O Windows Vista não Update

**Bubba** · #1 23. De maio de 2009, 09:33

Eu estou em um computador amigos, Vista e Windows não irá atualizar. Até agora tenho encontrado e removido Internet Anti-Virus, Win32Adload.r, e video.exe. Eles também tinham que cupão spyware e seu filho mantidos carregamento limewire. Eu removido ambos (LOL Limewire instala-se em 400 lugares, eu tinha que passar por todas as pastas e arquivos para se livrar de tal). Mas ainda não vai atualizar o Windows. Estou recebendo um código 80072efd, que diz que há um firewall impedindo janela de atualização. Não consigo encontrar nenhum que não seja o firewall do Windows e eu já vi em cada pasta. Aqui estão os três registros, não consigo encontrar nada, que eu perdi alguma coisa?

NOTA: Não é possível carregar qualquer um dos três registros. Eu fico recebendo inválido arquivo do site. What's up com isso? Tenho muitas fotos aqui? deixe-me tentar colar uma cópia:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Produzido em 05/23/2009 às 04:42

Aplicação Versão: 4/26/1002

Core Rules Database Version: 3908
Trace Rules Database Version: 1852

Scan type: Complete Scan
Total Scan Time: 03:45:40

Memória itens digitalizados: 831
Memória ameaças detectadas: 0
Secretaria itens digitalizados: 6407
Secretaria ameaças detectadas: 0
Arquivo itens digitalizados: 326608
Arquivo ameaças detectadas: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ specificcli ml [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusio n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ml [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ Microsoft Windows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ specificcli ml [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley @ tribalfusio n [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ml [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ Microsoft Windows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-Malware 1,36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58
mbam-log-2009-05-19 (08-40-58). txt

Scan type: Quick Scan
Objetos digitalizados: 71524
Tempo decorrido: 3 minuto (s), 23 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Valores do Registro infectados: 0
Dados de Registro Items Infected: 3
Pastas infectadas: 3
Arquivos infectados: 11

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
(N º itens maliciosos detectados)

Registry Keys Infected:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivírus pro_is1 (Rogue.InternetAntivirus) -> quarentena e eliminado com sucesso.

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarentena e eliminado com sucesso.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> quarentena e eliminado com sucesso.

Folders Infected:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
C: \ Program Files \ websrvx (Trojan.Downloader) -> quarentena e eliminado com sucesso.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> quarentena e eliminado com sucesso.

Arquivos Infectados:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> quarentena e eliminado com sucesso.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> quarentena e eliminado com sucesso.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> quarentena e eliminado com sucesso.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> quarentena e eliminado com sucesso.
(acima foi o primeiro registo, o que se segue é uma corrente)

Malwarebytes' Anti-Malware 1,36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23
mbam-log-2009-05-23 (09-03-23). txt

Scan type: Quick Scan
Objetos digitalizados: 70234
Tempo decorrido: 2 minuto (s), 28 segundo (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Valores do Registro infectados: 0
Dados de Registro Items Infected: 0
Pastas infectadas: 0
Arquivos infectados: 0

Memory Processes Infected:
(N º itens maliciosos detectados)

Memory Modules Infected:
(N º itens maliciosos detectados)

Registry Keys Infected:
(N º itens maliciosos detectados)

Valores do Registro infectados:
(N º itens maliciosos detectados)

Dados de Registro Items Infected:
(N º itens maliciosos detectados)

Folders Infected:
(N º itens maliciosos detectados)

Arquivos Infectados:
(N º itens maliciosos detectados)

Logfile da Trend Micro HijackThis v2.0.2
Scan guardado em 9:09:09, em 5/23/2009
Plataforma: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Executando processos:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.EXE
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Acer \ Empowering Technology \ SysMonitor.exe
C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ system32 \ rundll32.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe
C: \ Arquivos de Programas \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Eraser \ Eraser.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no arquivo)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no arquivo)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no arquivo)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google Dictionary Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Componente \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer Product Registration] "C: \ Program Files \ Acer Registration \ ACE1.exe" / startup
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Arquivos de Programas \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Arquivos de Programas \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Arquivos de Programas \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Arquivos de Programas \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Borracha] C: \ Program Files \ Eraser \ Eraser.exe-ocultar
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk =?
O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
O8 - Extra context menu item: E & xportar para o Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & final para o OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ SpyBot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Componente \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Updater Software (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: SBSD Centro de Segurança Pública (SBSDWSCService) - Safer Networking Ltd. - C: \ Arquivos de Programas \ Spybot - Search & Destroy \ SDWinSec.exe

--
Fim do processo - 9919 bytes

**sjb007** · #2 23. De maio de 2009, 23:45

Oi Bubba ....

Precisamos de desativar seu TeaTimer como ele pode interferir com as correções que temos de fazer.

1) Execute o Spybot-S & D
2) Vá para o modo de menu, e certifique-se de "Modo Avançado" é selecionado
3) No lado esquerdo, selecione Ferramentas -> Residente
4) Desmarque "Resident TeaTimer" e OK quaisquer solicitações
5) Reinicie o computador.

Baixar ResetTeaTimer.bat clicando com o botão direito no link, e escolha Salvar como.

* Guarde-o para seu desktop.
* Dê um duplo clique ResetTeaTimer.zip
* Dê um duplo clique e clique em Executar ResetTeaTimer.bat para remover todos os itens estabelecidos pela TeaTimer.

Após todas as correções estão completos, é muito importante que você ative TeaTimer novamente, vou deixar você saber quando é seguro fazê-lo.

Um Tutorial para Tea Timer pode ser encontrado aqui -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Download e digitalizar com ComboFix.exe. Por favor visite esta página para download links e instruções para o funcionamento da ferramenta:

http://www.bleepingcomputer.com/comb...o-use-combofix

Verifique se você tem todos os deficientes anti vírus e anti malware WinPatrol incluindo programas para que eles não interferem com o funcionamento do ComboFix.

Inclua a C: \ ComboFix.txt na sua próxima resposta para uma análise mais aprofundada.

==========================================\u0

Ir para Menu Iniciar > Escolha Correr e copiar / colar o seguinte na caixa Executar e clique em OK:

C: \ Qoobox \ Adicionar-Remover Programs.txt

Um arquivo de texto deve abrir. Por favor, postar o conteúdo desse arquivo em sua próxima resposta.

**Bubba** · #3 24 mai 2009, 02:33

Algumas coisas antes de eu postar os logs:

1. No tutorial você Chá temporizador ligado, ele também disse para desabilitar o residente SDHelper assim o fiz.
2. ComboFix não exibir o backup regisdtry ecrã a menos que seja uma rápida tela e eu perdi-o enquanto olhando para o meu computador (lembre-se sobre esta é uma amigos). Não desligue a ligação à Internet, nem que eu aviso que mudar o tempo. Ambos os ícones eram visíveis enquanto combinacão correção estava correndo. Será este um problema? Além disso, após executar o Combofix, o papel de parede foi distorcida, então eu reiniciado. Quando o computerstarted backup, o papel de parede tinha sumido, o Firefox já não era o navegador padrão e uma mensagem que o IE popped up homepage tinha sido mudado para o MSN (eu acho). Será isto normal? Além disso, WinPatrol notar que um novo serviço foi adicionado: appmgmts.dll.

3. Antes que você respondeu a esta questão, eu tenho livrar da Google Toolbar. Várias das entradas HJT olhou estranho. Em 018, por exemplo, foi chamado de x-sdCH em vez de x-SDHC .......... Lol Além disso, eu odeio ferramenta bares e eles sempre pode adicioná-lo de volta se eles querem. Independente, que mudou o HJT log. Também se livrou dos 02 .-2.'s que não tinha qualquer arquivo que lhes estão associadas.

4. O que estamos procurando no Combofix? LOL Eu comecei a fazer download e executá-lo antes que eu destacados nesta discussão, mas decidiu Só sei sabemos o suficiente ainda para meter com ela.

E sem mais delongas:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Executando de: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search and Destroy * deficientes * (desatualizado) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware deficientes * * (Atualizado) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: O Windows Defender * ativado * (Atualizado) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Arquivos criados a partir de 2009/04/24 a 2009/05/24 ))))))))))) ))))))))))))))))))))
.

2009/05/22 23:57. 2009/05/24 08:40 117,760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009/05/22 23:56. 2009/05/22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com
2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware
2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. COM
2009/05/22 20:36. 2009/05/22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard
2009/05/22 15:06. 2009/02/05 20:06 51,376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009/05/22 15:06. 2009/02/05 20:06 23,152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009/05/22 15:06. 2009/02/05 20:07 114,768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009/05/22 15:06. 2009/02/05 20:07 20,560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009/05/22 15:06. 2009/02/05 20:04 97,480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009/05/22 15:06. 2009/02/05 20:11 1.256.296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009/05/22 15:06. 2009/02/05 20:06 51,792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009/05/22 15:06. 2009/05/22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009/05/22 04:38. 2009/05/22 04:38 738,120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll
2009/05/20 12:43. 2008/06/20 01:14 97,800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009/05/20 12:43. 2008/06/20 01:14 105,016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009/05/20 12:43. 2008/06/20 01:14 11,264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009/05/20 12:43. 2008/06/20 01:14 622,080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009/05/20 12:43. 2008/06/20 01:14 43,544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009/05/20 12:43. 2008/06/20 01:14 781,344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009/05/20 12:43. 2008/06/20 01:14 326,160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009/05/20 12:33. 2008/07/27 18:03 96,760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009/05/20 12:33. 2008/07/27 18:03 282,112 ---- aw C: \ Windows \ system32 \ Mscoree.dll
2009/05/20 12:33. 2008/07/27 18:03 41,984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009/05/20 12:32. 2008/07/27 18:03 158,720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009/05/20 12:32. 2008/07/27 18:03 83,968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009/05/20 11:39. 2009/05/20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009/05/20 04:03. 2009/05/20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center
2009/05/19 23:20. 2009/05/19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Mago
2009/05/19 23:10. 2009/05/19 23:10 -------- d ----- wc: \ windows \ domingo
2009/05/19 20:40. 2009/05/19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009/05/19 20:40. 2009/05/19 11:41 38,200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009/05/19 18:24. 2009/05/24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser
2009/05/19 18:24. 2009/05/19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009/05/19 18:24. 2009/05/19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009/05/19 17:20. 2009/05/19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009/05/19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009/05/19 17:07. 2009/05/19 17:07 -------- d ----- w C: \ NVIDIA
2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- WC: \ Arquivos de Programas \ Spybot - Search & Destroy
2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy
2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009/05/19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009/05/19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009/05/19 12:26. 2009/04/06 19:32 15,504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009/05/19 12:26. 2009/04/06 19:32 38,496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009/05/19 12:26. 2009/05/19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware
2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes
2009/05/19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009/05/19 11:53. 2009/05/19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009/05/19 11:41. 2009/05/19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009/05/19 11:38. 2009/05/19 12:45 -------- d ----- wc: \ Programdata \ SOE
2009/05/19 11:29. 2009/05/19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sete Zip
2009/05/19 10:41. 2009/03/19 20:32 23,400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009/05/19 10:41. 2008/04/17 16:12 107,368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009/05/19 10:41. 2009/05/20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009/05/19 10:38. 2009/05/19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009/05/19 10:34. 2009/05/19 10:34 75,048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009/05/19 10:34. 2009/05/19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009/05/19 10:33. 2009/05/19 10:33 416,128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow SE \ NetTVResources.dll
2009/05/19 10:29. 2009/05/19 10:29 410,984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009/05/12 02:36. 2009/05/12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009/05/11 23:55. 2009/04/14 00:39 4.656.976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009/05/24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009/05/24 04:22. 2008/09/12 01:46 -------- d ----- wc: \ Program Files \ Google
2009/05/20 11:55. 2008/09/11 17:01 104,472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009/05/20 11:51. 2008/02/05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Ajuda
2009/05/20 11:49. 2008/02/05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009/05/20 03:54. 2008/09/12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009/05/20 00:42. 2008/02/05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009/05/19 23:28. 2008/02/05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Informações de instalação
2009/05/19 23:27. 2008/02/05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009/05/19 23:20. 2008/09/15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink
2009/05/19 21:38. 2008/09/12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared
2009/05/19 21:04. 2008/09/12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009/05/19 17:29. 2009/03/04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009/05/19 17:20. 2008/02/05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA
2009/05/19 16:54. 2008/02/05 18:03 36,864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009/05/19 16:54. 2007/10/25 11:02 147,456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009/05/19 16:13. 2008/09/12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009/05/19 11:32. 2008/02/05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009/05/19 11:05. 2008/09/12 01:45 -------- d ----- wc: \ Program Files \ Java
2009/05/19 10:41. 2008/09/13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009/05/19 10:38. 2008/09/13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer
2009/05/11 12:10. 2009/05/11 12:10 78,260 ---- aw C: \ Programdata \ SPL23D4.tmp
2009/04/17 10:12. 2006/11/02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009/04/02 22:13. 2009/04/02 22:13 702,127 ---- aw C: \ Programdata \ SPLFB91.tmp
2009/03/19 20:32. 2009/03/19 20:32 23,400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009/03/17 03:38. 2009/04/17 05:22 13,824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009/03/17 03:38. 2009/04/17 05:22 24,064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009/03/08 11:34. 2009/05/20 03:47 914,944 ---- aw C: \ Windows \ system32 \ wininet.dll
2009/03/08 11:34. 2009/05/20 03:47 43,008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009/03/08 11:33. 2009/05/20 03:47 18,944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009/03/08 11:33. 2009/05/20 03:47 109,056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009/03/08 11:33. 2009/05/20 03:47 109,568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009/03/08 11:33. 2009/05/20 03:47 107,520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009/03/08 11:33. 2009/05/20 03:47 103,936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009/03/08 11:33. 2009/05/20 03:47 132,608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009/03/08 11:33. 2009/05/20 03:47 107,008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009/03/08 11:33. 2009/05/20 03:47 420,352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009/03/08 11:32. 2009/05/20 03:47 72,704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009/03/08 11:32. 2009/05/20 03:47 71,680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009/03/08 11:32. 2009/05/20 03:47 66,560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009/03/08 11:32. 2009/05/20 03:47 169,472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009/03/08 11:31. 2009/05/20 03:47 34,816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009/03/08 11:31. 2009/05/20 03:47 48,128 ---- aw C: \ Windows \ system32 \ mshtmler.dll
2009/03/08 11:31. 2009/05/20 03:47 45,568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009/03/08 11:22. 2009/05/20 03:47 156,160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009/03/03 04:46. 2009/04/17 05:22 3.599.328 ---- aw C: \ Windows \ system32 \ Ntkrnlpa.exe
2009/03/03 04:46. 2009/04/17 05:22 3.547.632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009/03/03 04:39. 2009/04/17 05:22 183,296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009/03/03 04:39. 2009/04/17 05:22 551,424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009/03/03 04:39. 2009/04/17 05:22 26,112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009/03/03 04:37. 2009/04/17 05:22 98,304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009/03/03 04:37. 2009/04/17 05:22 54,784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009/03/03 04:37. 2009/04/17 05:22 44,032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009/03/03 03:04. 2009/04/17 05:22 666,624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009/03/03 02:38. 2009/04/17 05:22 17,408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007/10/11 4702208]

c: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008/2/5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
2008/12/22 16:05 356,352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ safeboot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Impressora Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Impressora Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Página principal \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(1DF156D1-4B3D-94E3-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atualização Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atualização Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: o Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: o Windows Media Center

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Auto-Defesa, c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ como wMonFlt.sys [5/22/2009 11:06 51.792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Agendador Serviço; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ IEDKCS32.DLL", BrandIEActiveSe pilão SIGNUP
.
- - - - ÓRFÃOS REMOVIDO - - - --

Safeboot-procexp90.Sys

.
Scan Suplementar ------- -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>; *. local
uInternet Settings, ProxyServer = http = localhost: 7171
IE: E & xportar para o Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zona: microsoft.com \ update
Trusted Zona: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2009/05/24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Negado: (A) (Associados)
@ Negado: (A) (Todos)
@ Admitidos: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Conclusão tempo: 2009/05/24 4:55
ComboFix-quarantined-files.txt 2009-05-24 08:55

Pré-Run: 173.756.547.072 bytes free
Post-Run: 173.859.581.952 bytes free

269 --- --- EOF 2009/05/17 10:04

Adicionar ou remover programas

Microsoft Office Shared MUI (Inglês) 2007
Microsoft Office Shared Setup Metadata MUI (Inglês) 2007
Microsoft Office Word MUI (Inglês) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser e SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Agora Standard
NTI Media Maker 8
NTI Open File Manager (remover somente)
NVIDIA Drivers
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Atualização de segurança para o Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Atualização para o 2007 Microsoft Office System (KB967642)
Atualização para o Microsoft Office 2007 Ajuda para Funcionalidades Comum (KB963673)
Atualização para o Microsoft Office Excel 2007 Help (KB963678)
Atualização para o Microsoft Office OneNote 2007 Ajuda (KB963670)
Atualização para o Microsoft Office PowerPoint 2007 Help (KB963669)
Atualização para o Microsoft Office Script Editor Ajuda (KB963671)
Atualização para o Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Scanner de segurança Windows Live OneCare
WinPatrol 2009
WIRELESS
Zuma Deluxe

EDIT: mais três perguntas: Notei uma DLL Limewire, podemos matar essa?

Embora seja um legítimo LTI programa, é necessário? Acho que veio junto com este estúpido Acer computador (o homem que eles carregar essas coisas com sucata), e é considerada redundante pelo construído no programa Microsoft.

LT Gatos, é construída em um spyware da lprinter fabricante, Lenmark. Eu pensei que eu peguei as partes pertinentes, mas eu não estava certo quanto ao machado sem desativar a impressora. Posso ir mais é o que é esquerda ou multa?

**sjb007** · #4 24 mai 2009, 04:03

Oi Bubba

Por favor não brincar com HJT, a menos que você compreender o funcionamento do mesmo. Você deve lembrar que HJT é, na verdade, um registro da ferramenta em um contexto diferente. Eu odeio-o de transformar o PC em uma porta caro! As duas entradas que 02 é excluído são legítimos, ainda que relatórios como o ficheiro em falta nem sempre é esse o caso. HJT é conhecida a misreport determinadas entradas.

Quanto limewire, você desinstalou lo através do painel de controle? Se assim for, então, podemos flush um jovem de mais redundante itens que são deixadas a cargo.

Eu vejo alguns pedaços que se relacionam com Norton, esta foi agrupada no PC em um tempo? Por favor, execute o norton ferramenta de remoção para limpar as reminants. Você pode encontrar a ferramenta aqui: Norton Removal Tool

Uma vez feito ......

Combofix

Feche qualquer aberto navegadores.
Feche quaisquer aplicativos de segurança (antivírus, Antimalware etc.)
Abrir notepad e copiar / colar o texto na caixa abaixo para ela:

Citação:

DDS::
uInternet Settings, ProxyOverride = <local>; *. local
uInternet Settings, ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Olhando para a imagem a seguir como um exemplo

Salvar como CFScript.txt, No mesmo local que ComboFix.exe

Referindo-se à foto acima, arraste CFScript onto ComboFix.exe.

Quando terminar, ela irá produzir um log para você no "C: \ ComboFix.txt"

Não mouseclick combofix da janela, enquanto está a rodar. Isto pode causar-lhe a barraca.

CUIDADO! Ninguém pensando em usar o script acima faz isso por sua conta e risco - você pode acabar por ter de re-instalar o Windows!

Por favor, postar o log C: \ ComboFix.txt para posterior análise.

=====================================

Verifico que a desinstalação diário foi cortado em cima, você pode repost-lo para mim por favor. Também me manter atualizado sobre o modo como as coisas são sábios sistema

**Bubba** · #5 24 mai 2009, 04:53

Limewire não aparecer nos programas e funcionalidade painel para desinstalar. os arquivos para "correr" que eu encontrei foram app ficheiros, não exe, então eu trudged através da unidade C e apaga tudo o que eu poderia encontrar. Eu vejo que perdi pelo menos um registro no entanto.

Como para Norton ........ sim, Acer carregados em uma versão experimental. Eu desinstalado-lo através do painel de controle e, em seguida, usou o Norton ferramenta de remoção. (Essa foi a primeira coisa que fiz, mesmo antes de eu carregado spybot, WinPatrol eo resto das coisas.) Quando eu estava passando a unidade C arquivos, eu guardei encontrar mais restos de Norton e apagadas-los como eu fui. Nunca ocorreu-me a executá-lo novamente, mas vou fazê-lo agora.

LOL Esses três arquivos em Combofix foram os três eu estava curioso sobre a maioria. Não deveria haver um proxy host, nem acho que os perfis devem ser trancada para todos. Mas eu não tenho estudado Combofix ainda que é por isso que eu não usá-lo sozinho, como tal, eu era clueless o que fazer com aqueles três, ou mesmo se eles eram, na realidade, "ruim".

Desculpe de cortar a cabeça fora da desinstalar log, o que é bobagem é que eu olhei para ele duas vezes, uma vez que não tinha qualquer definição, e perdi o meu erro ambas as vezes.

EDIT: e ainda me esqueci de postá-lo:

Microsoft Office 2007 Service Pack 2 (SP2)
Acer Arcade Live Página principal
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console TVD 2.0.1.1
Acer Registration
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11/5
Agatha Christie Morte no Nilo
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Álbum Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Foto Livro
ArcSoft Print Creations - Calendário de Fotos
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
avast! Antivírus
Azada
Backspin Bilhar
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Bricks of Egypt
Cake Mania
CCScore
Chicken Invaders 3
Chuzzle
Diner Dash Flo on the Go
Eraser
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip Words 2
HijackThis 2.0.2
Hotfix para o Microsoft. NET Framework 3,5 SP1 (KB953595)
Hotfix para o Microsoft. NET Framework 3,5 SP1 (KB958484)
iTunes
Java (TM) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare software
KODAK Gallery Enviar software
Lexmark 4300 Series
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3,5 SP1
Microsoft Office Excel MUI (Inglês) 2007
Microsoft Office Casa e Estudante 2007
Microsoft Office OneNote MUI (Inglês) 2007
Microsoft Office PowerPoint MUI (Inglês) 2007
Microsoft Office Proof (Inglês) 2007
Microsoft Office Proof (Francês) 2007
Microsoft Office Proof (Espanhol) 2007
Microsoft Office Proofing (Inglês) 2007
Microsoft Office Shared MUI (Inglês) 2007
Microsoft Office Shared Setup Metadata MUI (Inglês) 2007
Microsoft Office Word MUI (Inglês) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser e SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Agora Standard
NTI Media Maker 8
NTI Open File Manager (remover somente)
NVIDIA Drivers
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Atualização de segurança para o Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Atualização para o 2007 Microsoft Office System (KB967642)
Atualização para o Microsoft Office 2007 Ajuda para Funcionalidades Comum (KB963673)
Atualização para o Microsoft Office Excel 2007 Help (KB963678)
Atualização para o Microsoft Office OneNote 2007 Ajuda (KB963670)
Atualização para o Microsoft Office PowerPoint 2007 Help (KB963669)
Atualização para o Microsoft Office Script Editor Ajuda (KB963671)
Atualização para o Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Scanner de segurança Windows Live OneCare
WinPatrol 2009
WIRELESS
Zuma Deluxe

**sjb007** · #6 24 mai 2009, 05:58

Oi lá Bubba

Obrigado pela actualização desinstalar lista - você pode postar o novo log combofix para mim, tal como solicitado.

Citação:

O que estamos procurando no Combofix?

Basicamente apenas algo malicioso, combofix é principalmente uma avançada ferramenta de análise que nos dá mais informação do que HJT

Quanto LTCats:
Desde que eu posso dizer isto é uma entrada válida, mas é classificada como "escolha do usuário" sobre se ele é executado no arranque

Quanto Limewire:
Eu posso ver um par de entradas que ainda estão por aí, mas nós podemos ge-los com a próxima execução do combofix

**Bubba** · #7 24 mai 2009, 07:03

Ai, o computador bloqueado, e encerradas na Combofix parecia que estava prestes a terminar. Ela e eu reinicializou SafeMode selecionados. Penso que não criou o log, mas não sei ao certo. Aqui está a Microsoft popup.

O Windows se recuperou de um desligamento inesperado.

Problema assinatura:
Problema Evento Nome: Tela Azul
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Informações adicionais sobre o problema:

BCCode: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
PRODUTO: 768_1

FICHEIROS que descrevam o problema:

C \ Windows \ Minidump \ mini052409-01.dmp
C \ Users \ Shirley \ appdata \ temp \ WER-85644-0.systemdata.xml
C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

Tenho saído desse computador na tela em que SafeMode. Que queres que eu faça com isso? Estou deixando em SafeMode até ouço algo, tenho que ir filme agora, estar de volta em cerca de 3 horas. O homem é bom trabalho sobre o computador de outra pessoa para que eu ainda tenho a minha para obter ajuda sobre aqui.

EDIT: eu não tentei, mas eu tenho certeza que eu posso obter os arquivos em SafeMode se você precisa saber o que dizer, mas eu também não sabe como abrir um arquivo XML.

**sjb007** · #8 24 mai 2009, 07:11

Oi Bubba

Tente reiniciar e ver se ele arranca com sucesso mais uma vez, se não tente pressionar F8 para acessar o arranque ecrã de arranque e escolha a opção para a Última configuração válida.

**Bubba** · #9 24 mai 2009, 07:50

Ele iniciou e houve uma ComboFix2 log lá, é bastante idêntico ao primeiro, mas há um timestamp 10:04 referindo-se a uma quarentena log. O quarentine log está vazio. Aqui está o arquivo, não sei se ela é completa ou o que você deseja. Agora eu tenho que dividir.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Executando de: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search and Destroy * deficientes * (desatualizado) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware deficientes * * (Atualizado) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: O Windows Defender * ativado * (Atualizado) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Arquivos criados a partir de 2009/04/24 a 2009/05/24 ))))))))))) ))))))))))))))))))))
.

2009/05/22 23:57. 2009/05/24 08:40 117,760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009/05/22 23:56. 2009/05/22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com
2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware
2009/05/22 23:52. 2009/05/22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. COM
2009/05/22 20:36. 2009/05/22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard
2009/05/22 15:06. 2009/02/05 20:06 51,376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009/05/22 15:06. 2009/02/05 20:06 23,152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009/05/22 15:06. 2009/02/05 20:07 114,768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009/05/22 15:06. 2009/02/05 20:07 20,560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009/05/22 15:06. 2009/02/05 20:04 97,480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009/05/22 15:06. 2009/02/05 20:11 1.256.296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009/05/22 15:06. 2009/02/05 20:06 51,792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009/05/22 15:06. 2009/05/22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009/05/22 04:38. 2009/05/22 04:38 738,120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll
2009/05/20 12:43. 2008/06/20 01:14 97,800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009/05/20 12:43. 2008/06/20 01:14 105,016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009/05/20 12:43. 2008/06/20 01:14 11,264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009/05/20 12:43. 2008/06/20 01:14 622,080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009/05/20 12:43. 2008/06/20 01:14 43,544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009/05/20 12:43. 2008/06/20 01:14 781,344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009/05/20 12:43. 2008/06/20 01:14 326,160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009/05/20 12:33. 2008/07/27 18:03 96,760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009/05/20 12:33. 2008/07/27 18:03 282,112 ---- aw C: \ Windows \ system32 \ Mscoree.dll
2009/05/20 12:33. 2008/07/27 18:03 41,984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009/05/20 12:32. 2008/07/27 18:03 158,720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009/05/20 12:32. 2008/07/27 18:03 83,968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009/05/20 11:39. 2009/05/20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009/05/20 04:03. 2009/05/20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center
2009/05/19 23:20. 2009/05/19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Mago
2009/05/19 23:10. 2009/05/19 23:10 -------- d ----- wc: \ windows \ domingo
2009/05/19 20:40. 2009/05/19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009/05/19 20:40. 2009/05/19 11:41 38,200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009/05/19 18:24. 2009/05/24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser
2009/05/19 18:24. 2009/05/19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009/05/19 18:24. 2009/05/19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009/05/19 17:20. 2009/05/19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009/05/19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009/05/19 17:07. 2009/05/19 17:07 -------- d ----- w C: \ NVIDIA
2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- WC: \ Arquivos de Programas \ Spybot - Search & Destroy
2009/05/19 14:04. 2009/05/19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy
2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009/05/19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009/05/19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009/05/19 13:01. 2009/05/19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009/05/19 12:26. 2009/04/06 19:32 15,504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009/05/19 12:26. 2009/04/06 19:32 38,496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009/05/19 12:26. 2009/05/19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware
2009/05/19 12:26. 2009/05/19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes
2009/05/19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009/05/19 11:53. 2009/05/19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009/05/19 11:41. 2009/05/19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009/05/19 11:38. 2009/05/19 12:45 -------- d ----- wc: \ Programdata \ SOE
2009/05/19 11:29. 2009/05/19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sete Zip
2009/05/19 10:41. 2009/03/19 20:32 23,400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009/05/19 10:41. 2008/04/17 16:12 107,368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009/05/19 10:41. 2009/05/20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009/05/19 10:41. 2009/05/19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009/05/19 10:38. 2009/05/19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009/05/19 10:34. 2009/05/19 10:34 75,048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009/05/19 10:34. 2009/05/19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009/05/19 10:33. 2009/05/19 10:33 416,128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow SE \ NetTVResources.dll
2009/05/19 10:29. 2009/05/19 10:29 410,984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009/05/12 02:36. 2009/05/12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009/05/11 23:55. 2009/04/14 00:39 4.656.976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009/05/24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009/05/24 04:22. 2008/09/12 01:46 -------- d ----- wc: \ Program Files \ Google
2009/05/20 11:55. 2008/09/11 17:01 104,472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009/05/20 11:51. 2008/02/05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Ajuda
2009/05/20 11:49. 2008/02/05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009/05/20 03:54. 2008/09/12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009/05/20 00:42. 2008/02/05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009/05/19 23:28. 2008/02/05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Informações de instalação
2009/05/19 23:27. 2008/02/05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009/05/19 23:20. 2008/09/15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink
2009/05/19 21:38. 2008/09/12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared
2009/05/19 21:04. 2008/09/12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009/05/19 17:29. 2009/03/04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009/05/19 17:20. 2008/02/05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA
2009/05/19 16:54. 2008/02/05 18:03 36,864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009/05/19 16:54. 2007/10/25 11:02 147,456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009/05/19 16:13. 2008/09/12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009/05/19 11:32. 2008/02/05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009/05/19 11:05. 2008/09/12 01:45 -------- d ----- wc: \ Program Files \ Java
2009/05/19 10:41. 2008/09/13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009/05/19 10:38. 2008/09/13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer
2009/05/11 12:10. 2009/05/11 12:10 78,260 ---- aw C: \ Programdata \ SPL23D4.tmp
2009/04/17 10:12. 2006/11/02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009/04/02 22:13. 2009/04/02 22:13 702,127 ---- aw C: \ Programdata \ SPLFB91.tmp
2009/03/19 20:32. 2009/03/19 20:32 23,400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009/03/17 03:38. 2009/04/17 05:22 13,824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009/03/17 03:38. 2009/04/17 05:22 24,064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009/03/08 11:34. 2009/05/20 03:47 914,944 ---- aw C: \ Windows \ system32 \ wininet.dll
2009/03/08 11:34. 2009/05/20 03:47 43,008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009/03/08 11:33. 2009/05/20 03:47 18,944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009/03/08 11:33. 2009/05/20 03:47 109,056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009/03/08 11:33. 2009/05/20 03:47 109,568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009/03/08 11:33. 2009/05/20 03:47 107,520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009/03/08 11:33. 2009/05/20 03:47 103,936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009/03/08 11:33. 2009/05/20 03:47 132,608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009/03/08 11:33. 2009/05/20 03:47 107,008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009/03/08 11:33. 2009/05/20 03:47 420,352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009/03/08 11:32. 2009/05/20 03:47 72,704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009/03/08 11:32. 2009/05/20 03:47 71,680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009/03/08 11:32. 2009/05/20 03:47 66,560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009/03/08 11:32. 2009/05/20 03:47 169,472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009/03/08 11:31. 2009/05/20 03:47 34,816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009/03/08 11:31. 2009/05/20 03:47 48,128 ---- aw C: \ Windows \ system32 \ mshtmler.dll
2009/03/08 11:31. 2009/05/20 03:47 45,568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009/03/08 11:22. 2009/05/20 03:47 156,160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009/03/03 04:46. 2009/04/17 05:22 3.599.328 ---- aw C: \ Windows \ system32 \ Ntkrnlpa.exe
2009/03/03 04:46. 2009/04/17 05:22 3.547.632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009/03/03 04:39. 2009/04/17 05:22 183,296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009/03/03 04:39. 2009/04/17 05:22 551,424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009/03/03 04:39. 2009/04/17 05:22 26,112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009/03/03 04:37. 2009/04/17 05:22 98,304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009/03/03 04:37. 2009/04/17 05:22 54,784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009/03/03 04:37. 2009/04/17 05:22 44,032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009/03/03 03:04. 2009/04/17 05:22 666,624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009/03/03 02:38. 2009/04/17 05:22 17,408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * entradas vazias & legit entradas padrão não são mostrados
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ actuais ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007/10/11 4702208]

c: \ Programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Empowering Technology Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008/2/5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notificar \! SASWinLogon]
2008/12/22 16:05 356,352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ safeboot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Impressora Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Impressora Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Página principal \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(1DF156D1-4B3D-94E3-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ Onenote.exe: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atualização Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Atualização Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: o Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: o Windows Media Center

[HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Auto-Defesa, c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 20.560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ como wMonFlt.sys [5/22/2009 11:06 51.792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Agendador Serviço; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ IEDKCS32.DLL", BrandIEActiveSe pilão SIGNUP
.
- - - - ÓRFÃOS REMOVIDO - - - --

Safeboot-procexp90.Sys

.
Scan Suplementar ------- -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>; *. local
uInternet Settings, ProxyServer = http = localhost: 7171
IE: E & xportar para o Microsoft Excel - C: \ PROGRA ~ 1 \ MICROS ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zona: microsoft.com \ update
Trusted Zona: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector por Gmer, http://www.gmer.net
Rootkit scan 2009/05/24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

digitalizar processos escondidos ...

escaneamento automático entradas escondidas ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

digitalizar os arquivos ocultos ...

varredura foi concluída com êxito
ficheiros ocultos: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Negado: (A) (Associados)
@ Negado: (A) (Todos)
@ Admitidos: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Conclusão tempo: 2009/05/24 4:55
ComboFix-quarantined-files.txt 2009-05-24 08:55

Pré-Run: 173.756.547.072 bytes free
Post-Run: 173.859.581.952 bytes free

269 --- --- EOF 2009/05/17 10:04

EDIT: nope, rápida comparação entre o primeiro, eu acho que é idêntico.

**sjb007** · #10 24 mai 2009, 10:38

Oi, Bubba,

Citação:

EDIT: nope, rápida comparação entre o primeiro, eu acho que é idêntico.

Sim você tem razão - que é a partir da primeira execução do combofix

O log atual pode ser encontrada em C: / combofix.txt.

Similar Threads
Fio	Thread Starter	Fórum	Respostas	Última postagem
Atualização do Windows Vista deixa de Inicialização	mrdaveyk	Sistemas operativos Windows	1	8 de outubro de 2009 02:27
O Windows Vista não Update	gamiseta	Sistemas operativos Windows	6	4. De fevereiro de 2009 11:44
Atualização do Windows Vista Problemas - KB36330 - KB950759	katiecoos	Sistemas operativos Windows	3	18. De junho de 2008 16:08
Atualização do Windows Vista Erro	robina80	Sistemas operativos Windows	1	12. De junho de 2008 09:09
Atualização do Windows Vista	Shocker	Sistemas operativos Windows	1	13. De janeiro de 2008 11:26