Micro travando com win 7

por fcoalessandro Sáb 14 Ago 2010, 23:20

Instalei o windows 7 e agora o computador trava precisando reinicia-lo, apos o reinicio aparece uma tela com um problema chamado blue screen.
Gostaria de saber se voces poderiam mim orientar.
Log para analise.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:10:51, on 14/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ALESSANDRO CHAGAS\Desktop\HiJackThis.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\ALESSANDRO CHAGAS\user_db\tmp\sis.exe,C:\Users\ALESSANDRO CHAGAS\user_db\tmp\smm.exe,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\Windows\system32\PxSecure.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

--
End of file - 10324 bytes

por LordEvil Dom 15 Ago 2010, 12:41

Olá!

Seja bem vindo à seção de Remoção de Malwares da BlindPCs.

Vamos começar por partes:

# Etapa nº 1 #

Siga o tutorial abaixo e execute o Malwarebytes Anti-Malware. Depois me mande o log gerado.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

# Etapa nº 2 #

Faça o Download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve no Desktop (Área de trabalho).

Temporariamente desative os seus programas de proteção.
Duplo clique em dds.scr.
Irá surgir uma tela preta com algumas informações. Não clique em nada, apenas aguarde!
Quando terminar, duas janelas abrirão: DDS.txt e Attach.txt.
Salve o resultado e cole-o no seu tópico.

OBS: Caso o link disponibilizado não funcione, tente baixar o DDS por [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] link.

# Etapa nº 3 #

Parece que você tem 2 ou mais anti-vírus instalados: detectei o Avira e o Microsoft Security Essencials. Isso é verdade? Saiba que ter 2 ou mais anti-vírus rodando na mesma máquina gera conflito e muitos problemas para você. Ao contrário do que muitos pensam, ter dois ou mais anti-vírus rodando no mesmo pc não proporciona o duplo da proteção, mas sim gera conflito, que é quando um anti-vírus reconhece o outro como um vírus e tenta remover. Assim, ambos os anti-vírus ficarão inativos e seu computador ficará desprotegido.

Abraços Very Happy

por fcoalessandro Seg 16 Ago 2010, 21:36

Segue o log do malwarebytes, mas nao estou conseguindo usar DDS pois nao aparece as duas telas como voce falou, so apareceu um log com muitos caracteres que nao forma nenhuma palavra. Com relação ao antivirus voce falou que tenho dois antivirus, um tenho instalado com certeza que é o avira mas o outro eu usei por uns tempos de desinstalei so que veriquei os arquivos de programas e pasta está e não consigo exclui-la de forma alguma, gostaria de saber o que posso fazer.

Malwarebytes' Anti-Malware 1.45
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Versão da Base de Dados: 3930

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/08/2010 21:49:19
mbam-log-2010-08-15 (21-49-19).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|E:\|)
Objetos escaneados: 248371
Tempo decorrido: 2 hora(s), 36 minuto(s), 1 segundo(s)

Processos de Memória Infectados: 0
Módulos de Memória Infectados: 0
Chaves de Registro Infectadas: 0
Valores de Registro Infectados: 0
Itens de Dados no Registro Infectados: 0
Pastas Infectadas: 0
Arquivos Infectados: 0

Processos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:
(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:
(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:
(Não foram detectados ítens maliciosos)

Pastas Infectadas:
(Não foram detectados ítens maliciosos)

Arquivos Infectados:
(Não foram detectados ítens maliciosos)

por LordEvil Seg 16 Ago 2010, 21:51

Olá!

Resolveremos o problema com relação ao segundo anti-vírus mais tarde. Siga as instruções abaixo:

Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e salve no seu desktop (área de trabalho).

[list][*]Execute o Ad-Remover.
[*]Na tela principal, clique em CLEAN.
[*]Seu computador será escaneado. Tenha paciência, pode demorar!
[*]Após o escaneamento, uma tela de log abrirá. Este log também estará localizado em C:\Ad-Report-CLEAN[x].txt onde x é o nº da execução. Poste esse log em sua próxima resposta.

-------------------------------------------------------------------------------

No Painel de Controle procure por Opções de Pasta. Não vou te falar o caminho direitinho pois não o conheço no seven. > Em "Modo de Exibição", desmarque a caixa Ocultar extensões dos tipos de arquivos conhecidos.

~> Baixe novamente o DDS, mas, dessa vez, no ato do salvamento (quando o tiver salvando), o renomeie de DDS.scr para DDS.exe.

Execute-o igual às instruções anteriores e me made o log gerado.

PS: Caso ainda não funcionar, tente salvá-lo como DDS.pif

Abraços!

por fcoalessandro Seg 16 Ago 2010, 22:13

Segue log do DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by ALESSANDRO CHAGAS at 22:07:59,60 on 16/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.959.268 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ALESSANDRO CHAGAS\Desktop\dds.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\users\alessandro chagas\user_db\tmp\sis.exe,c:\users\alessandro chagas\user_db\tmp\smm.exe,
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alessa~1\appdata\roaming\mozilla\firefox\profiles\vkqva30s.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\users\alessandro chagas\appdata\roaming\mozilla\firefox\profiles\vkqva30s.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-8-8 30320]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-2 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\avira\antivir desktop\sched.exe [2010-8-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-2 56816]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-8-8 6394368]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-7-24 312152]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-8-8 583640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-8 69736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-8-8 24400]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2010-4-2 447864]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-2 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-6 54632]
S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-08-16 16:21:26 524288 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TMContainer00000000000000000002.regtrans-ms
2010-08-16 16:21:26 524288 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TMContainer00000000000000000001.regtrans-ms
2010-08-16 16:21:25 65536 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TM.blf
2010-08-13 01:56:42 0 d-----w- c:\program files\Duplicate Cleaner
2010-08-08 23:16:09 0 d-----w- c:\users\alessa~1\appdata\roaming\Registry Mechanic
2010-08-08 22:57:09 0 d-----w- c:\users\alessa~1\appdata\roaming\ComodoGroup
2010-08-08 22:19:40 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-08-08 22:19:40 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-08-08 22:19:40 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-08-08 22:19:40 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-08-08 22:19:39 506368 ----a-w- c:\windows\system32\msxml.dll
2010-08-08 22:19:07 0 d-----w- c:\program files\common files\PC Tools
2010-08-08 22:19:05 0 d---a-w- c:\programdata\TEMP
2010-08-08 21:56:17 0 d-----w- c:\program files\COMODO
2010-08-08 21:27:29 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-08-08 21:27:29 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-08-08 21:27:29 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-08 21:27:28 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-08-08 21:27:25 0 d-----w- c:\program files\Prevx
2010-08-08 21:26:58 53 ----a-w- c:\windows\wininit.ini
2010-08-08 21:26:58 0 d-----w- c:\programdata\PrevxCSI
2010-08-05 01:30:37 0 d-----w- C:\My Drivers
2010-08-05 01:18:39 160 ----a-w- c:\windows\MyDrivers.ini
2010-08-05 01:16:36 0 d-----w- c:\programdata\inf
2010-08-05 01:16:21 0 d-----w- c:\program files\My Drivers
2010-08-04 00:52:56 0 d-----w- c:\program files\Lavalys
2010-08-03 01:03:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-03 01:02:37 0 d-----w- c:\program files\Avira
2010-07-23 13:34:19 0 d-----w- c:\programdata\WildTangent
2010-07-23 13:30:04 0 d-----w- c:\program files\common files\SWF Studio
2010-07-22 01:16:36 0 d-----w- c:\users\alessandro chagas\Bluebirds
2010-07-21 00:26:26 0 d-----w- c:\users\alessandro chagas\VRFSENHAATUAL_arquivos
2010-07-21 00:26:25 3013 ----a-w- c:\users\alessandro chagas\VRFSENHAATUAL.htm

==================== Find3M ====================

2010-08-12 01:41:17 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-08-12 01:41:17 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-07-02 02:13:07 196104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-10 01:20:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 01:07:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-27 01:07:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2009-07-17 18:47:35 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2009-07-17 18:47:35 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat
2009-07-17 18:47:35 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat
2009-07-17 18:47:35 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-03 16:23:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:09:27,66 ===============

por fcoalessandro Seg 16 Ago 2010, 22:14

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 02/04/2010 18:02:49
System Uptime: 16/08/2010 20:57:09 (2 hours ago)

Motherboard: PHITRONICS | | P33G
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3199/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 20,947 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 32,854 GiB free.
E: is FIXED (FAT32) - 30 GiB total, 13,386 GiB free.
F: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP140: 13/08/2010 20:08:10 - Windows Update
RP142: 13/08/2010 20:32:20 - Microsoft Antimalware Checkpoint
RP143: 14/08/2010 21:40:05 - Windows Update
RP144: 16/08/2010 13:12:44 - Windows Update
RP145: 16/08/2010 21:12:01 - Windows Update

==== Installed Programs ======================

"Nero SoundTrax Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3.3 - Português
Advanced SystemCare 3
Advertising Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ArcSoft VideoImpression 2
Arquivo do WinRAR
Assistente de Conexão do Windows Live
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
AutoCAD 2007 - English
Autodesk DWF Viewer
Avira AntiVir Personal - Free Antivirus
Bonjour
BrOffice.org 3.2
CCleaner (remove only)
COMODO System - Cleaner
DolbyFiles
Driver Genius Professional Edition 2007
Duplicate Cleaner 1.4.6
DVD-lab PRO 2.51
DVD Audio Extractor 4.5.0
DVD Shrink 3.2
EVEREST Home Edition v2.20
EVEREST Ultimate Edition v5.02
Ferramenta de Carregamento do Windows Live
Google Chrome
Google Earth
Google Update Helper
GSmartControl
High-Definition Video Playback 10
ImagXpress
IObit Security 360
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Loquendo TTS: Gabriela (Portuguese-Brasilian)
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Fix it Center
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Movie Templates - Starter Kit
Mozilla Firefox (3.6. Cool

Mozilla Thunderbird (3.0.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV RegClean 5.5
My Drivers 5.00
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 9
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM
Nero BurningROM 10 Help (CHM)
Nero BurnRights
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero DriveSpeed
Nero Express
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Installer
Nero Live
Nero Live Help
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero RescueAgent Help
Nero ShowTime
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero StartSmart Help
Nero Update
Nero Vision
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NextUp-ScanSoft Raquel Brazilian Portuguese Voice
Nuclear Coffee - VideoGet
OGA Notifier 2.0.0048.0
Opera 10.54
Orbit Downloader
Party Booth
PowerISO
Prevx
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recuva
Registry Mechanic 10.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SiS VGA Utilities
SiSAGP driver
Skype

4.0
SoundTrax
TextAloud
Total Video Converter 3.12 080307
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb983486)
VDownloader 0.81
WinAVI Video Converter 9.0
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Galeria de Fotos
Windows Live Mail
Windows Live Messenger
Windows Live Proteção para a Família
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin

==== End Of File ===========================

por fcoalessandro Seg 16 Ago 2010, 23:03

======= REPORT FROM AD-REMOVER 2.0.0.1,D | ONLY XP/VISTA/7 =======

Updated by C_XX on 26/07/10 at 12:00
Contact: AdRemover.contact[AT]gmail.com
website: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 22:16:52 on 16/08/2010, Normal boot

Microsoft Windows 7 Ultimate (X86)
ALESSANDRO CHAGAS@ALESSANDRO (PHITRONICS P33G)

============== ACTION(S) ==============

3,File deleted: C:\Windows\Installer\7879e1.msi
3,File deleted: C:\Windows\Installer\787aba.msi

(!) -- Temporary files deleted.

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.6.8 (pt-BR)] **

-- C:\Users\ALESSANDRO CHAGAS\AppData\Roaming\Mozilla\FireFox\Profiles\vkqva30s.default\Prefs.js --
browser.download.lastDir, C:\\Users\\ALESSANDRO CHAGAS\\Desktop
browser.startup.homepage, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
browser.startup.homepage_override.mstone, rv:1.9.2.8

========================================

** Internet Explorer Version [8.0.7600.16385] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Default_Search_URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Do404Search: 0x01000000
Enable Browser Extensions: yes
Search bar: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Show_ToolBar: yes
Start Page: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Default_Search_URL: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Delete_Temp_Files_On_Exit: yes
Search bar: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Search Page: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Start Page: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Blank: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

========================================

C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
C:\Program Files\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 16/08/2010 (2143 Byte(s))

End at: 22:24:00, 16/08/2010

============== E.O.F ==============

por LordEvil Ter 17 Ago 2010, 10:53

Olá!

Por favor, siga as instruções abaixo:

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Na caixa que fica em cima (File to upload & scan);
Copie e cole o(s) seguinte(s) arquivo(s) um de cada vez:
- c:\users\alessandro chagas\user_db\tmp\smm.exe
Clique no botão [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
O(s) arquivo(s) irá(serão) ser examinado(s) por diferentes softwares antivirus, por favor aguarde.
Copie e cole o(s) resultado(s).

Se o site acima estiver muito congestionado, tente num desses sites:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Abraços Very Happy

por fcoalessandro Ter 17 Ago 2010, 21:54

Não estou conseguindo localizar este arquivo, ja mandei pesquisar e nada, seria possivel mim dar um dica.

por LordEvil Qua 18 Ago 2010, 09:36

Já tentou simplesmente "colar" tudo o que está em verde?

Abraços Very Happy

por fcoalessandro Qua 18 Ago 2010, 22:11

Tentei colar como voce sugeriu e resultado foi esse.
Status:
Arquivo vazio (0 bytes)!
Progresso do envio:

por LordEvil Qui 19 Ago 2010, 10:55

Ok!

Por favor, poste um novo log do DDS.

Abraços Very Happy

por fcoalessandro Qui 19 Ago 2010, 22:25

DDS (Ver_10-03-17.01) - NTFSx86
Run by ALESSANDRO CHAGAS at 22:21:21,34 on 19/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.959.281 [GMT -3:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ALESSANDRO CHAGAS\Desktop\dds.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title =
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540003} - c:\program files\gbplugin\gbiehcef.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\nuclea~1\videoget\plugins\VIDEOG~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GbPluginCef - c:\program files\gbplugin\gbiehCef.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399003} - c:\program files\gbplugin\gbiehcef.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alessa~1\appdata\roaming\mozilla\firefox\profiles\vkqva30s.default\
FF - prefs.js: browser.startup.homepage - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - component: c:\users\alessandro chagas\appdata\roaming\mozilla\firefox\profiles\vkqva30s.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e886c}\components\GbMzhBb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-8-18 45224]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-8-8 30320]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-2 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 AntiVirSchedulerService;Avira AntiVir Programador;c:\program files\avira\antivir desktop\sched.exe [2010-8-2 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-2 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-2 56816]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-8-8 6394368]
R2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2010-8-18 54824]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-7-24 312152]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-8-8 583640]
R2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-8-8 69736]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-8-8 24400]
R3 SiS6350;SiS6350;c:\windows\system32\drivers\SISGRKMD.sys [2010-4-2 447864]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\SiSGB6.sys [2009-6-10 48128]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-2 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-4-6 54632]
S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-11 1343400]

============== File Associations ===============

.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-08-19 00:58:41 45224 ----a-w- c:\windows\system32\drivers\gbpkm.sys
2010-08-19 00:58:05 0 d-----w- c:\program files\GbPlugin
2010-08-17 01:16:46 0 d-----w- c:\program files\Ad-Remover
2010-08-16 16:21:26 524288 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TMContainer00000000000000000002.regtrans-ms
2010-08-16 16:21:26 524288 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TMContainer00000000000000000001.regtrans-ms
2010-08-16 16:21:25 65536 --sha-w- c:\users\alessandro chagas\ntuser.dat{3f6c136e-a952-11df-9d40-001bb9939408}.TM.blf
2010-08-13 01:56:42 0 d-----w- c:\program files\Duplicate Cleaner
2010-08-08 23:16:09 0 d-----w- c:\users\alessa~1\appdata\roaming\Registry Mechanic
2010-08-08 22:57:09 0 d-----w- c:\users\alessa~1\appdata\roaming\ComodoGroup
2010-08-08 22:19:40 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-08-08 22:19:40 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2010-08-08 22:19:40 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-08-08 22:19:40 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-08-08 22:19:39 506368 ----a-w- c:\windows\system32\msxml.dll
2010-08-08 22:19:07 0 d-----w- c:\program files\common files\PC Tools
2010-08-08 22:19:05 0 d---a-w- c:\programdata\TEMP
2010-08-08 21:56:17 0 d-----w- c:\program files\COMODO
2010-08-08 21:27:29 69736 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-08-08 21:27:29 68120 ----a-w- c:\windows\system32\PxSecure.dll
2010-08-08 21:27:29 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-08 21:27:28 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-08-08 21:27:25 0 d-----w- c:\program files\Prevx
2010-08-08 21:26:58 53 ----a-w- c:\windows\wininit.ini
2010-08-08 21:26:58 0 d-----w- c:\programdata\PrevxCSI
2010-08-05 01:30:37 0 d-----w- C:\My Drivers
2010-08-05 01:18:39 160 ----a-w- c:\windows\MyDrivers.ini
2010-08-05 01:16:36 0 d-----w- c:\programdata\inf
2010-08-05 01:16:21 0 d-----w- c:\program files\My Drivers
2010-08-04 00:52:56 0 d-----w- c:\program files\Lavalys
2010-08-03 01:03:01 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-03 01:02:37 0 d-----w- c:\program files\Avira
2010-07-23 13:34:19 0 d-----w- c:\programdata\WildTangent
2010-07-23 13:30:04 0 d-----w- c:\program files\common files\SWF Studio
2010-07-22 01:16:36 0 d-----w- c:\users\alessandro chagas\Bluebirds

==================== Find3M ====================

2010-08-12 01:41:17 654272 ----a-w- c:\windows\system32\prfh0416.dat
2010-08-12 01:41:17 124724 ----a-w- c:\windows\system32\prfc0416.dat
2010-07-02 02:13:07 196104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-10 01:20:00 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 01:07:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-27 01:07:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-17 18:47:35 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat
2009-07-17 18:47:35 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat
2009-07-17 18:47:35 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat
2009-07-17 18:47:35 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-03 16:23:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:23:56,48 ===============

por LordEvil Sex 20 Ago 2010, 18:58

Olá!

Por favor, siga as instruções abaixo e execute o Spyware Doctor. Poste o log gerado.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Abraços Very Happy

por **Admin** Sex 15 Out 2010, 13:01

Tópico arquivado.

Como o autor não respondeu ao tópico por mais de 20 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, envie uma mensagem privada para um membro da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] com um link para este tópico e justifique porque você precisa dele reaberto.

por Conteúdo patrocinado

Micro travando com win 7