Manmasoul Dropeu

Novato
  • Content count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Manmasoul Dropeu

  • Rank
    Novato

Contact Methods

  • ICQ
    0
  1. "Se você baixa muitas coisas da web, não há melhor ferramenta para simplificar os downloads que o DownThemAll. Ele só está disponível no Firefox, não virá para o Chrome tão cedo e eu sinto falta dela sempre que baixo um arquivo grande no Chrome." Fonte http://www.gamevicio.com.br/i/noticias/54/...ntes/index.html Espero ter ajudado Eu uso chrome e pra mim ele é ótimo mas a verdade seja dita ele ainda precisa melhorar
  2. Comprei na loja Americana online todo o processo transcorreu muito bem e recebi a mercadoria dois dias antes do previsto. Sempre tem excelentes promoções Eu mesmo comprei 3 ventiladores que tinham preço de mercado 99,00 por 69,00.
  3. Atualmente uso o PC tools firewall plus e estou satisfeita
  4. Eu usa o anti virus gratuito da pc tools mas ele bloqueava muita coisa meu navegador se tornou um problema bloqueava meu acesso a internete ai voltei a usar a versão gratuita do avast e estou satisfeita.
  5. Ciro-Mota Obrigado a você a equipe do Linha Defensiva, fiz tudo que você falou e está tudo ok com PC. Mudei muitos conceitos e confirmei outros que tinha antes lendo o conteúdo do site. Felicidade e sucesso! Valeu mesmo. Carmem F T Neves
  6. Ciro-Mota nenhuma vez apareceu skip para clicar. O botão quando terminou continuou verde. e o log fiz do jeito que você falou foi esse: 28/08/2010 23:52:21 Task started 29/08/2010 01:14:43 Task completed Ps. Ñ respondi antes porque minha internete deu problema esses dias passei quase todo tempo sem.
  7. Ciro-Mota segue abaixo logs: ComboFix 10-08-24.0C - Mauro e Carmem 25/08/2010 15:45:42.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.538 [GMT -3:00] Executando de: c:\documents and settings\Mauro e Carmem\Meus documentos\Downloads\ComboFix.exe Comandos utilizados :: c:\documents and settings\Mauro e Carmem\Desktop\CFScript.txt..txt FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52} FILE :: "c:\windows\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe" . PEV Error: LocalAppDataFile ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINDOWS_NETWORK_NAME_SERVICE -------\Service_Windows Network Name Service (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-25 to 2010-08-25 )))))))))))))))))))))))))))) . 2010-08-25 04:20 . 2010-08-25 04:20 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\AnvSoft 2010-08-25 04:20 . 2010-08-25 04:20 -------- dc----w- c:\arquivos de programas\AnvSoft 2010-08-25 03:03 . 2010-08-25 04:07 -------- dc----w- c:\arquivos de programas\Total Video Player 2010-08-24 17:29 . 2010-08-25 18:33 -------- dc----w- c:\arquivos de programas\PC Tools Security 2010-08-24 14:43 . 2010-08-24 14:43 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\PC Tools 2010-08-23 03:58 . 2010-08-23 03:58 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\PCToolsFirewallPlus 2010-08-23 03:56 . 2010-03-29 13:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-08-23 03:56 . 2009-11-23 16:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-08-23 03:56 . 2010-02-05 12:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-08-23 03:56 . 2010-08-24 14:15 -------- dc----w- c:\arquivos de programas\Arquivos comuns\PC Tools 2010-08-23 03:56 . 2010-01-12 12:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys 2010-08-23 03:56 . 2010-01-07 14:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys 2010-08-23 03:56 . 2010-01-07 14:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys 2010-08-23 03:56 . 2010-01-13 11:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys 2010-08-23 03:56 . 2010-08-23 03:58 -------- dc----w- c:\arquivos de programas\PC Tools Firewall Plus 2010-08-20 22:08 . 2010-08-20 22:08 -------- dc----w- C:\_OTL 2010-08-20 20:07 . 2010-08-20 20:07 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar 2010-08-20 19:08 . 2010-01-14 19:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2010-08-20 19:08 . 2010-01-14 19:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2010-08-20 19:08 . 2010-01-14 19:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2010-08-20 19:07 . 2010-08-20 19:08 -------- dc----w- c:\arquivos de programas\ThreatFire 2010-08-20 18:24 . 2010-06-18 20:00 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-08-20 18:24 . 2010-06-18 20:00 264144 ----a-w- c:\windows\PCTBDRes.dll 2010-08-20 18:24 . 2010-06-18 20:00 1435600 ----a-w- c:\windows\PCTBDCore.dll 2010-08-20 18:24 . 2010-06-18 20:00 767952 ----a-w- c:\windows\BDTSupport.dll 2010-08-20 18:24 . 2010-05-10 17:14 192 ----a-w- c:\windows\UDB.zip 2010-08-20 18:24 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip 2010-08-20 16:30 . 2010-08-24 14:43 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Tools 2010-08-17 19:25 . 2010-08-17 19:25 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-16 04:09 . 2010-08-16 04:09 -------- dc----w- c:\arquivos de programas\VS Revo Group 2010-08-14 22:11 . 2010-08-20 04:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-08-12 22:31 . 2010-08-12 22:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com 2010-08-11 23:35 . 2010-08-12 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader 2010-08-11 20:29 . 2009-10-22 16:54 37392 ----a-w- c:\windows\system32\drivers\32553892.sys 2010-08-11 20:29 . 2009-10-10 02:31 315408 ----a-w- c:\windows\system32\drivers\3255389.sys 2010-08-11 20:29 . 2009-09-25 20:59 128016 ----a-w- c:\windows\system32\drivers\32553891.sys 2010-08-11 17:29 . 2010-08-11 17:29 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Malwarebytes 2010-08-11 17:28 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-11 17:28 . 2010-08-11 17:28 -------- dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-08-11 17:28 . 2010-08-11 17:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-08-11 17:28 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-01 17:36 . 2010-08-01 17:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-08-01 17:36 . 2010-08-20 21:16 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\skypePM 2010-08-01 17:34 . 2010-08-20 21:34 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Skype 2010-08-01 17:17 . 2010-08-01 17:17 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Skype 2010-08-01 17:17 . 2010-08-01 17:21 -------- dc----r- c:\arquivos de programas\Skype 2010-08-01 17:17 . 2010-08-01 17:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2010-07-28 03:17 . 1997-02-24 20:44 70656 ----a-w- c:\windows\system32\vspell32.dll 2010-07-28 03:17 . 1998-11-22 17:23 84992 ----a-w- c:\windows\system32\Ledit32.dll 2010-07-28 03:17 . 2010-07-28 03:20 -------- dc----w- c:\arquivos de programas\PageBreeze 2010-07-28 03:17 . 2008-09-12 17:55 1245184 ----a-w- c:\windows\system32\ChilkatCert.dll 2010-07-28 03:17 . 2008-09-12 17:50 1105920 ----a-w- c:\windows\system32\ChilkatFtp2.dll 2010-07-28 03:06 . 2010-07-28 03:06 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Yahoo! 2010-07-27 05:32 . 2010-08-25 18:24 10 ----a-w- c:\windows\system32\stamp.dat 2010-07-27 04:53 . 2010-08-15 06:44 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll 2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Toolbar4 2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2010-07-27 04:49 . 2010-07-27 04:49 -------- dc----w- c:\arquivos de programas\SearchPredict 2010-07-27 04:49 . 2010-08-21 11:46 -------- dc----w- c:\arquivos de programas\SpeedBit Video Downloader . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-25 19:02 . 2009-11-19 11:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-08-25 04:31 . 2009-09-17 20:57 -------- d-----w- c:\arquivos de programas\DreaMule 2010-08-24 23:15 . 2009-09-14 20:55 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Audacity 2010-08-23 05:00 . 2009-12-08 17:24 -------- d-----w- c:\arquivos de programas\ImageCut 2010-08-23 02:58 . 2009-12-17 17:45 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\HPAppData 2010-08-22 22:46 . 2010-07-15 16:59 1 ----a-w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-21 12:50 . 2009-08-14 19:26 -------- d-----w- c:\arquivos de programas\HP 2010-08-21 11:46 . 2009-08-12 19:21 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2 2010-08-21 11:46 . 2009-11-19 11:06 -------- d-----w- c:\arquivos de programas\DAP 2010-08-21 11:45 . 2009-10-22 21:15 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter 2010-08-21 05:11 . 2009-08-12 19:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-08-21 04:19 . 2009-09-03 22:44 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\IObit 2010-08-18 04:15 . 2009-08-12 19:38 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-08-18 04:15 . 2009-08-12 19:38 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-08-17 20:14 . 2009-11-18 20:52 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\uTorrent 2010-08-11 15:14 . 2010-07-01 12:08 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Search Settings 2010-08-11 14:56 . 2009-11-19 15:14 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Media Player Classic 2010-08-10 22:27 . 2009-10-28 17:42 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\TeamViewer 2010-07-29 23:41 . 2009-09-23 18:20 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-07-28 03:15 . 2009-09-17 21:30 -------- dc----w- c:\arquivos de programas\CCleaner 2010-07-26 18:38 . 2009-11-19 19:45 -------- d-----w- c:\arquivos de programas\DsNET Corp 2010-07-23 22:23 . 2010-07-23 22:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2010-07-16 03:27 . 2010-07-16 03:27 -------- dc----w- c:\arquivos de programas\WinPcap 2010-07-15 17:45 . 2009-08-12 19:20 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-07-15 16:59 . 2010-07-15 16:59 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\BrOffice.org 2010-07-15 16:57 . 2010-07-15 16:56 -------- dc----w- c:\arquivos de programas\BrOffice.org 3 2010-07-01 02:42 . 2010-07-01 02:42 -------- dc----w- c:\arquivos de programas\Application Updater 2010-07-27 04:49 . 2010-07-27 04:53 251392 ----a-w- c:\arquivos de programas\opera\program\plugins\dapop.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-23_03.45.12 ))))))))))))))))))))))))))))))))))))))))) . + 2010-08-25 19:02 . 2010-08-25 19:02 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat + 2010-08-25 01:35 . 2010-08-25 13:35 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-08-12 18:51 . 2010-08-22 18:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-08-12 18:51 . 2010-08-25 13:35 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat - 2009-08-12 18:51 . 2010-08-22 18:36 32768 c:\windows\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5\index.dat + 2009-08-12 18:51 . 2010-08-25 13:35 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat - 2009-08-12 18:51 . 2010-08-22 18:36 32768 c:\windows\system32\config\systemprofile\Configurações locais\Histórico\History.IE5\index.dat + 2009-12-08 13:37 . 2010-08-25 19:02 896328 c:\windows\system32\FNTCACHE.DAT . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-11-12 135664] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-07-27 2819584] "ares"="c:\arquivos de programas\Ares\Ares.exe" [2009-02-03 1004544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "ThreatFire"="c:\arquivos de programas\ThreatFire\TFTray.exe" [2010-01-14 378128] "00PCTFW"="c:\arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Mauro e Carmem\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Ares\\chatServer.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 32553892;32553892 Boot Guard Driver;c:\windows\system32\drivers\32553892.sys [11/08/2010 17:29 37392] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [20/08/2010 16:08 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [20/08/2010 16:08 59664] R1 32553891;32553891;c:\windows\system32\drivers\32553891.sys [11/08/2010 17:29 128016] R1 cacapragasdrv;cacapragasdrv;c:\windows\system32\drivers\3255389.sys [11/08/2010 17:29 315408] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [23/08/2010 00:56 233136] R2 Application Updater;Application Updater;c:\arquivos de programas\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 13:33 50704] R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [23/08/2010 00:56 88040] R2 ThreatFire;ThreatFire;c:\arquivos de programas\ThreatFire\TFService.exe service --> c:\arquivos de programas\ThreatFire\TFService.exe service [?] R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [23/08/2010 00:56 70664] R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [23/08/2010 00:56 58816] R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [23/08/2010 00:56 115216] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [20/08/2010 16:08 33552] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/08/2010 14:28 38224] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . . ------- Scan Suplementar ------- . uStart Page = hxxp://google.com.br IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - FF - ProfilePath - c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Mozilla\Firefox\Profiles\otz4kdy2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://flvpx-ares.asksearch.com/?cfg=2-113-0-1ECP7 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q= FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\arquivos de programas\SpeedBit Video Downloader\SPFireFox\components\Engine.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - AddRemove-Browser Defender_is1 - c:\arquivos de programas\PC Tools Security\BDT\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-25 16:04 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-73586283-1935655697-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(1008) c:\arquivos de programas\ThreatFire\TFWAH.dll c:\arquivos de programas\ThreatFire\TFNI.dll c:\arquivos de programas\ThreatFire\TFMon.dll c:\arquivos de programas\ThreatFire\TFRK.dll - - - - - - - > 'lsass.exe'(1064) c:\arquivos de programas\ThreatFire\TFWAH.dll - - - - - - - > 'explorer.exe'(2128) c:\arquivos de programas\ThreatFire\TfWah.dll c:\arquiv~1\WINDOW~2\wmpband.dll c:\arquivos de programas\ThreatFire\TFNI.dll c:\arquivos de programas\ThreatFire\TFMon.dll c:\arquivos de programas\ThreatFire\TFRK.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Outros Processos em Execução ------------------------ . c:\arquivos de programas\Java\jre6\bin\jqs.exe c:\arquivos de programas\PC Tools Firewall Plus\FWService.exe c:\arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe c:\arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\arquivos de programas\ThreatFire\TFService.exe c:\windows\RTHDCPL.EXE c:\windows\system32\rundll32.exe c:\windows\system32\igfxsrvc.exe c:\arquivos de programas\BrOffice.org 3\program\soffice.exe c:\arquivos de programas\BrOffice.org 3\program\soffice.bin c:\windows\system32\wscntfy.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe c:\arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Tempo para conclusão: 2010-08-25 16:11:21 - Máquina reiniciou ComboFix-quarantined-files.txt 2010-08-25 19:10 ComboFix2.txt 2010-08-23 03:53 Pré-execução: 13 pasta(s) 21.184.303.104 bytes disponíveis Pós execução: 14 pasta(s) 21.182.304.256 bytes disponíveis - - End Of File - - FC945068B3C584A80BAD7BC98C29B27E Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:27:55, on 25/08/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ThreatFire\TFService.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\ThreatFire\TFTray.exe C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Mauro e Carmem\Desktop\SegurançaLimpezaPC\hijackthis\HiJackThis.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing) O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe -- End of file - 10440 bytes
  8. Ciro tive uns problemas aqui. Desative meu antivirus, antispywares e firewall, mas o combofix abriu a janela falando que o antivirus estava atrapalhando e podia ocorrer risco pro PC, então parei e desinstalei ele. Depois cliquei para o combofix continuar, só que enquanto ele rodava faltou energia aqui na minha casa. quando a energia voltou fiz a primeira tentativa pra instalar o antivirus, pra ir ao forum pra postar, o mesmo travou reiniciei o PC, tentei novamente e instalou, mas, não funcionava ficava o tempo todo travado na tela inicial e ñ dava pra clicar em nada, então tive uma ideia abri o Revo Uninstaller e botei pra desinstalar nele no modo avançado que diz que tira todos os rastros, depois fui nos arquivos de programas apaguei a pasta do antivirus. Instalei o antivirus e tudo aconteceu normalmente ele está funcinando, demora muito esse antivirus pra instalar. Fiquei com medo de fazer o procedimento novamente com o combofix e da algum problema, porque ele já estava rodando a um bom tempo. Será caso pra exorcismo.kkkk. Brincadeirinha, mas foi o que pensei hoje as coisas ficaram estranhas. aguardo suas instruções. Obrigado
  9. Eu nunca atendo ligações com numero privado. Não tenho nenhum interesse em atender quem não se identifica. Em Recife no final do ano passado eles estavam aplicando o seguinte golpe perto das entradas dos cinemas as crianças e adolescentes eram abordados por pessoas fardadas que se identificavam como pessoas ligadas a promoção do filme que estava em cartaz, e fazia uma pesquisa sobre o filme e no final dizia que ia ter um sorteio nesse ensejo pegavam os telefones, nomes dos pais, endereço, escola onde estudavam, etc. E as crianças desavisadas forneciam afinal jovens de boa aparência devidamente fardados e falando sobre o filme não levantavam suspeitas para as vitimas. No final eles falavam para desligar o celular dando determinada desculpa que variava. e durante a seção os bandidos faziam as ligações ameaçando os pais. De posse dessas informações e sabendo até a roupa que filhos estavam usando e os mesmos com os celulares desligados. Estou postando sobre esse golpe para que quem tiver filhos que os oriente bem. Felicidades para todos
  10. Ciro-Mota Desativei o antivirus e o firewall, mas assim mesmo abriu uma janela do combofix dizendo que estava sendo impedido de rodar. Então eu desinstalei os dois. fiz o passo a passo como você falou, sai até de perto do PC. porque sou muito ansiosa e podia mexer em alguma tecla. Segue abaixo os logs Combofix e HijackThis: ComboFix 10-08-22.05 - Mauro e Carmem 23/08/2010 0:28.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1014.464 [GMT -3:00] Executando de: c:\documents and settings\Mauro e Carmem\Meus documentos\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Desktopicon c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Desktopicon\mc.ico c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\explorer.exe.local c:\windows\system32\Thumbs.db c:\windows\system32\vbzlib1.dll c:\windows\wc98pp.dll . (((((((((((((((( Arquivos/Ficheiros criados de 2010-07-23 to 2010-08-23 )))))))))))))))))))))))))))) . 2010-08-20 22:08 . 2010-08-20 22:08 -------- dc----w- C:\_OTL 2010-08-20 20:07 . 2010-08-20 20:07 -------- d-----w- c:\documents and settings\LocalService\Menu Iniciar 2010-08-20 19:08 . 2010-01-14 19:08 59664 ----a-w- c:\windows\system32\drivers\TfSysMon.sys 2010-08-20 19:08 . 2010-01-14 19:08 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys 2010-08-20 19:08 . 2010-01-14 19:08 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys 2010-08-20 19:07 . 2010-08-20 19:08 -------- dc----w- c:\arquivos de programas\ThreatFire 2010-08-20 18:24 . 2010-06-18 20:00 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-08-20 18:24 . 2010-06-18 20:00 264144 ----a-w- c:\windows\PCTBDRes.dll 2010-08-20 18:24 . 2010-06-18 20:00 1435600 ----a-w- c:\windows\PCTBDCore.dll 2010-08-20 18:24 . 2010-06-18 20:00 767952 ----a-w- c:\windows\BDTSupport.dll 2010-08-20 18:24 . 2010-05-10 17:14 192 ----a-w- c:\windows\UDB.zip 2010-08-20 18:24 . 2008-11-26 14:08 131 ----a-w- c:\windows\IDB.zip 2010-08-20 16:30 . 2010-08-23 03:06 -------- dc----w- c:\arquivos de programas\PC Tools Security 2010-08-20 16:30 . 2010-08-23 03:05 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\PC Tools 2010-08-17 19:25 . 2010-08-17 19:25 -------- d--h--w- c:\windows\system32\GroupPolicy 2010-08-16 04:09 . 2010-08-16 04:09 -------- dc----w- c:\arquivos de programas\VS Revo Group 2010-08-14 22:11 . 2010-08-20 04:51 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Spybot - Search & Destroy 2010-08-12 22:31 . 2010-08-12 22:31 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SUPERAntiSpyware.com 2010-08-11 23:35 . 2010-08-12 01:21 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Comodo Downloader 2010-08-11 20:29 . 2009-10-22 16:54 37392 ----a-w- c:\windows\system32\drivers\32553892.sys 2010-08-11 20:29 . 2009-10-10 02:31 315408 ----a-w- c:\windows\system32\drivers\3255389.sys 2010-08-11 20:29 . 2009-09-25 20:59 128016 ----a-w- c:\windows\system32\drivers\32553891.sys 2010-08-11 17:29 . 2010-08-11 17:29 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Malwarebytes 2010-08-11 17:28 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-11 17:28 . 2010-08-11 17:28 -------- dc----w- c:\arquivos de programas\Malwarebytes' Anti-Malware 2010-08-11 17:28 . 2010-08-11 17:28 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes 2010-08-11 17:28 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-01 17:36 . 2010-08-01 17:36 56 ---ha-w- c:\windows\system32\ezsidmv.dat 2010-08-01 17:36 . 2010-08-20 21:16 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\skypePM 2010-08-01 17:34 . 2010-08-20 21:34 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Skype 2010-08-01 17:17 . 2010-08-01 17:17 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Skype 2010-08-01 17:17 . 2010-08-01 17:21 -------- dc----r- c:\arquivos de programas\Skype 2010-08-01 17:17 . 2010-08-01 17:17 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Skype 2010-07-28 03:17 . 1997-02-24 20:44 70656 ----a-w- c:\windows\system32\vspell32.dll 2010-07-28 03:17 . 1998-11-22 17:23 84992 ----a-w- c:\windows\system32\Ledit32.dll 2010-07-28 03:17 . 2010-07-28 03:20 -------- dc----w- c:\arquivos de programas\PageBreeze 2010-07-28 03:17 . 2008-09-12 17:55 1245184 ----a-w- c:\windows\system32\ChilkatCert.dll 2010-07-28 03:17 . 2008-09-12 17:50 1105920 ----a-w- c:\windows\system32\ChilkatFtp2.dll 2010-07-28 03:06 . 2010-07-28 03:06 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Yahoo! 2010-07-27 05:32 . 2010-08-23 03:07 10 ----a-w- c:\windows\system32\stamp.dat 2010-07-27 04:53 . 2010-08-15 06:44 95744 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit\DAP\SDCondition.dll 2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Toolbar4 2010-07-27 04:49 . 2010-07-27 04:49 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\SpeedBit 2010-07-27 04:49 . 2010-07-27 04:49 -------- dc----w- c:\arquivos de programas\SearchPredict 2010-07-27 04:49 . 2010-08-21 11:46 -------- dc----w- c:\arquivos de programas\SpeedBit Video Downloader . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-23 03:07 . 2009-11-19 11:06 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP 2010-08-23 02:58 . 2009-12-17 17:45 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\HPAppData 2010-08-22 22:46 . 2010-07-15 16:59 1 ----a-w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\BrOffice.org\3\user\uno_packages\cache\stamp.sys 2010-08-22 12:15 . 2009-09-17 20:57 -------- d-----w- c:\arquivos de programas\DreaMule 2010-08-21 12:50 . 2009-08-14 19:26 -------- d-----w- c:\arquivos de programas\HP 2010-08-21 11:46 . 2009-08-12 19:21 -------- d-----w- c:\arquivos de programas\Windows Media Connect 2 2010-08-21 11:46 . 2009-11-19 11:06 -------- d-----w- c:\arquivos de programas\DAP 2010-08-21 11:45 . 2009-10-22 21:15 -------- d-----w- c:\arquivos de programas\WinAVI Video Converter 2010-08-21 05:11 . 2009-08-12 19:00 -------- d--h--w- c:\arquivos de programas\InstallShield Installation Information 2010-08-21 04:19 . 2009-09-03 22:44 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\IObit 2010-08-20 04:18 . 2009-09-14 20:55 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Audacity 2010-08-18 04:15 . 2009-08-12 19:38 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-08-18 04:15 . 2009-08-12 19:38 2516 --sha-w- c:\documents and settings\All Users\Dados de aplicativos\KGyGaAvL.sys 2010-08-17 20:14 . 2009-11-18 20:52 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\uTorrent 2010-08-11 15:14 . 2010-07-01 12:08 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Search Settings 2010-08-11 14:56 . 2009-11-19 15:14 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Media Player Classic 2010-08-10 22:27 . 2009-10-28 17:42 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\TeamViewer 2010-07-29 23:41 . 2009-09-23 18:20 -------- d-----w- c:\arquivos de programas\Microsoft Silverlight 2010-07-28 03:15 . 2009-09-17 21:30 -------- dc----w- c:\arquivos de programas\CCleaner 2010-07-26 18:38 . 2009-11-19 19:45 -------- d-----w- c:\arquivos de programas\DsNET Corp 2010-07-23 22:23 . 2010-07-23 22:23 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2010-07-16 03:27 . 2010-07-16 03:27 -------- dc----w- c:\arquivos de programas\WinPcap 2010-07-15 17:45 . 2009-08-12 19:20 -------- dc----w- c:\arquivos de programas\Arquivos comuns\Adobe 2010-07-15 16:59 . 2010-07-15 16:59 -------- d-----w- c:\documents and settings\Mauro e Carmem\Dados de aplicativos\BrOffice.org 2010-07-15 16:57 . 2010-07-15 16:56 -------- dc----w- c:\arquivos de programas\BrOffice.org 3 2010-07-01 02:42 . 2010-07-01 02:42 -------- dc----w- c:\arquivos de programas\Application Updater 2010-07-27 04:49 . 2010-07-27 04:53 251392 ----a-w- c:\arquivos de programas\opera\program\plugins\dapop.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" [2009-11-12 135664] "DownloadAccelerator"="c:\arquivos de programas\DAP\DAP.EXE" [2010-07-27 2819584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280] "HP Software Update"="c:\arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Adobe ARM"="c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "ThreatFire"="c:\arquivos de programas\ThreatFire\TFTray.exe" [2010-01-14 378128] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\Mauro e Carmem\Menu Iniciar\Programas\Inicializar\ BrOffice.org 3.2.lnk - c:\arquivos de programas\BrOffice.org 3\program\quickstart.exe [2010-5-20 1195008] c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\ HP Digital Imaging Monitor.lnk - c:\arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Arquivos de programas\\Ares\\Ares.exe"= "c:\\Arquivos de programas\\DreaMule\\emule.exe"= "c:\\Arquivos de programas\\Messenger\\msmsgs.exe"= "c:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Arquivos de programas\\Ares\\chatServer.exe"= "c:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Arquivos de programas\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Arquivos de programas\\DAP\\DAP.exe"= "c:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"= R0 32553892;32553892 Boot Guard Driver;c:\windows\system32\drivers\32553892.sys [11/08/2010 17:29 37392] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [20/08/2010 16:08 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [20/08/2010 16:08 59664] R1 32553891;32553891;c:\windows\system32\drivers\32553891.sys [11/08/2010 17:29 128016] R1 cacapragasdrv;cacapragasdrv;c:\windows\system32\drivers\3255389.sys [11/08/2010 17:29 315408] R2 Application Updater;Application Updater;c:\arquivos de programas\Application Updater\ApplicationUpdater.exe [08/01/2010 00:51 380928] R2 Browser Defender Update Service;Browser Defender Update Service;c:\arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe [20/08/2010 15:24 198608] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [16/11/2009 13:33 50704] R2 ThreatFire;ThreatFire;c:\arquivos de programas\ThreatFire\TFService.exe service --> c:\arquivos de programas\ThreatFire\TFService.exe service [?] R2 Windows Network Name Service;Windows Network Name Service;c:\windows\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe [27/07/2010 02:31 549376] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [20/08/2010 16:08 33552] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/08/2010 14:28 38224] S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys --> c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys [?] S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys --> c:\windows\system32\DRIVERS\ONDAusbnmea.sys [?] S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys --> c:\windows\system32\DRIVERS\ONDAusbser6k.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . . ------- Scan Suplementar ------- . uStart Page = hxxp://google.com.br IE: &Clean Traces - c:\arquivos de programas\DAP\Privacy Package\dapcleanerie.htm IE: &Download with &DAP - c:\arquivos de programas\DAP\dapextie.htm IE: Download &all with DAP - c:\arquivos de programas\DAP\dapextie2.htm IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - FF - ProfilePath - c:\documents and settings\Mauro e Carmem\Dados de aplicativos\Mozilla\Firefox\Profiles\otz4kdy2.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://flvpx-ares.asksearch.com/?cfg=2-113-0-1ECP7 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=106&q= FF - component: c:\arquivos de programas\DAP\DAPFireFox\components\DAPFireFox.dll FF - component: c:\arquivos de programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - component: c:\arquivos de programas\SpeedBit Video Downloader\SPFireFox\components\Engine.dll FF - plugin: c:\arquivos de programas\Microsoft\Office Live\npOLW.dll FF - plugin: c:\arquivos de programas\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 750 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); . - - - - ORFÃOS REMOVIDOS - - - - URLSearchHooks-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\arquivos de programas\IObitCom\tbIOb1.dll BHO-{3017FB3E-9A77-4396-88C5-0EC9548FB42F} - c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll BHO-{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - c:\arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll BHO-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\arquivos de programas\IObitCom\tbIOb1.dll Toolbar-{31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\arquivos de programas\IObitCom\tbIOb1.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - c:\arquivos de programas\IObitCom\tbIOb1.dll ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) AddRemove-Artistic Effects by Lokas Software - c:\windows\AWuninstall.exe Software\Lokas Ltd\Artistic Effects AddRemove-Blender - c:\arquivos de programas\Blender Foundation\Blender\uninstall.exe AddRemove-IObitCom Toolbar - c:\arquiv~1\IObitCom\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-23 00:44 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ThreatFire] "AlternateImagePath"="" . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- [HKEY_USERS\S-1-5-21-73586283-1935655697-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- - - - - - - - > 'winlogon.exe'(732) c:\arquivos de programas\ThreatFire\TFNI.dll c:\arquivos de programas\ThreatFire\TFMon.dll c:\arquivos de programas\ThreatFire\TFRK.dll c:\arquivos de programas\ThreatFire\TFWAH.dll - - - - - - - > 'lsass.exe'(788) c:\arquivos de programas\ThreatFire\TFWAH.dll . Tempo para conclusão: 2010-08-23 00:53:04 ComboFix-quarantined-files.txt 2010-08-23 03:52 Pré-execução: 12 pasta(s) 21.912.420.352 bytes disponíveis Pós execução: 15 pasta(s) 21.915.856.896 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - F469A9FB8D04ABAF5679F7034DAF9D61 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:44:07, on 23/08/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\ThreatFire\TFTray.exe C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe C:\Arquivos de programas\PC Tools Security\pctsTray.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\PC Tools Security\pctsAuxs.exe C:\Arquivos de programas\PC Tools Security\pctsSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ThreatFire\TFService.exe C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\msiexec.exe C:\Arquivos de programas\Ares\Ares.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Desktop\SegurançaLimpezaPC\hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing) O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [00PCTFW] "C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\PC Tools Security\pctsTray.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe O23 - Service: Windows Network Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe -- End of file - 12566 bytes
  11. Eu tenho uma experiência pessoal ruim em relação a esse assunto. Pois sofri abuso aos oito anos de idade e foi o irmão do meu pai. Sempre que me deparo com esse assunto fico meio descontrolada, Meu marido sabe que ñ confio em ninguém pra ficar com meu filho sempre estou por perto e alerta, ñ relaxo. Eu sei que eles são pessoas doentes, agora e as pessoas que são abusadas e desenvolvem doenças psicologicas e fisicas. Minha mãe mesmo sabendo continuou mantendo o mesmo tipo de relação próxima que tinha com ele. É muito fácil falar sem ter passado pela experiência. Agora amigos me digam como posso denunciar o seguinte achei nesses programas de compartilhamento uma propaganda suja horrível onde era oferecida crianças apartir de cinco anos e outras coisas inadequadas de falar. Felicidades pra todos
  12. Instalei vários firewall aqui no meu PC até que instalei o PC Tools Firewall Plus e estou muito satisfeita ele é em português e muito fácil de mexer e você faz a opção na instalação de usuário normal e ele faz o resto. Até agora tá aprovado a função dele em tempo real é ótima. Fico sabendo de todos os processos que estão rolando.
  13. Caro Ciro-Mota, já tinha desinstalado o spybot pois ando lendo muito o conteudo do forum linha defensiva e cheguei a conclusão que era melhor assim, instalei o pc tools firewall plus e por enquanto estou satisfeita. instalei também threatfire e mudei o antivirus do avast para pc tools antivirus(vou testar esse antivirus por um tempo. você acha que foi boa essas trocas? instalei também a extensão WOT(google chrome) Executei TeaTimer_Reset e dessa vez apareceu a tela preta com coisas escritas só ñ sei o que porque é muito rapido. Copiei colei no OLT fechei todas as janelas cliquei em consertar Só que apareceu uma janela dizendo falha na criaçao documento acho q foi isso ñ lembro direito. o PC ñ reiniciou. então eu reiniciei mas ñ apareceu o log ai fui la na pasta C:\_OTL\MovedFiles e abri o log que estava lá segue abaixo: All processes killed ========== OTL ========== No active process named wnns.exe was found! Error: No service named Windows Network Name Service was found to stop! No service named Windows Network Name Service was found to delete! File C:\WINDOWS\System32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe not found. File C:\Documents and Settings\Mauro e Carmem\Dados de aplicativos\Mozilla\Firefox\Profiles\otz4kdy2.default\searchplugins\ask.uk.xml not found. File C:\Documents and Settings\Mauro e Carmem\Dados de aplicativos\Mozilla\Firefox\Profiles\otz4kdy2.default\searchplugins\askcom.xml not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{075b2737-8775-11de-8c8f-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{075b2737-8775-11de-8c8f-002421c5b203}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{075b2737-8775-11de-8c8f-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{075b2737-8775-11de-8c8f-002421c5b203}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ae22416-d69a-11de-8d33-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ae22416-d69a-11de-8d33-002421c5b203}\ not found. File opdux.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ae22416-d69a-11de-8d33-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ae22416-d69a-11de-8d33-002421c5b203}\ not found. File opdux.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16bcba9f-a842-11de-8cd8-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16bcba9f-a842-11de-8cd8-002421c5b203}\ not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17e32924-ae98-11de-8cdf-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17e32924-ae98-11de-8cdf-002421c5b203}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17e32924-ae98-11de-8cdf-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17e32924-ae98-11de-8cdf-002421c5b203}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34c33c60-18bd-11df-8de8-eb66d7ba1638}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34c33c60-18bd-11df-8de8-eb66d7ba1638}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34c33c60-18bd-11df-8de8-eb66d7ba1638}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34c33c60-18bd-11df-8de8-eb66d7ba1638}\ not found. File F:\Resources\sEtuP64.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ not found. File F:\System\Drivers\¥¶¾³¿¸¤£ù²¯² not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ not found. File F:\System\Drivers\¥¶¾³¿¸¤£ù²¯² not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48f18f84-04f9-11df-8dbc-c3aaecf0b53f}\ not found. File F:\System\Drivers\¥¶¾³¿¸¤£ù²¯² not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f5412-98c3-11de-8cbb-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f5412-98c3-11de-8cbb-002421c5b203}\ not found. File xihmgf.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f5412-98c3-11de-8cbb-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f5412-98c3-11de-8cbb-002421c5b203}\ not found. File xihmgf.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f5412-98c3-11de-8cbb-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f5412-98c3-11de-8cbb-002421c5b203}\ not found. File xihmgf.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{627f5412-98c3-11de-8cbb-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627f5412-98c3-11de-8cbb-002421c5b203}\ not found. File xihmgf.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78f10fba-ba51-11de-8cef-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f10fba-ba51-11de-8cef-002421c5b203}\ not found. File F:\2sm66r.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{78f10fba-ba51-11de-8cef-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78f10fba-ba51-11de-8cef-002421c5b203}\ not found. File F:\2sm66r.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4b096f9-8773-11de-8c8e-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4b096f9-8773-11de-8c8e-002421c5b203}\ not found. File ymxf2.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4b096f9-8773-11de-8c8e-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a4b096f9-8773-11de-8c8e-002421c5b203}\ not found. File ymxf2.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e255bf0f-df64-11de-8d54-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e255bf0f-df64-11de-8d54-002421c5b203}\ not found. File F:\nmxmtg.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e255bf0f-df64-11de-8d54-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e255bf0f-df64-11de-8d54-002421c5b203}\ not found. File F:\nmxmtg.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e255bf0f-df64-11de-8d54-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e255bf0f-df64-11de-8d54-002421c5b203}\ not found. File F:\nmxmtg.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e255bf0f-df64-11de-8d54-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e255bf0f-df64-11de-8d54-002421c5b203}\ not found. File F:\nmxmtg.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2ea3563-9c82-11de-8cc0-002421c5b203}\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2ea3563-9c82-11de-8cc0-002421c5b203}\ not found. File F:\Isass.exe not found. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ scheduled to be deleted on reboot. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. File F:\autorun.exe not found. Unable to delete ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D1B5B4F1 . Unable to delete ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:D74B6CF5 . Unable to delete ADS C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:010ADD2C . ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key. ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService User: Mauro e Carmem User: NetworkService %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.10.0 log created on 08202010_190805 LOG HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:55:35, on 20/08/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe C:\Arquivos de programas\PC Tools Security\pctsTray.exe C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe C:\Arquivos de programas\ThreatFire\TFTray.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.exe C:\Arquivos de programas\BrOffice.org 3\program\soffice.bin C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\PC Tools Security\pctsAuxs.exe C:\Arquivos de programas\PC Tools Security\pctsSvc.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ThreatFire\TFService.exe C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Mauro e Carmem\Desktop\SegurançaLimpezaPC\hijackthis\HiJackThis.exe C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R3 - URLSearchHook: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Arquivos de programas\PC Tools Security\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iObit Security 360] "C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKLM\..\Run: [iSTray] "C:\Arquivos de programas\PC Tools Security\pctsTray.exe" O4 - HKLM\..\Run: [00PCTFW] "C:\Arquivos de programas\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe O4 - HKCU\..\Run: [EPSON Stylus T23 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAB.EXE /FU "C:\WINDOWS\TEMP\E_S5A5.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Arquivos de programas\PC Tools Security\BDT\BDTUpdateService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Arquivos de programas\PC Tools Firewall Plus\FWService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Arquivos de programas\PC Tools Security\pctsSvc.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe O23 - Service: Windows Network Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe -- End of file - 14247 bytes Desde já muitissimo obrigado a você e toda equipe desse site serio e comprometido com a segurança. E eu vou me inscrever pra concorrer a uma vaga pra aprender a fazer isso que você faz aqui no forum, adorei gosto muito de aprender coisas novas e adoro causas nobres. Abri o internete explore e as pastas do windows e ñ apareceu nenhuma janela do instalador. Deus te abençoe neste trabalho. Seja Feliz!!! :tchau:
  14. Amigo você pode responder uma coisa no log apareceu: ¨O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)¨ isso quer dizer que a barra ASK ainda está no PC? Veio com uns programas a muito tempo e tentei desintalar ela varias vezes e ela aparecia até q sumiu de vez agora vejo isso ai. desculpe se estou abusando.
  15. desativei o Spybot depois abri o internete explore(que nunca uso normalmente) cliquei no anexo com botão direito e o ¨salvar destino como¨ estava desativado, então eu cliquei em ¨download with DAP¨ abriu o acelerador que tenho instalado e coloquei o nome: TeaTimer_Reset.bat o tipo: todos os arquivos e salvei na area de trabalho, apareceu a imagem que você mostrou no post. fechei o SpyBot e cliquei c/botão direito no arquivo TeaTimer_Reset.bat, mas executar estava desativado então cliquei em abrir ai aparece uma tela preta na barra c:\windows\system32\cmd.exe Eu já tinha instalado no meu pc o Malwarebytes' Anti-Malware (MBAM) botei pra atualizar fiz a verificação rapida nenhuma infecção segue log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4449 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 19/08/2010 16:50:15 mbam-log-2010-08-19 (16-50-15).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 132732 Tempo decorrido: 5 minuto(s), 52 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) log do HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:14:12, on 19/08/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\rundll32.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe C:\Arquivos de programas\Ares\Ares.exe C:\Arquivos de programas\DAP\DAP.EXE C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe C:\Arquivos de programas\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe C:\Arquivos de programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe C:\Arquivos de programas\IObit\IObit Security 360\is360.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\alg.exe C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\ARQUIV~1\THEKMP~1\KMPlayer.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Audacity 1.3 Beta (Unicode)\audacity.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Windows Live\Toolbar\wltuser.exe C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\Mauro e Carmem\Desktop\Nova pasta\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R3 - URLSearchHook: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\ARQUIV~1\SEARCH~2\SEARCH~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\DAP\DAPIEL~1.DLL O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\ARQUIV~1\SPEEDB~1\Toolbar\grabber.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Arquivos de programas\SpeedBit Video Downloader\Toolbar\tbcore3.dll O3 - Toolbar: compliance0615 Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Arquivos de programas\IObitCom\tbIOb1.dll O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iObit Security 360] "C:\Arquivos de programas\IObit\IObit Security 360\IS360tray.exe" /autostart O4 - HKCU\..\Run: [EPSON Stylus T23 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAB.EXE /FU "C:\WINDOWS\TEMP\E_S5A5.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Arquivos de programas\IObit\Advanced SystemCare 3\AWC.exe" /startup O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mauro e Carmem\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Arquivos de programas\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe (User 'Default user') O4 - Startup: BrOffice.org 3.2.lnk = C:\Arquivos de programas\BrOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Clean Traces - C:\Arquivos de programas\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Arquivos de programas\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Arquivos de programas\DAP\dapextie2.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de programas\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Arquivos de programas\Application Updater\ApplicationUpdater.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: IS360service - IObit - C:\Arquivos de programas\IObit\IObit Security 360\IS360srv.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Arquivos de programas\Arquivos comuns\Protexis\License Service\PsiService_2.exe O23 - Service: Windows Network Name Service - Unknown owner - C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Windows Network Name Service\wnns.exe -- End of file - 14686 bytes