Controle -> Adicionar/Remover Programas; e remova o seguinte programa:

  • Ask Toolbar

Etapa nº 2 #
Novamente com o OTL
  • Clique duas vezes no ícone 3984478580_7ed4cabc45_o.gif
  • Copie e cole o conteúdo abaixo, no espaço logo após 3979150640_113dbcd345_o.jpg

:OTL
PRC - [2008/04/14 00:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
DRV - [2008/03/16 02:08:50 | 00,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O20 - Winlogon\Notify\awtsQKeB: DllName - awtsQKeB.dll - File not found
O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\AutoRun\command - "" = USBSYSTEM/usp.exe
O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\explore\command - "" = USBSYSTEM/usp.exe
O33 - MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\Shell\open\command - "" = USBSYSTEM/usp.exe
O33 - MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\Shell\AutoRun\command - "" = F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe -- File not found
O33 - MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\Shell\open\command - "" = F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe -- File not found
O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell\AutoRun\command - "" = E:\Setup\rsrc\Autorun.exe -- File not found
O33 - MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe -- File not found
[2001/03/30 13:59:26 | 00,032,768 | RHS- | C] () -- C:\WINDOWS\System32\ftabrs.dll
[2009/12/12 07:01:00 | 00,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

:Processes

:Services

:Reg

:Files

:Commands
[emptytemp]
[purity]
[clearrestorepoints]
[resethosts]
[start explorer]
[reboot]

  • Clique no botão 3978388571_46074d225b_o.jpg
  • Quando reiniciar vai aparecer uma janela, clique em executar;
  • Salve (arquivo > salvar como) o log no desktop com um nome que desejar;
  • Atenção: se fechar o log sem ter salvo antes ele sumirá.
  • Abra novamente o OTL e clique no botão 3979150380_a527677c2f_o.jpg
  • Não interrompa o scan em hipótese algum;
  • Quando terminar será gerado o OTL.txt;
  • Poste então em sua próxima resposta os DOIS logs gerados.

Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Etapa nº 4 #
Acesse o site 4y6d3b8.gif" Jotti's malware scan "
  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • C:\WINDOWS\System32\drivers\a347bus.sys
    • C:\WINDOWS\System32\drivers\a347scsi.sys
    • C:\WINDOWS\System32\cutil32.dll

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Etapa 1

feita

Etapa 2

Ocorreu um erro quando eu tava fazendo a 1ª parte (o run fix) tava com tudo finalizado so o programa aberto ai deu um erro e parou ai eu mandei ele começar de novo (igual tinha feito antes) e ai rodou direitinho (não sei se isso vai mudar alguma coisa)

aqui vai os log 1º o do run fix e dps o quick scan

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Error: Unable to stop service sptd!

Unable to delete service\driver keysptd.

File C:\WINDOWS\System32\Drivers\sptd.sys not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsQKeB\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

File USBSYSTEM/usp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

File USBSYSTEM/usp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7908aa06-f5c2-11dc-987e-001d7d8fc9c3}\ not found.

File USBSYSTEM/usp.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\ not found.

File F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ccb3aff-313b-11de-bcbe-001d7d8fc9c3}\ not found.

File F:\RECYCLERS-1-6-21-6875689567-0328346474-238463292-3211\usbsysload.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

File E:\Setup\rsrc\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b32c0578-f2e0-11dc-93da-806d6172696f}\ not found.

File E:\Directx\dxsetup.exe not found.

File C:\WINDOWS\System32\ftabrs.dll not found.

File C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job not found.

========== PROCESSES ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: All Users

User: Convidado

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Outros

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,03 mb

Error: Unable to interpret <[clearrestorepoints]> in the current context!

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.1.16.0 log created on 12132009_040650

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL logfile created on: 13/12/2009 04:12:38 - Run 2

OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Administrador\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: d/M/yyyy

1023,48 Mb Total Physical Memory | 378,11 Mb Available Physical Memory | 36,94% Memory free

2,89 Gb Paging File | 2,35 Gb Available in Paging File | 81,36% Paging File free

Paging file location(s): C:\pagefile.sys 2036 3572 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Arquivos de programas

Drive C: | 149,04 Gb Total Space | 17,38 Gb Free Space | 11,66% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PH

Current User Name: Administrador

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/12 09:08:26 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgtray.exe

PRC - [2009/12/12 09:08:21 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgrsx.exe

PRC - [2009/12/12 09:08:20 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgnsx.exe

PRC - [2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

PRC - [2009/11/21 18:40:19 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgchsvx.exe

PRC - [2009/11/21 18:40:16 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgcsrvx.exe

PRC - [2009/11/21 18:40:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe

PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jusched.exe

PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe

PRC - [2009/10/07 10:29:05 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\DNA\btdna.exe

PRC - [2009/07/23 17:23:56 | 00,178,720 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

PRC - [2009/07/23 17:23:54 | 00,387,616 | ---- | M] () -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

PRC - [2009/07/08 10:58:02 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe

PRC - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/04/20 12:47:42 | 00,107,832 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe

PRC - [2009/04/20 12:47:23 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe

PRC - [2009/03/05 17:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/10/25 12:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

PRC - [2008/09/30 16:52:50 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin

PRC - [2008/09/30 16:52:42 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe

PRC - [2008/06/22 05:25:00 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

PRC - [2008/04/14 00:20:58 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/07/05 06:08:46 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe

PRC - [2007/03/07 19:49:08 | 00,910,896 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

PRC - [2007/03/07 19:49:06 | 00,271,920 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

PRC - [2007/03/07 19:48:54 | 00,149,040 | ---- | M] (Nero AG) -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe

PRC - [2005/09/14 21:44:14 | 00,065,536 | ---- | M] (ali) -- C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe

PRC - [2005/02/17 08:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

PRC - [2004/12/14 05:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

PRC - [2002/11/21 09:50:00 | 00,037,888 | ---- | M] (Logitech Inc.) -- C:\Arquivos de programas\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

MOD - [2002/11/21 09:50:00 | 00,006,144 | ---- | M] (Logitech Inc.) -- C:\Arquivos de programas\Logitech\MouseWare\system\LgWndHk.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (UPS)

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - [2009/11/21 18:40:06 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Arquivos de programas\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2009/10/26 18:45:54 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/10/13 22:59:27 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe -- (gupdate1ca4c69a56968ca) Google Update Service (gupdate1ca4c69a56968ca)

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Arquivos de programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2009/07/26 06:43:14 | 00,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)

SRV - [2009/07/23 17:23:56 | 00,178,720 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2009/07/23 17:23:54 | 00,387,616 | ---- | M] () [Auto | Running] -- C:\Arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)

SRV - [2009/07/08 10:58:02 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)

SRV - [2009/05/19 12:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2009/04/20 12:47:42 | 00,107,832 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)

SRV - [2009/04/20 12:47:23 | 00,066,872 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)

SRV - [2008/11/04 02:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2008/10/25 12:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)

SRV - [2008/06/22 05:25:00 | 00,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)

SRV - [2008/05/16 20:45:42 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2008/01/29 18:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/03/07 19:49:06 | 00,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)

SRV - [2007/03/07 19:46:40 | 00,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)

SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 89.186.169.125:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1

FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.16.1

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7

FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20091031

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Arquivos de programas\AVG\AVG9\Firefox [2009/12/12 09:11:33 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Arquivos de programas\Mozilla Firefox\components [2009/11/08 11:45:12 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Arquivos de programas\Mozilla Firefox\plugins [2009/11/07 14:04:05 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Arquivos de programas\Mozilla Thunderbird\components [2009/10/13 22:21:01 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Arquivos de programas\Mozilla Thunderbird\plugins [2009/10/13 23:00:45 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008/06/20 02:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Extensions

[2009/12/11 06:27:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions

[2009/12/06 15:31:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2009/10/30 12:35:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}

[2009/11/19 19:36:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2009/12/02 13:20:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\foxyproxy@eric.h.jung

[2008/08/17 18:38:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\nasanightlaunch@example(2).com

[2009/11/05 15:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\extensions\nasanightlaunch@example.com

[2009/05/02 06:23:23 | 00,002,360 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\baixaki.xml

[2008/03/16 02:12:34 | 00,002,920 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\daemon-search.xml

[2009/12/05 22:21:38 | 00,002,385 | ---- | M] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\searchplugins\kongregate.xml

[2009/12/11 06:27:38 | 00,000,000 | ---D | M] -- C:\Arquivos de programas\Mozilla Firefox\extensions

[2008/09/03 22:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

[2007/02/05 00:02:56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

[2009/08/16 18:43:33 | 00,001,027 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\buscape.xml

[2009/08/16 18:43:33 | 00,001,135 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\mercadolivre.xml

[2009/08/16 18:43:33 | 00,001,168 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\wikipedia-br.xml

[2009/08/16 18:43:33 | 00,000,648 | ---- | M] () -- C:\Arquivos de programas\Mozilla Firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Arquivos de programas\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Arquivos de programas\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSB Storage Toolbox] C:\Arquivos de programas\USB Disk Win98 Driver\Res.exe (ali)

O4 - HKLM..\Run: [zBrowser Launcher] C:\Arquivos de programas\Logitech\iTouch\iTouch.exe File not found

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [bitTorrent DNA] C:\Arquivos de programas\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKCU..\Run: [updateMgr] C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\BrOffice.org 3.0.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = -5

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0

O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Arquivos de programas\PartyGaming\PartyPoker\RunApp.exe ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Arquivos de programas\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://tky09.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/PT-BR/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205973946359 (WUWebControl Class)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} http://messenger.zone.msn.com/binary/Chess.cab57176.cab (ZoneChess Object)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\awtsQKeB: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O24 - Desktop Components:0 (Minha página inicial atual) - About:Home

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/03/15 18:51:57 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/13 04:05:23 | 00,000,000 | ---D | C] -- C:\_OTL

[2009/12/12 07:02:09 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/12/01 00:32:51 | 00,000,000 | ---D | C] -- C:\_OTM

[2009/11/21 18:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/21 18:38:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft

[2009/11/21 18:38:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dados de aplicativos\Microsoft

[2009/11/21 18:38:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft

[2009/10/13 23:22:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Google

[2009/10/13 23:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Google

[2009/08/28 06:43:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\ESET

[2008/11/08 16:18:47 | 00,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys

[2008/11/08 16:18:47 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys

[2008/09/06 15:55:29 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.sys

========== Files - Modified Within 14 Days ==========

[2009/12/13 04:09:16 | 00,231,840 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2009/12/13 04:09:05 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/13 04:08:28 | 00,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2009/12/13 04:08:28 | 00,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job

[2009/12/13 04:08:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/13 04:08:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/13 04:07:02 | 11,272,192 | ---- | M] () -- C:\Documents and Settings\Administrador\NTUSER.DAT

[2009/12/13 04:07:02 | 00,000,210 | -HS- | M] () -- C:\Documents and Settings\Administrador\ntuser.ini

[2009/12/13 04:06:52 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2009/12/13 03:28:10 | 00,001,048 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2009/12/13 00:51:28 | 46,555,839 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/12/13 00:51:04 | 00,123,708 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/12/12 12:36:28 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2009/12/12 07:02:10 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrador\Desktop\OTL.exe

[2009/12/10 13:47:38 | 00,509,620 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat

[2009/12/10 13:47:38 | 00,471,410 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/10 13:47:38 | 00,098,614 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat

[2009/12/10 13:47:38 | 00,085,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/10 13:47:37 | 00,003,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2009/12/13 03:42:08 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll

[2009/11/16 17:35:09 | 00,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll

[2009/10/26 13:04:54 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2009/10/13 22:33:39 | 00,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009/10/13 22:33:39 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009/10/13 22:33:38 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2009/10/13 22:33:38 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

[2009/08/19 05:30:53 | 00,006,144 | -HS- | C] () -- C:\Arquivos de programas\Thumbs.db

[2009/08/04 15:29:29 | 00,000,170 | ---- | C] () -- C:\WINDOWS\game.ini

[2009/08/03 16:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/08 10:58:18 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2009/07/08 10:58:18 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2009/07/08 10:58:18 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2009/07/08 10:58:18 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2009/06/01 05:32:41 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2009/04/22 01:19:06 | 00,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2009/04/20 12:47:52 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2009/04/20 12:47:52 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\PnkBstrK.sys

[2008/12/18 20:47:39 | 00,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini

[2008/12/10 17:03:08 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2008/11/21 23:18:24 | 00,000,152 | ---- | C] () -- C:\WINDOWS\dlgeditor.ini

[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008/10/06 05:18:14 | 00,008,802 | ---- | C] () -- C:\WINDOWS\AmvTransform.ini

[2008/10/06 05:18:14 | 00,007,763 | ---- | C] () -- C:\WINDOWS\AmvPlayer.ini

[2008/10/06 05:18:14 | 00,007,207 | ---- | C] () -- C:\WINDOWS\Disktool.INI

[2008/10/06 05:18:14 | 00,006,565 | ---- | C] () -- C:\WINDOWS\fwupgrade.ini

[2008/10/06 05:18:14 | 00,003,677 | ---- | C] () -- C:\WINDOWS\SoundCon.INI

[2008/09/11 18:58:36 | 00,000,066 | ---- | C] () -- C:\WINDOWS\CS_MD_T.INI

[2008/09/06 15:56:00 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\vso_ts_preview.xml

[2008/09/06 15:55:45 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.log

[2008/09/06 15:55:29 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

[2008/09/06 15:55:29 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.cat

[2008/09/06 15:55:29 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrador\Dados de aplicativos\pcouffin.inf

[2008/08/28 17:05:51 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI

[2008/06/20 15:49:27 | 00,000,560 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/06/20 15:29:17 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2008/06/19 19:01:32 | 00,162,304 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\unrar.dll

[2008/06/14 05:29:58 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008/05/22 20:31:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll

[2008/05/19 16:44:46 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll

[2008/05/19 16:44:46 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll

[2008/05/19 16:44:46 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll

[2008/04/24 04:36:23 | 00,076,800 | ---- | C] () -- C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/03/28 11:46:11 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2008/03/28 11:46:11 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2008/03/15 23:40:40 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2007/05/10 20:03:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2004/08/03 22:59:44 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys

[1999/01/22 12:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/08/04 15:40:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Activision

[2009/06/01 05:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Anonymizer

[2008/12/06 15:40:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Auslogics

[2009/12/11 11:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BitTorrent

[2008/12/12 12:55:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\BrOffice.org

[2008/03/16 02:08:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools

[2009/12/13 04:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\DNA

[2009/02/07 20:47:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Leadertech

[2008/09/28 07:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\LimeWire

[2008/06/16 04:40:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Opera

[2009/04/23 20:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Red Alert 3

[2009/04/04 19:34:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Sports Interactive

[2008/12/22 12:24:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Thunderbird

[2009/08/09 00:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrador\Dados de aplicativos\Vso

[2009/06/01 03:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Anonymizer

[2009/11/21 18:40:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\avg9

[2009/11/13 00:40:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BioWare

[2008/08/29 19:15:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\BVRP Software

[2009/08/23 07:09:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\ESET

[2009/07/20 20:48:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

[2009/06/14 17:51:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\pixelStorm

[2009/07/08 20:29:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\POPWWPROFILES

[2008/09/17 20:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\vsosdk

[2009/06/01 04:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}

[2009/12/13 04:08:28 | 00,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

Etapa 3

ComboFix 09-12-11.05 - Administrador 13/12/2009 4:31.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.515 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Administrador\Dados de aplicativos\inst.exe

c:\recycler\S-1-5-21-1644491937-1592454029-725345543-1006

c:\windows\system32\msconfig.exe

c:\windows\system32\twain_32.dll

c:\windows\system32\vbzlib1.dll

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-13 to 2009-12-13 ))))))))))))))))))))))))))))

.

2009-12-13 06:05 . 2009-12-13 06:05 -------- d-----w- C:\_OTL

2009-12-12 11:10 . 2009-11-21 20:40 3775256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\setup.exe

2009-12-12 11:10 . 2009-11-21 20:40 4029208 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgui.exe

2009-12-12 11:10 . 2009-11-21 20:40 1264408 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgfrw.exe

2009-12-12 11:10 . 2009-11-21 20:40 2020120 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgtray.exe

2009-12-12 11:10 . 2009-11-21 20:40 1475864 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssie.dll

2009-12-12 11:10 . 2009-11-21 20:40 600344 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgnsx.exe

2009-12-12 11:09 . 2009-11-21 20:40 1336600 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgssff.dll

2009-12-12 11:09 . 2009-11-21 20:40 1082648 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgxpl.dll

2009-12-12 11:09 . 2009-11-21 20:40 1074456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcmgr.exe

2009-12-12 11:09 . 2009-11-21 20:40 1494088 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgwd.dll

2009-12-12 11:09 . 2009-11-21 20:40 562456 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgsrmx.dll

2009-12-12 11:09 . 2009-11-21 20:40 361752 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgsrmax.exe

2009-12-12 11:09 . 2009-11-21 20:40 744728 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgscanx.exe

2009-12-12 11:09 . 2009-11-21 20:40 1946392 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgapix.dll

2009-12-12 11:09 . 2009-11-21 20:40 2352920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgresf.dll

2009-12-12 11:09 . 2009-11-21 20:40 615704 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcertx.dll

2009-12-12 11:09 . 2009-11-21 20:40 502040 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgrsx.exe

2009-12-12 11:06 . 2009-11-21 20:40 798488 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avginet.dll

2009-12-01 02:32 . 2009-12-01 02:32 -------- d-----w- C:\_OTM

2009-11-28 04:36 . 2009-11-28 04:36 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-28 04:36 . 2009-11-28 04:36 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-22 00:32 . 2009-11-22 00:32 3963160 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2009-11-22 00:32 . 2009-11-21 20:40 497944 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgchjwx.dll

2009-11-22 00:31 . 2009-11-22 00:31 844056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2009-11-22 00:31 . 2009-11-22 00:31 1658136 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2009-11-21 22:10 . 2004-05-13 17:27 847872 ----a-w- c:\windows\system32\dbgeng.dll

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 20:41 . 2009-11-21 20:41 -------- d-----w- C:\$AVG

2009-11-21 20:40 . 2009-11-21 20:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40 . 2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40 . 2009-11-21 20:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40 . 2009-11-21 20:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-21 20:40 . 2009-12-13 02:51 -------- d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2009-11-19 22:45 . 2009-07-01 13:55 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45 . 2009-06-30 06:48 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45 . 2009-07-01 02:42 485920 ----a-w- c:\windows\system32\nvunrm.exe

2009-11-16 19:35 . 2009-10-06 20:32 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-11-16 19:35 . 2009-08-03 22:25 285696 ----a-w- c:\windows\system32\cudart.dll

2009-11-16 19:34 . 2009-11-16 19:34 -------- d-----w- c:\arquivos de programas\CPUID

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-13 06:24 . 2008-06-19 20:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-12-13 06:09 . 2008-06-19 20:48 -------- d-----w- c:\arquivos de programas\DNA

2009-12-13 06:01 . 2009-10-14 00:59 -------- d-----w- c:\arquivos de programas\Google

2009-12-11 13:29 . 2008-06-19 22:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-10 15:47 . 2001-10-28 14:07 98614 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 15:47 . 2001-10-28 14:07 509620 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 02:09 . 2008-09-25 16:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-05 04:50 . 2008-12-22 14:24 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2009-11-28 04:42 . 2008-06-19 21:40 -------- d-----w- c:\arquivos de programas\Java

2009-11-26 23:19 . 2008-06-19 21:01 -------- d-----w- c:\arquivos de programas\DreMule

2009-11-21 20:40 . 2009-05-02 07:55 -------- d-----w- c:\arquivos de programas\AVG

2009-11-21 05:44 . 2009-09-17 03:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\vlc

2009-11-19 22:51 . 2008-03-15 21:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-19 22:51 . 2009-09-17 11:00 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-13 02:40 . 2009-11-13 02:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare

2009-11-13 02:37 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 02:23 . 2008-06-22 07:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-11-13 02:23 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\BioWare

2009-11-10 19:04 . 2009-11-10 19:04 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\FlashGot.exe

2009-11-07 03:30 . 2008-06-25 22:25 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-29 07:42 . 2004-08-04 02:45 916480 ----a-w- c:\windows\system32\wininet.dll

2009-10-26 21:21 . 2008-03-23 22:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 21:17 . 2009-10-26 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-26 21:04 . 2009-10-26 21:04 -------- d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45 . 2009-10-26 20:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-10-26 17:03 . 2009-10-26 15:04 -------- d-----w- c:\arquivos de programas\Cheat Engine

2009-10-26 10:29 . 2008-05-16 22:40 -------- d-----w- c:\arquivos de programas\Photoshop CS2

2009-10-21 05:39 . 2004-08-04 02:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 02:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 01:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 18:00 . 2009-10-14 00:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-13 10:34 . 2004-08-04 02:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 02:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 02:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 06:17 . 2008-12-06 16:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-09-27 20:20 . 2009-09-27 20:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12 . 2008-03-15 22:06 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24 . 2008-03-15 21:37 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-04 02:03 . 2009-08-19 07:30 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[7] 2008-04-14 . 70870E16BA3E1B4336C53F483D67FF25 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll

c:\windows\System32\drivers\beep.sys ... está faltando !!

c:\windows\System32\regsvc.dll ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"Symantec PIF AlertEng"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-06-22 198160]

"nwiz"="nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DreMule\\emule.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\World of Warcraft\\Repair.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Left 4 Dead\\left4dead.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\EA GAMES\\American McGee's Alice\\alice.exe"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/11/2008 16:18 5248]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/11/2009 18:40 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/11/2009 18:40 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [21/11/2009 18:40 285392]

S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/11/2008 16:18 160640]

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S2 gupdate1ca4c69a56968ca;Google Update Service (gupdate1ca4c69a56968ca);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [13/10/2009 22:59 133104]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [13/11/2009 00:05 25832]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-zBrowser Launcher - c:\arquivos de programas\Logitech\iTouch\iTouch.exe

Notify-awtsQKeB - (no file)

AddRemove-NodEnabler - c:\arquivos de programas\ESET\NodEnabler\Uninstall.exe

AddRemove-{59366175-55F2-411B-9911-3D71D46CD073} - c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\{773E7240-B347-4DFF-A6EF-6E829EDD59DF}\Anonymizer_Software.exe

AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\documents and settings\Administrador\Configurações locais\Dados de aplicativos\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-13 04:36

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,94,78,09,38,25,37,44,ae,e8,6a,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,40,94,78,09,38,25,37,44,ae,e8,6a,\

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:99,96,af,80,f2,07,70,99,91,f1,73,46,47,2c,45,38,f0,e2,dd,fc,3f,1f,31,

c8,bf,96,42,4b,39,bf,bf,c7,ce,1f,b7,84,35,09,56,4d,6e,40,5a,eb,a4,1a,e0,a0,\

"??"=hex:47,f9,33,c6,b8,94,d8,b6,8c,6c,96,e7,f5,7a,d5,33

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:55,ac,5d,6d,10,e9,7f,fc,f9,dd,22,e3,25,1a,e6,8a,e5,e3,25,fa,bf,

5f,b9,cd,50,4e,17,6a,6f,4d,6c,f2,14,62,3f,3e,20,e0,86,e4,46,2b,fc,1b,a3,00,\

"rkeysecu"=hex:5a,c6,4d,44,e9,ce,55,0d,2e,5c,cf,6e,d9,33,04,e3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-12-13 04:40:09

ComboFix-quarantined-files.txt 2009-12-13 06:39

Pré-execução: 15 pasta(s) 18.546.184.192 bytes disponíveis

Pós execução: 20 pasta(s) 18.518.859.776 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - D9E4925BE9C26307244F443B55274441

Etapa 4

Nome do arquivo: a347bus.sys

Status:

Verificação finalizada. 0 dos 21 antivírus encontrou vírus..

Verificado em: Dom 13 Dez 2009 07:53:21 (CET) Link do resultado

Nome do arquivo: a347scsi.sys

Status:

Verificação finalizada. 0 dos 21 antivírus encontrou vírus..

Verificado em: Qui 26 Nov 2009 02:58:58 (CET) Link do resultado

Nome do arquivo: cutil32.dll

Status:

Verificação finalizada. 0 dos 21 antivírus encontrou vírus..

Verificado em: Qui 26 Nov 2009 19:41:04 (CET) Link do resultado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
c:\windows\ServicePackFiles\i386\regsvc.dll | c:\windows\System32\regsvc.dll

File::
c:\windows\system32\Drivers\sptd.sys

Driver::
sptd

RegLock::
[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 2 #

Faça o download do SystemLook em seu desktop.

Link Alternativo

  • Clique duas vezes no ícone 4119586963_6274067071_o.gif
  • Clique em executar;
  • Copie (ctrl+c) conteúdo abaixo:

:filefind
*atapi*
*beep*

E cole (ctrl+v) no espaço indicado na imagem:

4120361504_f66dd92e95_o.jpg

  • Clique em 4119586997_32a5666660_o.jpg
  • Aguarde;
  • Ao término será aberto o log do scan;
  • Clique em 4120361454_3c264d5fca_o.jpg
  • Poste todo o conteúdo em sua próxima resposta.

Note:
O log também pode ser encontrado no desktop com o nome:
SystemLook.
txt

Etapa nº 3 #

Faça o download do Gmer e salve no seu Desktop.

  • Extraia/tire do zip o arquivo para uma pasta própria.
  • Feito isso, desligue o PC da Internet e feche todos os programas.
  • Existe uma pequena hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  • Clique duas vezes em 3869050764_8a76e542bd_o.gif
  • Se lhe for perguntado, permita que o driver gmer.sys seja rodado.
  • Se receber um aviso acerca de atividade de rootkit e se quer fazer um scan clique em NO.
  • Clique nas setas ao lado de Rootkit/Malware
  • No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco, usualmente o C:\).
  • Certifique-se que todas as outras caixas, do lado direito do ecrã estejam marcadas, EXCETO para Show All
  • Clique em Scan e aguarde que o scan seja efetuado.
  • Nota: Antes do scan, certifique-se que todos os outros programas estejam fechados. Também não use o computador durante o scan.
  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha Novo e depois -> Documento de Texto.
  • Ao ter criado o arquivo, abra-o e novamente botão direito do mouse clique Colar ou Ctrl+V.
  • Salve o arquivo como gmer.txt e poste o conteúdo em sua próxima resposta.
  • Nota: Caso tenha problemas, tente executar o GMER em Modo Seguro

Importante!
Por favor não marque a caixa "
Show all
" durante o scan.

Etapa nº 4 #

É de seu conhecimento:

ProxyServer = 89.186.169.125:3128

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Etapa #1

ComboFix 09-12-11.05 - Administrador 16/12/2009 17:42:43.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.522 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\Mal-ware\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\Drivers\sptd.sys"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\regsvc.dll --> c:\windows\System32\regsvc.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_sptd

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-16 to 2009-12-16 ))))))))))))))))))))))))))))

.

2009-12-16 19:42 . 2008-04-14 02:20 59904 -c--a-w- c:\windows\system32\dllcache\regsvc.dll

2009-12-16 19:42 . 2008-04-14 02:20 59904 ----a-w- c:\windows\system32\regsvc.dll

2009-12-13 06:05 . 2009-12-13 06:05 -------- d-----w- C:\_OTL

2009-12-01 02:32 . 2009-12-01 02:32 -------- d-----w- C:\_OTM

2009-11-21 22:10 . 2004-05-13 17:27 847872 ----a-w- c:\windows\system32\dbgeng.dll

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 20:41 . 2009-11-21 20:41 -------- d-----w- C:\$AVG

2009-11-21 20:40 . 2009-11-21 20:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40 . 2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40 . 2009-11-21 20:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40 . 2009-11-21 20:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-21 20:40 . 2009-12-16 02:56 -------- d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2009-11-19 22:45 . 2009-07-01 13:55 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45 . 2009-06-30 06:48 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45 . 2009-07-01 02:42 485920 ----a-w- c:\windows\system32\nvunrm.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-16 19:53 . 2008-06-19 20:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-12-16 19:53 . 2008-06-19 20:48 -------- d-----w- c:\arquivos de programas\DNA

2009-12-16 12:05 . 2008-06-19 22:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-13 07:28 . 2009-10-14 00:59 -------- d-----w- c:\arquivos de programas\Google

2009-12-10 15:47 . 2001-10-28 14:07 98614 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 15:47 . 2001-10-28 14:07 509620 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 02:09 . 2008-09-25 16:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-05 04:50 . 2008-12-22 14:24 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2009-11-28 04:42 . 2008-06-19 21:40 -------- d-----w- c:\arquivos de programas\Java

2009-11-28 04:36 . 2009-11-28 04:36 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-28 04:36 . 2009-11-28 04:36 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-26 23:19 . 2008-06-19 21:01 -------- d-----w- c:\arquivos de programas\DreMule

2009-11-22 00:32 . 2009-11-22 00:32 3963160 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2009-11-22 00:31 . 2009-11-22 00:31 844056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2009-11-22 00:31 . 2009-11-22 00:31 1658136 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2009-11-21 05:44 . 2009-09-17 03:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\vlc

2009-11-19 22:51 . 2008-03-15 21:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-11-19 22:51 . 2009-09-17 11:00 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-16 19:34 . 2009-11-16 19:34 -------- d-----w- c:\arquivos de programas\CPUID

2009-11-13 02:40 . 2009-11-13 02:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare

2009-11-13 02:37 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 02:23 . 2008-06-22 07:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-11-13 02:23 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\BioWare

2009-11-10 19:04 . 2009-11-10 19:04 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\FlashGot.exe

2009-11-07 03:30 . 2008-06-25 22:25 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-29 07:42 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll

2009-10-26 21:21 . 2008-03-23 22:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 21:17 . 2009-10-26 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-26 21:04 . 2009-10-26 21:04 -------- d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45 . 2009-10-26 20:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-10-26 17:03 . 2009-10-26 15:04 -------- d-----w- c:\arquivos de programas\Cheat Engine

2009-10-26 10:29 . 2008-05-16 22:40 -------- d-----w- c:\arquivos de programas\Photoshop CS2

2009-10-21 05:39 . 2004-08-04 02:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 02:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 01:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 18:00 . 2009-10-14 00:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-13 10:34 . 2004-08-04 02:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 02:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 02:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 06:17 . 2008-12-06 16:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-06 20:32 . 2009-11-16 19:35 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-09-27 20:20 . 2009-09-27 20:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12 . 2008-03-15 22:06 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24 . 2008-03-15 21:37 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-04 02:03 . 2009-08-19 07:30 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

c:\windows\System32\drivers\beep.sys ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"Symantec PIF AlertEng"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-06-22 198160]

"nwiz"="nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQKeB]

[bU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DreMule\\emule.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\World of Warcraft\\Repair.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Left 4 Dead\\left4dead.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\EA GAMES\\American McGee's Alice\\alice.exe"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/11/2008 16:18 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/11/2008 16:18 5248]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/11/2009 18:40 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/11/2009 18:40 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [21/11/2009 18:40 285392]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [13/11/2009 00:05 25832]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-16 17:54

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys SCSIPORT.SYS >>UNKNOWN [0x865DFCD0]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74bbf28

\Driver\ACPI -> ACPI.sys @ 0xf7336cb8

\Driver\atapi -> 0x863de130

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:99,96,af,80,f2,07,70,99,91,f1,73,46,47,2c,45,38,f0,e2,dd,fc,3f,1f,31,

c8,bf,96,42,4b,39,bf,bf,c7,ce,1f,b7,84,35,09,56,4d,6e,40,5a,eb,a4,1a,e0,a0,\

"??"=hex:47,f9,33,c6,b8,94,d8,b6,8c,6c,96,e7,f5,7a,d5,33

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:55,ac,5d,6d,10,e9,7f,fc,f9,dd,22,e3,25,1a,e6,8a,e5,e3,25,fa,bf,

5f,b9,cd,50,4e,17,6a,6f,4d,6c,f2,14,62,3f,3e,20,e0,86,e4,46,2b,fc,1b,a3,00,\

"rkeysecu"=hex:5a,c6,4d,44,e9,ce,55,0d,2e,5c,cf,6e,d9,33,04,e3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(748)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Logitech\MouseWare\System\LgWndHk.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\RUNDLL32.EXE

c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

c:\arquivos de programas\Logitech\MouseWare\system\em_exec.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.bin

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-16 18:05:27 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-16 20:05

ComboFix2.txt 2009-12-13 06:40

Pré-execução: 19 pasta(s) 23.222.325.248 bytes disponíveis

Pós execução: 20 pasta(s) 23.082.323.968 bytes disponíveis

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - E10AFD975DD2116A6E4D5AE2ACF40051

Etapa #2

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 18:10 on 16/12/2009 by Administrador (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"

C:\cmdcons\ATAPI.SY_ --a--- 49558 bytes [00:59 04/08/2004] [00:59 04/08/2004] 28541D14647BB58502D09D1CEAEE6684

C:\WINDOWS\$NtServicePackUninstall$\atapi.sys -----c 95360 bytes [21:22 19/08/2008] [00:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

C:\WINDOWS\ERDNT\cache\atapi.sys --a--- 96512 bytes [06:37 13/12/2009] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\ServicePackFiles\i386\atapi.sys -----c 96512 bytes [18:40 13/04/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\system32\drivers\atapi.sys ------ 96512 bytes [00:59 04/08/2004] [18:40 13/04/2008] (Unable to calculate MD5)

Searching for "*beep*"

C:\Arquivos de programas\Game_Maker7\Sounds\beep1.wav --a--- 800 bytes [10:07 02/09/2006] [09:51 22/10/1999] CCC075EA8F751CB138B9A70B31DF2706

C:\Arquivos de programas\Game_Maker7\Sounds\beep2.wav --a--- 1078 bytes [10:07 02/09/2006] [09:47 22/10/1999] ADB2B38683BDD40C12A16D128250BDBF

C:\Arquivos de programas\Game_Maker7\Sounds\beep3.wav --a--- 1126 bytes [10:07 02/09/2006] [09:46 22/10/1999] 26F809849D38CE5BBF87D8889CA7DA31

C:\Arquivos de programas\Game_Maker7\Sounds\beep4.wav --a--- 6584 bytes [10:07 02/09/2006] [09:46 22/10/1999] A108BE22DB98051758914D8E8C42D2CB

C:\Arquivos de programas\Game_Maker7\Sounds\beep5.wav --a--- 2334 bytes [10:07 02/09/2006] [09:47 22/10/1999] 3FB4CE3CBCD0720D6A563A2F3F6A133B

C:\Arquivos de programas\Game_Maker7\Sounds\beep6.wav --a--- 2974 bytes [10:07 02/09/2006] [09:47 22/10/1999] 4174C31E7D5FDD0519442C6AF4D1C728

C:\Arquivos de programas\Game_Maker7\Sounds\beep7.wav --a--- 3584 bytes [10:07 02/09/2006] [09:45 22/10/1999] 7472FFC041AE0B6FC0124DE485C1120C

C:\Arquivos de programas\Valve\cstrike\sound\weapons\c4_beep1.wav --a--c 33206 bytes [03:07 22/06/2008] [17:02 15/09/2003] 182312C868DF38FC42230950FFA08B60

C:\Arquivos de programas\Valve\cstrike\sound\weapons\c4_beep2.wav --a--c 33206 bytes [03:07 22/06/2008] [17:02 15/09/2003] 72608220F816DAB6CBF84173D5AFB54E

C:\Arquivos de programas\Valve\cstrike\sound\weapons\c4_beep3.wav --a--c 33206 bytes [03:07 22/06/2008] [17:02 15/09/2003] EC8C5253B8E0206FD185F198AE7844DF

C:\Arquivos de programas\Valve\cstrike\sound\weapons\c4_beep4.wav --a--c 33206 bytes [03:07 22/06/2008] [17:02 15/09/2003] FCD4CFF473410467D45C6FD9205F2036

C:\Arquivos de programas\Valve\cstrike\sound\weapons\c4_beep5.wav --a--c 33132 bytes [03:07 22/06/2008] [17:02 15/09/2003] 1E3DB8211407431C2DE7B4DF9B468888

C:\Arquivos de programas\Valve\valve\sound\fvox\beep.wav --a--c 2520 bytes [03:07 22/06/2008] [16:56 15/09/2003] 4829C7A48AE4F2D53C1CF1202B860216

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\Beep07.wav --a--- 7208 bytes [22:39 15/05/2009] [22:39 15/05/2009] BBA7262A23DD44AE4A567AC3EF5B1F1F

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\Beep22.wav --a--- 75614 bytes [22:39 15/05/2009] [22:39 15/05/2009] 255D18A67E04C3B3F46DFE5B7115C949

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\Beep23.wav --a--- 37612 bytes [22:39 15/05/2009] [22:39 15/05/2009] FFD87AEEF8A47AAA123E61C74D2D5060

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\BeepClear.wav --a--- 12544 bytes [22:39 15/05/2009] [22:39 15/05/2009] BA2AF1106530FFD361F368514E750C32

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\Beep_Error01.wav --a--- 28674 bytes [22:39 15/05/2009] [22:39 15/05/2009] 39258A85BE682BBB147740FDD29E9C55

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\UI\Beep_SynthTone01.wav --a--- 75602 bytes [22:39 15/05/2009] [22:39 15/05/2009] 0F3E3727DEEE4BD2315C5A8D3A6E582B

C:\Documents and Settings\Administrador\Desktop\Left 4 Dead\left4dead\sound\weapons\hegrenade\beep.wav --a--- 88710 bytes [22:39 15/05/2009] [22:39 15/05/2009] 529A52AB7B9B78407D97A43E8AA56C0E

-=End Of File=-

Etapa #3

Olha como ja relatado em outros posts aqui nesse mesmo topico eu não consigo rodar o Gmer eu abro ele (aparace uns nomes/endereços na parte de baixo da janela do programa q vai trocando rapidamente) e depois de uns segundos ele fecha e não acontece nada ja tentei 3 vezes todas com o mesmo resultada (to fazendo certo me desconectando e dps rodando o programa)

Etapa #4

Conheço sim esse é um proxy q eu uso no IE para jogar e logar nas minhas minhas contas de uma so vez

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log:

ComboFix 09-12-17.01 - Administrador 17/12/2009 23:39:22.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.516 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\KittyFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\Cheat Engine\dbk32.sys

c:\windows\system32\SIntf16.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IMAPISERVICE

-------\Service_ImapiService

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-18 to 2009-12-18 ))))))))))))))))))))))))))))

.

2009-12-18 01:33 . 2009-12-18 01:35 -------- d-----w- C:\32788R22FWJFW

2009-12-17 17:53 . 2009-12-17 17:53 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-12-16 21:14 . 2009-12-16 21:14 -------- d-----w- c:\arquivos de programas\Lionhead Studios

2009-12-16 20:56 . 2009-12-16 20:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-16 20:56 . 2009-12-16 21:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2009-12-16 20:56 . 2009-12-16 20:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-12-16 19:42 . 2008-04-14 02:20 59904 -c--a-w- c:\windows\system32\dllcache\regsvc.dll

2009-12-16 19:42 . 2008-04-14 02:20 59904 ------w- c:\windows\system32\regsvc.dll

2009-12-16 19:41 . 2009-12-16 20:05 -------- d-----w- C:\ComboFix

2009-12-13 06:05 . 2009-12-13 06:05 -------- d-----w- C:\_OTL

2009-12-01 02:32 . 2009-12-01 02:32 -------- d-----w- C:\_OTM

2009-11-21 22:10 . 2004-05-13 17:27 847872 ----a-w- c:\windows\system32\dbgeng.dll

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-09-10 16:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-21 20:41 . 2009-11-21 20:41 -------- d-----w- C:\$AVG

2009-11-21 20:40 . 2009-11-21 20:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40 . 2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40 . 2009-11-21 20:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40 . 2009-11-21 20:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-21 20:40 . 2009-12-17 03:58 -------- d-----w- c:\windows\system32\drivers\Avg

2009-11-21 20:40 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2009-11-19 22:45 . 2009-07-01 13:55 701440 ----a-w- c:\windows\system32\cohelper.dll

2009-11-19 22:45 . 2009-06-30 06:48 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin

2009-11-19 22:45 . 2009-07-01 02:42 485920 ----a-w- c:\windows\system32\nvunrm.exe

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-18 01:49 . 2008-06-19 20:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-12-18 01:49 . 2008-06-19 20:48 -------- d-----w- c:\arquivos de programas\DNA

2009-12-18 01:46 . 2009-10-26 15:04 -------- d-----w- c:\arquivos de programas\Cheat Engine

2009-12-16 21:37 . 2008-03-15 21:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-16 12:05 . 2008-06-19 22:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-13 07:28 . 2009-10-14 00:59 -------- d-----w- c:\arquivos de programas\Google

2009-12-10 15:47 . 2001-10-28 14:07 98614 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 15:47 . 2001-10-28 14:07 509620 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 02:09 . 2008-09-25 16:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-12-05 04:50 . 2008-12-22 14:24 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2009-11-28 04:42 . 2008-06-19 21:40 -------- d-----w- c:\arquivos de programas\Java

2009-11-28 04:36 . 2009-11-28 04:36 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-28 04:36 . 2009-11-28 04:36 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

2009-11-26 23:19 . 2008-06-19 21:01 -------- d-----w- c:\arquivos de programas\DreMule

2009-11-22 00:32 . 2009-11-22 00:32 3963160 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2009-11-22 00:31 . 2009-11-22 00:31 844056 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.exe

2009-11-22 00:31 . 2009-11-22 00:31 1658136 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgupd.dll

2009-11-21 05:44 . 2009-09-17 03:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\vlc

2009-11-19 22:51 . 2009-09-17 11:00 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-16 19:34 . 2009-11-16 19:34 -------- d-----w- c:\arquivos de programas\CPUID

2009-11-13 02:40 . 2009-11-13 02:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare

2009-11-13 02:37 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 02:23 . 2008-06-22 07:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-11-13 02:23 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\BioWare

2009-11-10 19:04 . 2009-11-10 19:04 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\FlashGot.exe

2009-11-07 03:30 . 2008-06-25 22:25 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-29 07:42 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll

2009-10-26 21:21 . 2008-03-23 22:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 21:17 . 2009-10-26 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-26 21:04 . 2009-10-26 21:04 -------- d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45 . 2009-10-26 20:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-10-26 10:29 . 2008-05-16 22:40 -------- d-----w- c:\arquivos de programas\Photoshop CS2

2009-10-21 05:39 . 2004-08-04 02:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 02:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 01:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 18:00 . 2009-10-14 00:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-13 10:34 . 2004-08-04 02:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 02:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 02:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 06:17 . 2008-12-06 16:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-06 20:32 . 2009-11-16 19:35 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-09-27 20:20 . 2009-09-27 20:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12 . 2008-03-15 22:06 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24 . 2008-03-15 21:37 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-04 02:03 . 2009-08-19 07:30 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ERDNT\cache\atapi.sys

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 18:40 . !HASH: COULD NOT OPEN FILE !!!!! . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys

[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

c:\windows\System32\drivers\beep.sys ... está faltando !!

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"Symantec PIF AlertEng"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-06-22 198160]

"nwiz"="nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQKeB]

[bU]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DreMule\\emule.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\World of Warcraft\\Repair.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Left 4 Dead\\left4dead.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\EA GAMES\\American McGee's Alice\\alice.exe"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/11/2008 16:18 160640]

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/11/2008 16:18 5248]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2009 18:56 691696]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/11/2009 18:40 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/11/2009 18:40 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [21/11/2009 18:40 285392]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [13/11/2009 00:05 25832]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-17 23:50

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys >>UNKNOWN [0x8656B1F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74bbf28

\Driver\ACPI -> ACPI.sys @ 0xf721acb8

\Driver\atapi -> 0x86368690

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

ParseProcedure -> ntkrnlpa.exe @ 0x805827e8

NDIS: -> SendCompleteHandler -> 0x0

PacketIndicateHandler -> 0x0

SendHandler -> 0x0

Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:99,96,af,80,f2,07,70,99,91,f1,73,46,47,2c,45,38,f0,e2,dd,fc,3f,1f,31,

c8,bf,96,42,4b,39,bf,bf,c7,ce,1f,b7,84,35,09,56,4d,6e,40,5a,eb,a4,1a,e0,a0,\

"??"=hex:47,f9,33,c6,b8,94,d8,b6,8c,6c,96,e7,f5,7a,d5,33

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:55,ac,5d,6d,10,e9,7f,fc,f9,dd,22,e3,25,1a,e6,8a,e5,e3,25,fa,bf,

5f,b9,cd,50,4e,17,6a,6f,4d,6c,f2,14,62,3f,3e,20,e0,86,e4,46,2b,fc,1b,a3,00,\

"rkeysecu"=hex:5a,c6,4d,44,e9,ce,55,0d,2e,5c,cf,6e,d9,33,04,e3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(2732)

c:\windows\system32\WININET.dll

c:\arquivos de programas\Logitech\MouseWare\System\LgWndHk.dll

c:\arquiv~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\arquivos de programas\AVG\AVG9\avgchsvx.exe

c:\arquivos de programas\AVG\AVG9\avgrsx.exe

c:\arquivos de programas\AVG\AVG9\avgcsrvx.exe

c:\arquivos de programas\Lavasoft\Ad-Aware\aawservice.exe

c:\arquivos de programas\Bonjour\mDNSResponder.exe

c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

c:\arquivos de programas\Java\jre6\bin\jqs.exe

c:\arquivos de programas\AVG\AVG9\avgnsx.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\PnkBstrB.exe

c:\arquivos de programas\Logitech\MouseWare\system\em_exec.exe

c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\arquivos de programas\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.exe

c:\arquivos de programas\BrOffice.org 3\program\soffice.bin

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-12-18 00:01:50 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-12-18 02:01

ComboFix2.txt 2009-12-16 20:05

ComboFix3.txt 2009-12-13 06:40

Pré-execução: 21 pasta(s) 22.992.793.600 bytes disponíveis

Pós execução: 22 pasta(s) 22.949.609.472 bytes disponíveis

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 5403A7A7EEDABFE6207EEA10791214EB

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

FCopy::
c:\windows\$NtServicePackUninstall$\atapi.sys | c:\windows\system32\drivers\atapi.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsQKeB]

Salve este arquivo como: CFScript.txt

2872959479_997d4500c4_o.gif

Tal com exemplificado na foto acima, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

Etapa nº 2 #

Você tem o CD de instalação do Windows?

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Etapa #1

ComboFix 09-12-21.08 - Administrador 22/12/2009 14:08:20.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.605 [GMT -2:00]

Executando de: c:\documents and settings\Administrador\Desktop\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Desktop\CFScript.txt.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\SIntf16.dll

.

--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\atapi.sys --> c:\windows\system32\drivers\atapi.sys

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-11-22 to 2009-12-22 ))))))))))))))))))))))))))))

.

2009-12-22 15:27 . 2009-12-12 11:08 4043032 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgui.exe

2009-12-22 15:27 . 2009-12-12 11:08 3776280 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\setup.exe

2009-12-22 15:26 . 2009-12-18 14:10 294656 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avglngx.dll

2009-12-22 15:26 . 2009-12-12 11:07 3967256 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgcorex.dll

2009-12-21 18:51 . 2009-12-21 19:02 40453 ----a-w- c:\windows\DIIUnin.dat

2009-12-21 18:51 . 2009-12-21 18:51 2829 ----a-w- c:\windows\DIIUnin.pif

2009-12-21 18:51 . 2009-12-21 18:51 94208 ----a-w- c:\windows\DIIUnin.exe

2009-12-17 17:53 . 2009-12-17 17:53 -------- d-----w- c:\arquivos de programas\DAEMON Tools Lite

2009-12-16 21:14 . 2009-12-16 21:14 -------- d-----w- c:\arquivos de programas\Lionhead Studios

2009-12-16 20:56 . 2009-12-16 20:56 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2009-12-16 20:56 . 2009-12-16 21:11 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DAEMON Tools Lite

2009-12-16 20:56 . 2009-12-16 20:56 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\DAEMON Tools Lite

2009-12-16 19:42 . 2008-04-14 02:20 59904 -c--a-w- c:\windows\system32\dllcache\regsvc.dll

2009-12-16 19:42 . 2008-04-14 02:20 59904 ------w- c:\windows\system32\regsvc.dll

2009-12-13 06:05 . 2009-12-13 06:05 -------- d-----w- C:\_OTL

2009-12-12 11:09 . 2009-12-12 11:07 2352920 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\avg9\update\backup\avgresf.dll

2009-12-01 02:32 . 2009-12-01 02:32 -------- d-----w- C:\_OTM

2009-11-28 04:36 . 2009-11-28 04:36 152576 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-28 04:36 . 2009-11-28 04:36 79488 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Sun\Java\jre1.6.0_17\gtapi.dll

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 16:04 . 2008-06-19 20:48 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\DNA

2009-12-22 15:20 . 2008-06-19 20:48 -------- d-----w- c:\arquivos de programas\DNA

2009-12-21 19:45 . 2008-05-19 18:30 -------- d-----w- c:\arquivos de programas\Diablo II

2009-12-21 19:00 . 2008-05-19 18:44 21840 -c--atw- c:\windows\system32\SIntfNT.dll

2009-12-21 19:00 . 2008-05-19 18:44 17212 -c--atw- c:\windows\system32\SIntf32.dll

2009-12-21 05:06 . 2008-06-19 22:00 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\BitTorrent

2009-12-20 06:10 . 2008-12-22 14:24 -------- d-----w- c:\arquivos de programas\Mozilla Thunderbird

2009-12-18 02:09 . 2008-06-22 06:51 -------- d-----w- c:\arquivos de programas\Spybot - Search & Destroy

2009-12-18 01:46 . 2009-10-26 15:04 -------- d-----w- c:\arquivos de programas\Cheat Engine

2009-12-16 21:37 . 2008-03-15 21:28 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information

2009-12-13 07:28 . 2009-10-14 00:59 -------- d-----w- c:\arquivos de programas\Google

2009-12-10 15:47 . 2001-10-28 14:07 98614 ----a-w- c:\windows\system32\perfc016.dat

2009-12-10 15:47 . 2001-10-28 14:07 509620 ----a-w- c:\windows\system32\perfh016.dat

2009-12-10 02:09 . 2008-09-25 16:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2009-11-28 04:42 . 2008-06-19 21:40 -------- d-----w- c:\arquivos de programas\Java

2009-11-26 23:19 . 2008-06-19 21:01 -------- d-----w- c:\arquivos de programas\DreMule

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-11-21 21:15 . 2009-11-21 21:15 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2009-11-21 20:40 . 2009-11-21 20:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-11-21 20:40 . 2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2009-11-21 20:40 . 2009-11-21 20:40 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-11-21 20:40 . 2009-11-21 20:40 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-11-21 20:40 . 2009-11-21 20:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\avg9

2009-11-21 20:40 . 2009-05-02 07:55 -------- d-----w- c:\arquivos de programas\AVG

2009-11-21 05:44 . 2009-09-17 03:49 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\vlc

2009-11-19 22:51 . 2009-09-17 11:00 -------- d-----w- c:\arquivos de programas\NVIDIA Corporation

2009-11-16 19:34 . 2009-11-16 19:34 -------- d-----w- c:\arquivos de programas\CPUID

2009-11-13 02:40 . 2009-11-13 02:40 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\BioWare

2009-11-13 02:37 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Dragon Age

2009-11-13 02:23 . 2008-06-22 07:20 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Wise Installation Wizard

2009-11-13 02:23 . 2009-11-13 01:37 -------- d-----w- c:\arquivos de programas\Arquivos comuns\BioWare

2009-11-10 19:04 . 2009-11-10 19:04 177024 ----a-w- c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\FlashGot.exe

2009-11-07 03:30 . 2008-06-25 22:25 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2009-10-29 07:42 . 2004-08-04 02:45 916480 ------w- c:\windows\system32\wininet.dll

2009-10-26 21:21 . 2008-03-23 22:50 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Adobe

2009-10-26 21:17 . 2009-10-26 21:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\FLEXnet

2009-10-26 21:04 . 2009-10-26 21:04 -------- d-----w- c:\arquivos de programas\Bonjour

2009-10-26 20:45 . 2009-10-26 20:45 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Macrovision Shared

2009-10-26 10:29 . 2008-05-16 22:40 -------- d-----w- c:\arquivos de programas\Photoshop CS2

2009-10-21 05:39 . 2004-08-04 02:45 75776 ----a-w- c:\windows\system32\strmfilt.dll

2009-10-21 05:39 . 2004-08-04 02:45 25088 ----a-w- c:\windows\system32\httpapi.dll

2009-10-20 16:20 . 2004-08-04 01:00 265728 ----a-w- c:\windows\system32\drivers\http.sys

2009-10-13 18:00 . 2009-10-14 00:33 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-10-13 10:34 . 2004-08-04 02:45 271360 ----a-w- c:\windows\system32\oakley.dll

2009-10-12 13:39 . 2004-08-04 02:45 150016 ----a-w- c:\windows\system32\rastls.dll

2009-10-12 13:39 . 2004-08-04 02:45 79872 ----a-w- c:\windows\system32\raschap.dll

2009-10-11 06:17 . 2008-12-06 16:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-06 20:32 . 2009-11-16 19:35 327168 ----a-w- c:\windows\system32\cutil32.dll

2009-09-27 20:20 . 2009-09-27 20:20 2173544 ----a-w- c:\windows\system32\nvcplui.exe

2009-09-27 18:12 . 2008-03-15 22:06 490088 -c--a-w- c:\windows\system32\nvudisp.exe

2009-09-24 11:24 . 2008-03-15 21:37 490088 -c--a-w- c:\windows\system32\NVUNINST.EXE

2009-09-04 02:03 . 2009-08-19 07:30 6144 --sha-w- c:\arquivos de programas\Thumbs.db

2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\libdivx.dll

2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\arquivos de programas\mozilla firefox\plugins\ssldivx.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-12-13_06.36.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-22 16:06 . 2009-12-22 16:06 16384 c:\windows\Temp\Perflib_Perfdata_4c8.dat

- 2009-09-16 21:06 . 2009-04-18 18:10 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2009-09-16 21:06 . 2009-12-15 12:56 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe

+ 2004-08-04 00:59 . 2004-08-04 00:59 95360 c:\windows\system32\dllcache\atapi.sys

+ 2009-12-16 21:37 . 2009-12-16 21:37 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2009-09-19 05:57 . 2009-09-19 05:57 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2009-09-19 05:57 . 2009-09-19 05:57 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

- 2009-09-19 05:57 . 2009-09-19 05:57 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2009-09-19 05:58 . 2009-09-19 05:58 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2009-09-19 05:58 . 2009-09-19 05:58 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2009-09-19 05:58 . 2009-09-19 05:58 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

- 2009-09-19 05:58 . 2009-09-19 05:58 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-09-19 05:57 . 2009-09-19 05:57 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2009-09-19 05:57 . 2009-09-19 05:57 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-12-16 21:37 . 2009-12-16 21:37 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-03-07 149040]

"SpybotSD TeaTimer"="c:\arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"updateMgr"="c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]

"BitTorrent DNA"="c:\arquivos de programas\DNA\btdna.exe" [2009-10-07 323392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]

"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]

"Symantec PIF AlertEng"="c:\arquivos de programas\Arquivos comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"ISUSPM Startup"="c:\arquiv~1\ARQUIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]

"ISUSScheduler"="c:\arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]

"GrooveMonitor"="c:\arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"USB Storage Toolbox"="c:\arquivos de programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]

"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 19968]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-07 161328]

"TkBellExe"="c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2009-06-22 198160]

"nwiz"="nwiz.exe" [2009-07-08 1657376]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-08 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 13762560]

"AVG9_TRAY"="c:\arquiv~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]

"Malwarebytes Anti-Malware (reboot)"="c:\arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\Administrador\Menu Iniciar\Programas\Inicializar\

BrOffice.org 3.0.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2008-9-12 384000]

Recorte de tela e Iniciador do OneNote 2007.lnk - c:\arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\

Adobe Reader Speed Launch.lnk - c:\arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

Microsoft Office.lnk - c:\arquivos de programas\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideRunAsVerb"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-11-21 20:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\DNA\\btdna.exe"=

"c:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"c:\\Arquivos de programas\\DreMule\\emule.exe"=

"c:\\Arquivos de programas\\Mozilla Firefox\\firefox.exe"=

"c:\\Arquivos de programas\\Valve\\hl.exe"=

"c:\\Arquivos de programas\\Valve\\hlds.exe"=

"c:\\World of Warcraft\\Repair.exe"=

"c:\\Arquivos de programas\\Hamachi\\hamachi.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\DsNET Corp\\aTube Catcher 1.0\\smh.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Documents and Settings\\Administrador\\Desktop\\Left 4 Dead\\left4dead.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Arquivos de programas\\UBISOFT\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Arquivos de programas\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.0.game"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=

"c:\\Arquivos de programas\\mIRC\\mirc.exe"=

"c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=

"c:\\Arquivos de programas\\EA GAMES\\American McGee's Alice\\alice.exe"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=

"c:\\Arquivos de programas\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daorigins.exe"=

"c:\\Arquivos de programas\\Dragon Age\\DAOriginsLauncher.exe"=

"c:\\Arquivos de programas\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgupd.exe"=

"c:\\Arquivos de programas\\AVG\\AVG9\\avgnsx.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [8/11/2008 16:18 5248]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [21/11/2009 18:40 333192]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [21/11/2009 18:40 360584]

R2 avg9wd;AVG Free WatchDog;c:\arquivos de programas\AVG\AVG9\avgwdsvc.exe [21/11/2009 18:40 285392]

S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [8/11/2008 16:18 160640]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/12/2009 18:56 691696]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\arquivos de programas\Dragon Age\bin_ship\daupdatersvc.service.exe [13/11/2009 00:05 25832]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = 89.186.169.125:3128

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

FF - ProfilePath - c:\documents and settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\pbnmaciv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\arquivos de programas\AVG\AVG9\Firefox\components\avgssff.dll

FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\arquivos de programas\Mozilla Firefox\plugins\npdjvu.dll

FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-22 14:15

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:99,96,af,80,f2,07,70,99,91,f1,73,46,47,2c,45,38,f0,e2,dd,fc,3f,1f,31,

c8,bf,96,42,4b,39,bf,bf,c7,ce,1f,b7,84,35,09,56,4d,6e,40,5a,eb,a4,1a,e0,a0,\

"??"=hex:47,f9,33,c6,b8,94,d8,b6,8c,6c,96,e7,f5,7a,d5,33

[HKEY_USERS\S-1-5-21-1644491937-1592454029-725345543-500\Software\SecuROM\License information*]

"datasecu"=hex:55,ac,5d,6d,10,e9,7f,fc,f9,dd,22,e3,25,1a,e6,8a,e5,e3,25,fa,bf,

5f,b9,cd,50,4e,17,6a,6f,4d,6c,f2,14,62,3f,3e,20,e0,86,e4,46,2b,fc,1b,a3,00,\

"rkeysecu"=hex:5a,c6,4d,44,e9,ce,55,0d,2e,5c,cf,6e,d9,33,04,e3

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2009-12-22 14:18:15

ComboFix-quarantined-files.txt 2009-12-22 16:17

ComboFix2.txt 2009-12-18 02:01

ComboFix3.txt 2009-12-16 20:05

ComboFix4.txt 2009-12-13 06:40

Pré-execução: 19 pasta(s) 20.775.845.888 bytes disponíveis

Pós execução: 20 pasta(s) 20.756.570.112 bytes disponíveis

- - End Of File - - 55B982049731DED1E3BD865BCF5123CD

Etapa #2

Olha eu acho q eu tenho sim, tem um Cd aqui q tenho qse certeza q foi o q usei para instalar o win aqui nesse pc (qse certeza porque eu tenho uns 3 Cds porque quando eu tentava instalar o win aqui os 2 outros não rodaram corretamente, não lembro bem o motivo)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Curumo

Pelo jeito não iremos precisar mais do CD :)

Acesse o site 4y6d3b8.gif" Jotti's malware scan "

  • Na caixa que fica em cima (File to upload & scan);
  • Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
    • c:\windows\system32\drivers\a347scsi.sys
    • c:\windows\system32\drivers\a347bus.sys

    [*]Clique no botão 688godt.jpg[*] O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes programas antivirus, por favor aguarde.[*] Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:

Alternativa 1

Alternativa 2

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa boa noticia ^^

vamos la

Nome do arquivo: a347scsi.sys

Status:

Verificação finalizada. 0 dos 21 antivírus encontrou vírus..

Verificado em: Qui 26 Nov 2009 02:58:58 (CET) Link do resultado

Nome do arquivo: a347bus.sys

Status:

Verificação finalizada. 0 dos 21 antivírus encontrou vírus..

Verificado em: Dom 13 Dez 2009 07:53:21 (CET) Link do resultado

obridado pela ajuda toda ai diego_moicano e espero q você tenha tido um bom natal e tenha um bom ano novo (ajudando os outros ate nessas datas festivas xD)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...