Edvan 30 Denunciar post Postado Maio 27, 2010 S.O WINDOWS 7. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:44:09, on 26/05/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HiYo\Bin\HiYo.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\taskeng.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Blingee Plus\tbhelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: BlingeeTb - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Blingee Plus\blingeetb.dll O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll O3 - Toolbar: MjTunes.com Toolbar - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Program Files\MjTunes.com\tbMjTu.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 6950 bytes -------------x----------------------- Obs: para ter mais precisão na analise :D DDS (Ver_10-03-17.01) - NTFSx86 Run by Fabiana at 23:02:22,73 on 26/05/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2036.1385 [GMT -3:00] AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\Explorer.EXE C:\Windows\system32\conhost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\HiYo\Bin\HiYo.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com.br/ mStart Page = hxxp://www.searchcanvas.com/?ot=6 uURLSearchHooks: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\blingee plus\tbhelper.dll mURLSearchHooks: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: BlingeeTb Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\blingee plus\blingeetb.dll TB: Blingee Toolbar: {d1121fe0-0145-44c9-aa35-72071ac20a9b} - c:\program files\blingee plus\blingeetb.dll TB: MjTunes.com Toolbar: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - c:\program files\mjtunes.com\tbMjTu.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Hiyo] c:\program files\hiyo\bin\HiYo.exe /RunFromStartup mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot uPolicies-system: DisableRegistryTools = 2 (0x2) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\fabiana\appdata\roaming\mozilla\firefox\profiles\edcysqaz.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - www.google.com.br FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search= FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\users\fabiana\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\users\fabiana\appdata\roaming\mozilla\plugins\npgoogletalk.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br"); ============= SERVICES / DRIVERS =============== R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-19 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-19 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-19 60936] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-5-15 20968] R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640] R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-20 135664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-27 9728] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-27 3072] =============== Created Last 30 ================ 2010-05-27 02:01:42 525824 ----a-w- C:\dds.scr 2010-05-24 23:07:09 0 d-----w- c:\program files\common files\Hewlett-Packard 2010-05-24 23:06:58 126976 ----a-w- c:\windows\system32\hpfll70v.dll 2010-05-24 23:06:21 512 ------w- c:\windows\hphmdl33.dat 2010-05-24 23:06:21 141676 ----a-w- c:\windows\hphins33.dat 2010-05-24 23:06:16 452408 ----a-w- c:\windows\system32\hpzids01.dll 2010-05-24 22:56:01 512 ------w- c:\windows\hphmdl33.dat.temp 2010-05-24 22:56:01 141231 ------w- c:\windows\hphins33.dat.temp 2010-05-24 22:12:15 0 d-----w- c:\program files\HP 2010-05-24 22:11:11 0 d-----w- c:\programdata\HP 2010-05-23 15:50:38 0 d-----w- c:\program files\common files\xing shared 2010-05-23 15:50:27 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-23 15:50:27 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-23 15:50:25 0 d-----w- c:\program files\common files\Real 2010-05-23 15:50:24 0 d-----w- c:\programdata\Real 2010-05-22 16:44:25 0 d-----w- c:\program files\MP3 Player Utilities 4.05 2010-05-21 05:51:08 0 d-----w- c:\users\fabiana\appdata\roaming\HiYo 2010-05-21 05:50:08 0 d-----w- c:\program files\HiYo 2010-05-21 05:50:07 0 d-----w- c:\programdata\HiYo 2010-05-21 03:19:02 0 d-----w- c:\programdata\PhotoMail 2010-05-21 03:19:01 0 d-----w- c:\program files\PhotoMail Maker 2010-05-21 03:18:27 0 d-----w- c:\programdata\IncrediMail 2010-05-21 03:18:27 0 d-----w- c:\programdata\IM 2010-05-21 03:18:27 0 d-----w- c:\program files\IncrediMail 2010-05-20 00:02:41 468 --sha-r- c:\users\fabiana\ntuser.pol 2010-05-16 01:54:39 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys 2010-05-16 01:54:38 0 d-----w- c:\program files\CPUID 2010-05-10 20:33:31 0 d-----w- c:\program files\Photo Story 3 for Windows 2010-05-08 23:48:13 65536 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TM.blf 2010-05-08 23:48:13 524288 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000002.regtrans-ms 2010-05-08 23:48:13 524288 --sha-w- c:\users\fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000001.regtrans-ms 2010-05-07 23:34:20 0 d-----w- C:\MICHAEL_JACKSON 2010-05-07 23:27:56 0 d-----w- c:\programdata\DVD Shrink 2010-05-07 23:27:55 0 d-----w- c:\program files\DVD Shrink 2010-05-04 22:35:24 56 ---ha-w- c:\programdata\ezsidmv.dat 2010-05-04 22:11:50 0 d-----r- c:\program files\Skype 2010-05-04 22:11:48 0 d-----w- c:\programdata\Skype 2010-05-03 00:38:10 0 d-----w- c:\users\fabiana\appdata\roaming\GrabPro 2010-05-03 00:38:10 0 d-----w- C:\downloads 2010-04-30 22:40:42 0 d-----w- c:\program files\D-Link 2010-04-30 11:24:21 257024 ----a-w- c:\windows\system32\msv1_0.dll 2010-04-30 11:22:12 0 d-----w- c:\program files\MSXML 4.0 2010-04-30 11:11:54 34816 ----a-w- c:\windows\system32\msasn1.dll 2010-04-30 11:07:16 2048 ----a-w- c:\windows\system32\tzres.dll 2010-04-30 11:07:11 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2010-04-30 11:07:11 1037312 ----a-w- c:\windows\system32\lsasrv.dll 2010-04-30 11:06:31 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2010-04-30 11:06:31 507568 ----a-w- c:\windows\system32\winload.exe 2010-04-30 11:06:31 1320960 ----a-w- c:\windows\system32\CertEnroll.dll 2010-04-30 11:06:30 442920 ----a-w- c:\windows\system32\winresume.exe 2010-04-30 11:06:30 12625408 ----a-w- c:\windows\system32\wmploc.DLL 2010-04-30 11:05:16 641536 ----a-w- c:\windows\system32\CPFilters.dll 2010-04-30 11:05:16 465408 ----a-w- c:\windows\system32\psisdecd.dll 2010-04-30 11:05:16 417792 ----a-w- c:\windows\system32\msdri.dll 2010-04-30 11:05:16 204288 ----a-w- c:\windows\system32\MSNP.ax 2010-04-30 11:04:39 427520 ----a-w- c:\windows\system32\vbscript.dll 2010-04-30 11:04:38 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-04-30 11:04:38 85504 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-04-30 11:04:38 369152 ----a-w- c:\windows\system32\secproc.dll 2010-04-30 11:04:38 365568 ----a-w- c:\windows\system32\secproc_isv.dll 2010-04-30 11:04:38 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-04-30 11:04:38 320512 ----a-w- c:\windows\system32\RMActivate.exe 2010-04-30 11:04:38 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-04-30 11:04:38 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-04-30 10:53:44 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-04-30 10:53:44 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-04-30 10:53:44 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-04-30 10:47:37 172032 ----a-w- c:\windows\system32\wintrust.dll 2010-04-30 10:47:22 132608 ----a-w- c:\windows\system32\cabview.dll 2010-04-29 13:32:42 0 d-----w- c:\users\fabiana\appdata\roaming\TeamViewer 2010-04-29 13:32:39 0 d-----w- c:\program files\TeamViewer 2010-04-29 13:32:15 0 d-----w- c:\users\fabiana\temp 2010-04-29 04:35:30 8192 ----a-w- C:\bootsect.lxe.bak 2010-04-29 04:35:29 383592 --sh--r- C:\gdrop 2010-04-29 04:35:29 171136 --sh--r- C:\xeldr 2010-04-28 14:13:47 0 d-----w- c:\program files\Lavalys 2010-04-27 20:47:52 9728 ----a-w- c:\windows\system32\epmntdrv.sys 2010-04-27 20:47:52 86408 ----a-w- c:\windows\system32\setupempdrv03.exe 2010-04-27 20:47:52 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys 2010-04-27 20:47:52 1663488 ----a-w- c:\windows\system32\BootMan.exe 2010-04-27 20:47:52 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll 2010-04-27 20:47:47 0 d-----w- c:\program files\EASEUS ==================== Find3M ==================== 2010-05-27 00:51:36 654272 ----a-w- c:\windows\system32\prfh0416.dat 2010-05-27 00:51:36 124724 ----a-w- c:\windows\system32\prfc0416.dat 2010-05-12 14:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-22 12:01:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-07-14 08:30:56 38536 ----a-w- c:\windows\inf\perflib\0416\perfd.dat 2009-07-14 08:30:56 38536 ----a-w- c:\windows\inf\perflib\0416\perfc.dat 2009-07-14 08:30:56 323154 ----a-w- c:\windows\inf\perflib\0416\perfi.dat 2009-07-14 08:30:56 323154 ----a-w- c:\windows\inf\perflib\0416\perfh.dat 2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 23:02:51,54 =============== ---------x----------------------- UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume6 Install Date: 18/04/2010 23:31:44 System Uptime: 26/05/2010 21:47:05 (2 hours ago) Motherboard: Intel Corporation | | DG31PR Processor: Intel® Celeron® CPU E3200 @ 2.40GHz | J3E1 | 2400/800mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 52 GiB total, 27,117 GiB free. D: is FIXED (NTFS) - 34 GiB total, 19,792 GiB free. E: is FIXED (NTFS) - 25 GiB total, 5,476 GiB free. F: is FIXED (NTFS) - 1 GiB total, 0,547 GiB free. G: is CDROM () J: is FIXED (NTFS) - 15 GiB total, 14,758 GiB free. ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP27: 23/05/2010 02:18:22 - Windows Update RP29: 24/05/2010 19:19:02 - Sample Restore Point ==== Installed Programs ====================== 32 Bit HP CIO Components Installer Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.3.2 - Português Arquivo do WinRAR Assistente de Conexão do Windows Live aTube Catcher aTube Catcher 1.0 Avira AntiVir Personal - Free Antivirus Blingee Toolbar CCleaner CPUID CPU-Z 1.54 D-Link DFE520TX D-Link PCI Fast Ethernet Adapter DJ_SF_06_D1600_SW_Min DVD Shrink 3.2 EASEUS Partition Master 4.0 Home Edition EasyBCD 1.7.2 EVEREST Ultimate Edition v5.30 Ferramenta de Carregamento do Windows Live Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper HijackThis 2.0.2 HiYo HiYo HP Deskjet D1600 Printer Driver 14.0 Rel. 6 IncrediMail IncrediMail 2.0 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office Professional Edição 2003 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft XML Parser MjTunes.com Toolbar Mozilla Firefox (3.5.9) MP3 Player Utilities 4.05 MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 8 neroxml Photo Story 3 for Windows PhotoMail Maker RealPlayer RealUpgrade 1.0 RocketDock 1.3.5 Skype Toolbars Skype™ 4.2 TeamViewer 4 TeamViewer 5 Toolbox VCRedistSetup Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger ==== End Of File =========================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2010 Boa Noite! Edvan <@> Baixe: < Malwarebytes' Anti-Malware > <@> Link - 2: < > <@> Ps: Salve ou imprima estas instruções: - Dê um duplo-clique no mbam-setup.exe;escolha a linguagem e,na instalação,aceite todas as opções padrão.- Verifique se as caixas: "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware" estão marcadas. - Clique,à seguir,em Concluir. - Ps: Se houver atualizações a serem feitas,serão baixadas e instaladas. - Ao final da atualização,com o programa aberto, marque: Verificação Rápida - Clique no botão Verificar. - Começará então o exame. -> Aguarde,pois pode demorar! - Concluindo,clique em OK e depois no botão "Mostrar Resultados",para dispormos do relatório. - Ps: Se houver ítens encontrados,marque-os e clique no botão "Remover". - Ps: Ao final da desinfecção,abrir-se-á o Bloco de notas contendo o relatório. - Ps: O log será armazenado,automáticamente,pela ferramenta. - Ps: Obtenha-o clicando na aba "Logs" na janela principal do Programa. <@> Ps: Caso o MBAM encontre arquivos que não consiga remover,poderá ter de reiniciar o PC. Talvez mais de uma vez! <@> Ps: Faça isso imediatamente,ao ser perguntado se quer reiniciar. <@> Selecione, copie e cole o conteúdo do log do MBAM,na sua próxima resposta. 000000000000000000000000 oooooooooooooooooooooooo <@> Baixe: < ToolBar S&D > <@> Salve-o no Disco Local-C,em uma pasta própria. <@> Reinicie o computador,em Modo de Segurança. <-- Importante! <@> Execute o programa,e à seguir,aperte o "p" --> Enter --> Ok. <@> Digite o dois! ( 2 ) --> Aperte Enter --> Aguarde! <@> Terminando,poste o relatório. ( C:\ToolBar SD\TB_1.txt ) <-- <@> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Maio 30, 2010 Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Versão da Base de Dados: 4155 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 30/05/2010 03:37:35 mbam-log-2010-05-30 (03-37-35).txt Tipo de Verificação: Verificação Rápida Objetos escaneados: 120474 Tempo decorrido: 4 minuto(s), 0 segundo(s) Processos de Memória Infectados: 0 Módulos de Memória Infectados: 0 Chaves de Registro Infectadas: 0 Valores de Registro Infectados: 0 Itens de Dados no Registro Infectados: 0 Pastas Infectadas: 0 Arquivos Infectados: 0 Processos de Memória Infectados: (Não foram detectados ítens maliciosos) Módulos de Memória Infectados: (Não foram detectados ítens maliciosos) Chaves de Registro Infectadas: (Não foram detectados ítens maliciosos) Valores de Registro Infectados: (Não foram detectados ítens maliciosos) Itens de Dados no Registro Infectados: (Não foram detectados ítens maliciosos) Pastas Infectadas: (Não foram detectados ítens maliciosos) Arquivos Infectados: (Não foram detectados ítens maliciosos) OBS: Sobre o ToolBar S&D >, não postei porque nao achei o "TB_1.txt".. É algum desses na imagem abaixo? < Img > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 30, 2010 Opa! Edvan <!> Esqueci de lhe perguntar,qual o motivo de sua suspeita,para caracterizar alguma infecção no PC? <!> Quanto ao relatório do Toolbar S&D,parece que não foi gerado,já que as datas dos arquivos textos são antigas. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Maio 31, 2010 Então DigRam, como citei no título do tópico é um log só para analise, visto que essa maquina é usada por mais pessoas, então fiquei com suspeita de algum tipo de virus, visto que não estou vigiango ela a topo tempo.. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Maio 31, 2010 Então DigRam, como citei no título do tópico é um log só para analise, visto que essa maquina é usada por mais pessoas, então fiquei com suspeita de algum tipo de virus, visto que não estou vigiango ela a topo tempo.. ///////////// Bom Dia! Edvan \\\\\\\\\\\\\\ <@> Baixe: < OTL > ( ...by OldTimer Tools ) <@> Salve-o no desktop! <@> Clique duplo em: < > <@> Ps: Sigamos,agora,com sua configuração! <!> 1 - Em "Saída",deixe marcado o botão "Resumida". <!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit! <!> 3 - Processos: Usar SafeList <-- Marque! <!> 4 - Módulos: Usar SafeList <-- Marque! <!> 5 - Serviços: Usar SafeList <-- Marque! <!> 6 - Drivers: Usar SafeList <-- Marque! <!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque! <!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque! <!> 9 - Verificação de Arquivos: <!> Data de Criação >> Escolha: 14 dias <!> Marque: Usar WhiteList para Nomes de Companhias <!> Marque: Ignorar Arquivos Microsoft <!> 10 - Arquivos Criados Desde: <!> Marque: Data de Criação <!> 11 - Arquivos Modificados Desde: <!> Marque: Data de Criação <!> Marque as caixas: [] Verificar Lop [] Verificar Purity <@> Ps: Sugiro que imprima estas orientações,para posterior leitura. <@> Clique em: Verificar --> Aguarde! <@> Concluindo,poste: OTL.txt <-- Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Maio 31, 2010 OTL logfile created on: 31/05/2010 20:32:43 - Run 1 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\Fabiana\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 51,59 Gb Total Space | 26,37 Gb Free Space | 51,11% Space Free | Partition Type: NTFS Drive D: | 34,33 Gb Total Space | 19,45 Gb Free Space | 56,66% Space Free | Partition Type: NTFS Drive E: | 24,67 Gb Total Space | 5,48 Gb Free Space | 22,19% Space Free | Partition Type: NTFS Drive F: | 619,69 Mb Total Space | 559,98 Mb Free Space | 90,36% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive J: | 14,85 Gb Total Space | 14,76 Gb Free Space | 99,41% Space Free | Partition Type: NTFS Computer Name: FABIANA-PC Current User Name: Fabiana Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Fabiana\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Arquivos de Programas\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Arquivos de Programas\HiYo\Bin\HiYo.exe (IncrediMail, Ltd.) PRC - C:\Arquivos de Programas\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Arquivos de Programas\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Arquivos de Programas\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Arquivos de Programas\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Arquivos de Programas\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Arquivos de Programas\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Arquivos de Programas\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Arquivos de Programas\RocketDock\RocketDock.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Fabiana\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (TeamViewer4) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) Instalador do ActiveX (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows ® Win 7 DDK provider) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (FETNDIS) -- C:\Windows\System32\drivers\fetnd6.sys (VIA Technologies, Inc. ) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (FETNDISB) -- C:\Windows\System32\drivers\dlkfet5b.sys (D-Link ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6 IE - HKLM\..\URLSearchHook: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/ IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 56 96 AD A5 DF CA 01 [binary data] IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\URLSearchHook: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Arquivos de Programas\Blingee Plus\tbhelper.dll (Blingee.com) IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com.br" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.74 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/23 12:50:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/23 12:50:58 | 000,000,000 | ---D | M] [2010/04/21 00:23:26 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\mozilla\Extensions [2010/05/31 20:11:13 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\mozilla\Firefox\Profiles\edcysqaz.default\extensions [2010/05/03 20:31:28 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Fabiana\AppData\Roaming\mozilla\Firefox\Profiles\edcysqaz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/05/17 20:02:05 | 000,004,050 | ---- | M] () -- C:\Users\Fabiana\AppData\Roaming\Mozilla\FireFox\Profiles\edcysqaz.default\searchplugins\imasters.xml [2010/05/21 00:10:59 | 000,002,149 | ---- | M] () -- C:\Users\Fabiana\AppData\Roaming\Mozilla\FireFox\Profiles\edcysqaz.default\searchplugins\MyStart Search.xml [2010/05/04 19:12:56 | 000,000,000 | ---D | M] -- C:\Arquivos de Programas\Mozilla Firefox\extensions [2010/05/04 19:12:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Arquivos de Programas\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/04/27 02:46:37 | 000,001,027 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\buscape.xml [2010/04/27 02:46:37 | 000,001,212 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\mercadolivre.xml [2010/04/27 02:46:37 | 000,001,168 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\wikipedia-br.xml [2010/04/27 02:46:37 | 000,000,648 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\searchplugins\yahoo-br.xml O1 HOSTS File: ([2009/06/10 18:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Auxiliar de Conexão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (MjTunes.com Toolbar) - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de Programas\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (BlingeeTb Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Arquivos de Programas\Blingee Plus\blingeetb.dll (Blingee.com) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (MjTunes.com Toolbar) - {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Blingee Toolbar) - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Arquivos de Programas\Blingee Plus\blingeetb.dll (Blingee.com) O3 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Arquivos de Programas\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\Toolbar\WebBrowser: (MjTunes.com Toolbar) - {A3F96249-7650-49A8-B54E-9CBF46FBBDF7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\Toolbar\WebBrowser: (Blingee Toolbar) - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Arquivos de Programas\Blingee Plus\blingeetb.dll (Blingee.com) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe (IncrediMail, Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 2 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.0.32.67 187.0.32.66 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de Programas\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Arquivos de Programas\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de Programas\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010/04/18 23:08:59 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\Shell - "" = AutoRun O33 - MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010/05/31 20:27:14 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\Fabiana\Desktop\OTL.exe [2010/05/30 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Documents\Meus arquivos recebidos [2010/05/30 15:47:42 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Desktop\FOTOS NOVAS [2010/05/30 03:31:15 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Malwarebytes [2010/05/30 03:31:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/05/30 03:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/05/30 03:31:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/05/30 03:31:07 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware [2010/05/29 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Documents\FILME DE NARUTO [2010/05/29 10:25:01 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Documents\Nero [2010/05/29 08:01:57 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\PhotoScape [2010/05/29 08:01:44 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\PhotoScape [2010/05/28 18:13:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/05/27 13:52:15 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\VoipRaider [2010/05/24 20:07:09 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Hewlett-Packard [2010/05/24 19:15:39 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2010/05/24 19:12:15 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\HP [2010/05/24 19:11:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2010/05/23 12:50:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\xing shared [2010/05/23 12:50:27 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/05/23 12:50:25 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Real [2010/05/23 12:50:25 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Real [2010/05/23 12:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2010/05/23 12:50:23 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Real [2010/05/22 13:44:25 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MP3 Player Utilities 4.05 [2010/05/21 02:51:08 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\HiYo [2010/05/21 02:50:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\HiYo [2010/05/21 02:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HiYo [2010/05/21 00:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoMail [2010/05/21 00:19:01 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\PhotoMail Maker [2010/05/21 00:18:32 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\IM [2010/05/21 00:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail [2010/05/21 00:18:27 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\IncrediMail [2010/05/21 00:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IM [2010/05/19 21:24:41 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Desktop\Edital+Resultado dos aprovados [2010/05/15 22:54:39 | 000,020,968 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz133_x32.sys [2010/05/15 22:54:38 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\CPUID [2010/05/10 17:33:31 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Photo Story 3 for Windows [2010/05/08 20:48:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/05/07 20:34:20 | 000,000,000 | ---D | C] -- C:\MICHAEL_JACKSON [2010/05/07 20:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink [2010/05/07 20:27:55 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\DVD Shrink [2010/05/04 19:35:23 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\skypePM [2010/05/04 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Skype [2010/05/04 19:11:51 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Skype [2010/05/04 19:11:50 | 000,000,000 | R--D | C] -- C:\Arquivos de Programas\Skype [2010/05/04 19:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010/05/02 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\GrabPro [2010/05/02 21:38:10 | 000,000,000 | ---D | C] -- C:\downloads [2010/05/02 21:38:08 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Orbit [2010/04/30 19:41:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\InstallShield Installation Information [2010/04/30 19:40:42 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\D-Link [2010/04/30 19:40:17 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\InstallShield [2010/04/30 08:22:12 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MSXML 4.0 [2010/04/29 10:32:42 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\TeamViewer [2010/04/29 10:32:39 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\TeamViewer [2010/04/29 10:32:15 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\temp [2010/04/28 11:13:47 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Lavalys [2010/04/27 22:49:00 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010/04/27 17:47:47 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\EASEUS [2010/04/22 09:40:14 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Nero [2010/04/22 09:35:08 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Ahead [2010/04/22 09:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero [2010/04/22 09:33:20 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Nero [2010/04/22 09:33:19 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Nero [2010/04/22 09:03:46 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\U3 [2010/04/21 14:36:29 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Diagnostics [2010/04/21 14:33:56 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\RocketDock [2010/04/21 00:23:23 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Mozilla [2010/04/21 00:23:18 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Mozilla Firefox [2010/04/21 00:22:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\CCleaner [2010/04/21 00:18:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/04/20 16:29:39 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Adobe [2010/04/20 10:02:39 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Mozilla [2010/04/20 10:01:04 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Apps [2010/04/20 10:01:03 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Deployment [2010/04/20 08:30:50 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Avira [2010/04/20 07:39:57 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Google [2010/04/20 07:39:57 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Google [2010/04/20 07:23:01 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Macromedia [2010/04/20 07:23:00 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Adobe [2010/04/20 07:22:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2010/04/20 07:22:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2010/04/20 07:22:25 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Google [2010/04/20 07:08:27 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\MjTunes.com [2010/04/20 07:08:27 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Conduit [2010/04/20 07:08:02 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Blingee Plus [2010/04/19 11:16:06 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\DsNET Corp [2010/04/19 10:39:39 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Desktop\fabiana [2010/04/19 07:30:23 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\Tracing [2010/04/19 07:24:37 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft [2010/04/19 07:24:12 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Live SkyDrive [2010/04/19 07:23:55 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Windows Live [2010/04/19 06:50:19 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Windows Live [2010/04/19 04:23:39 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010/04/19 04:23:37 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010/04/19 04:23:36 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010/04/19 04:23:36 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys [2010/04/19 04:23:36 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys [2010/04/19 04:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010/04/19 04:23:27 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Avira [2010/04/19 04:20:08 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\DESIGNER [2010/04/19 04:20:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/04/19 04:20:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft.NET [2010/04/19 04:20:03 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Microsoft Office [2010/04/19 04:18:18 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\WinRAR [2010/04/19 04:17:48 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\WinRAR [2010/04/19 04:17:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/04/19 04:17:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Adobe [2010/04/19 04:17:16 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\Adobe [2010/04/19 04:16:59 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2010/04/18 23:34:37 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\NeoSmart_Technologies [2010/04/18 23:33:59 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas\NeoSmart Technologies [2010/04/18 23:32:12 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Searches [2010/04/18 23:32:03 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Identities [2010/04/18 23:32:02 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Contacts [2010/04/18 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\VirtualStore [2010/04/18 23:31:54 | 000,000,000 | --SD | C] -- C:\Users\Fabiana\AppData\Roaming\Microsoft [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Videos [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Saved Games [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Pictures [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Music [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Links [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Favorites [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Downloads [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Documents [2010/04/18 23:31:54 | 000,000,000 | R--D | C] -- C:\Users\Fabiana\Desktop [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\AppData\Local\Temporary Internet Files [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\SendTo [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Recent [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Modelos [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Documents\Minhas músicas [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Documents\Minhas imagens [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Documents\Meus vídeos [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Meus documentos [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Menu Iniciar [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\AppData\Local\Histórico [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Dados de aplicativos [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\AppData\Local\Dados de aplicativos [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Cookies [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Configurações locais [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Ambiente de rede [2010/04/18 23:31:54 | 000,000,000 | -HSD | C] -- C:\Users\Fabiana\Ambiente de impressão [2010/04/18 23:31:54 | 000,000,000 | -H-D | C] -- C:\Users\Fabiana\AppData [2010/04/18 23:31:54 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Temp [2010/04/18 23:31:54 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Local\Microsoft [2010/04/18 23:31:54 | 000,000,000 | ---D | C] -- C:\Users\Fabiana\AppData\Roaming\Media Center Programs [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Common Files\Sistema [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Recovery [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Modelos [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas músicas [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Minhas imagens [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Meus vídeos [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Menu Iniciar [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoritos [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documentos [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dados de aplicativos [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas [2010/04/18 23:31:41 | 000,000,000 | -HSD | C] -- C:\Arquivos de Programas\Arquivos Comuns [2010/04/18 23:28:33 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2010/04/18 23:25:54 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2010/04/18 23:24:53 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2010/04/18 23:24:45 | 000,000,000 | -HSD | C] -- C:\Boot [2010/04/18 19:58:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 90 Days ========== [2010/05/31 20:33:43 | 003,670,016 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT [2010/05/31 20:27:31 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\Fabiana\Desktop\OTL.exe [2010/05/31 20:20:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/05/31 20:06:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4256535773-4020121892-3389739929-1000UA.job [2010/05/31 19:45:19 | 001,491,932 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/05/31 19:45:19 | 000,654,272 | ---- | M] () -- C:\Windows\System32\prfh0416.dat [2010/05/31 19:45:19 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/05/31 19:45:19 | 000,124,724 | ---- | M] () -- C:\Windows\System32\prfc0416.dat [2010/05/31 19:45:19 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/05/31 19:22:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/05/31 19:22:49 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/05/31 19:15:35 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/05/31 19:15:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/05/31 19:15:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/05/31 19:15:22 | 1601,052,672 | -HS- | M] () -- C:\hiberfil.sys [2010/05/31 19:07:32 | 001,515,512 | -H-- | M] () -- C:\Users\Fabiana\AppData\Local\IconCache.db [2010/05/31 10:06:00 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4256535773-4020121892-3389739929-1000Core.job [2010/05/30 03:18:58 | 000,343,020 | ---- | M] () -- C:\ToolBarSD.exe [2010/05/29 17:50:03 | 204,800,000 | ---- | M] () -- C:\Users\Fabiana\Desktop\VJ_MAGRAO_90S_MEGAMIX.part02.rar [2010/05/29 12:54:16 | 204,800,000 | ---- | M] () -- C:\Users\Fabiana\Desktop\VJ_MAGRAO_90S_MEGAMIX.part01.rar [2010/05/29 08:01:55 | 000,001,002 | ---- | M] () -- C:\Users\Fabiana\Desktop\PhotoScape.lnk [2010/05/27 16:58:07 | 000,002,523 | ---- | M] () -- C:\Users\Fabiana\Desktop\Skype.lnk [2010/05/26 23:01:56 | 000,525,824 | ---- | M] () -- C:\dds.scr [2010/05/24 20:08:49 | 000,141,676 | ---- | M] () -- C:\Windows\hphins33.dat [2010/05/24 19:58:57 | 000,141,231 | ---- | M] () -- C:\Windows\hphins33.dat.temp [2010/05/23 12:50:56 | 000,001,279 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010/05/23 12:50:27 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010/05/21 07:32:11 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010/05/19 21:02:41 | 000,000,468 | RHS- | M] () -- C:\Users\Fabiana\ntuser.pol [2010/05/18 20:05:46 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/05/15 22:54:39 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010/05/12 12:00:46 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/05/12 11:53:30 | 000,002,048 | -H-- | M] () -- C:\Users\Fabiana\Documents\Default.rdp [2010/05/09 02:46:58 | 000,524,288 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000002.regtrans-ms [2010/05/09 02:46:58 | 000,524,288 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000001.regtrans-ms [2010/05/09 02:46:58 | 000,065,536 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TM.blf [2010/05/07 20:27:55 | 000,000,966 | ---- | M] () -- C:\Users\Fabiana\Desktop\DVD Shrink 3.2.lnk [2010/05/05 00:28:29 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2010/05/04 19:35:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010/04/30 19:39:15 | 000,062,696 | ---- | M] () -- C:\Users\Fabiana\AppData\Local\GDIPFONTCACHEV1.DAT [2010/04/30 19:38:56 | 000,286,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010/04/29 01:35:30 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak [2010/04/29 01:35:29 | 000,383,592 | RHS- | M] () -- C:\gdrop [2010/04/29 01:35:29 | 000,171,136 | RHS- | M] () -- C:\xeldr [2010/04/22 09:34:57 | 000,002,732 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010/04/22 09:34:07 | 000,001,024 | ---- | M] () -- C:\Users\Fabiana\.rnd [2010/04/22 09:01:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/21 00:22:08 | 000,001,844 | ---- | M] () -- C:\Users\Fabiana\Desktop\CCleaner.lnk [2010/04/19 04:20:50 | 000,002,705 | ---- | M] () -- C:\Users\Fabiana\Desktop\Microsoft Office Word 2003.lnk [2010/04/19 04:20:39 | 000,000,418 | ---- | M] () -- C:\Windows\ODBC.INI [2010/04/18 23:34:43 | 000,524,288 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/04/18 23:34:43 | 000,524,288 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/04/18 23:34:43 | 000,065,536 | -HS- | M] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/04/18 23:33:59 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\EasyBCD 1.7.2.lnk [2010/04/18 23:31:54 | 000,000,020 | -HS- | M] () -- C:\Users\Fabiana\ntuser.ini [2010/04/18 23:28:36 | 000,051,953 | ---- | M] () -- C:\Windows\System32\license.rtf [2010/04/18 23:24:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010/04/18 23:24:45 | 000,000,354 | RHS- | M] () -- C:\boot.ini [2010/04/18 19:57:51 | 000,000,210 | -H-- | M] () -- C:\Boot.BAK [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz133_x32.sys ========== Files Created - No Company Name ========== [2010/05/30 03:18:42 | 000,343,020 | ---- | C] () -- C:\ToolBarSD.exe [2010/05/29 17:49:59 | 204,800,000 | ---- | C] () -- C:\Users\Fabiana\Desktop\VJ_MAGRAO_90S_MEGAMIX.part02.rar [2010/05/29 12:54:14 | 204,800,000 | ---- | C] () -- C:\Users\Fabiana\Desktop\VJ_MAGRAO_90S_MEGAMIX.part01.rar [2010/05/29 08:01:55 | 000,001,002 | ---- | C] () -- C:\Users\Fabiana\Desktop\PhotoScape.lnk [2010/05/27 16:58:07 | 000,002,523 | ---- | C] () -- C:\Users\Fabiana\Desktop\Skype.lnk [2010/05/26 23:01:42 | 000,525,824 | ---- | C] () -- C:\dds.scr [2010/05/24 20:06:21 | 000,141,676 | ---- | C] () -- C:\Windows\hphins33.dat [2010/05/24 20:06:21 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2010/05/24 19:56:01 | 000,141,231 | ---- | C] () -- C:\Windows\hphins33.dat.temp [2010/05/24 19:56:01 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat.temp [2010/05/24 19:11:20 | 000,005,924 | ---- | C] () -- C:\ProgramData\hpzinstall.log [2010/05/23 12:50:56 | 000,001,279 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk [2010/05/21 07:32:11 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2010/05/19 21:02:41 | 000,000,468 | RHS- | C] () -- C:\Users\Fabiana\ntuser.pol [2010/05/15 22:54:39 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2010/05/12 12:00:46 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk [2010/05/08 20:48:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000002.regtrans-ms [2010/05/08 20:48:13 | 000,524,288 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TMContainer00000000000000000001.regtrans-ms [2010/05/08 20:48:13 | 000,065,536 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{1fb2f39b-5afc-11df-929f-001cc0ffd6ab}.TM.blf [2010/05/07 20:27:55 | 000,000,966 | ---- | C] () -- C:\Users\Fabiana\Desktop\DVD Shrink 3.2.lnk [2010/05/05 00:28:29 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2010/05/04 19:35:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/04/29 10:27:11 | 000,002,048 | -H-- | C] () -- C:\Users\Fabiana\Documents\Default.rdp [2010/04/29 01:35:30 | 000,008,192 | ---- | C] () -- C:\bootsect.lxe.bak [2010/04/29 01:35:29 | 000,383,592 | RHS- | C] () -- C:\gdrop [2010/04/29 01:35:29 | 000,171,136 | RHS- | C] () -- C:\xeldr [2010/04/27 17:47:52 | 001,663,488 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2010/04/27 17:47:52 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2010/04/27 17:47:52 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2010/04/27 17:47:52 | 000,009,728 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2010/04/27 17:47:52 | 000,003,072 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2010/04/22 09:34:57 | 000,002,732 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk [2010/04/22 09:34:05 | 000,001,024 | ---- | C] () -- C:\Users\Fabiana\.rnd [2010/04/22 09:01:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2010/04/21 00:22:08 | 000,001,844 | ---- | C] () -- C:\Users\Fabiana\Desktop\CCleaner.lnk [2010/04/20 11:08:51 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/04/20 11:08:51 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/04/20 10:01:34 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4256535773-4020121892-3389739929-1000UA.job [2010/04/20 10:01:33 | 000,001,010 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4256535773-4020121892-3389739929-1000Core.job [2010/04/19 04:20:50 | 000,002,705 | ---- | C] () -- C:\Users\Fabiana\Desktop\Microsoft Office Word 2003.lnk [2010/04/19 04:20:38 | 000,000,418 | ---- | C] () -- C:\Windows\ODBC.INI [2010/04/19 04:17:23 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/04/18 23:33:59 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\EasyBCD 1.7.2.lnk [2010/04/18 23:31:54 | 003,670,016 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT [2010/04/18 23:31:54 | 000,524,288 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/04/18 23:31:54 | 000,524,288 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/04/18 23:31:54 | 000,262,144 | -HS- | C] () -- C:\Users\Fabiana\ntuser.dat.LOG1 [2010/04/18 23:31:54 | 000,065,536 | -HS- | C] () -- C:\Users\Fabiana\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/04/18 23:31:54 | 000,000,020 | -HS- | C] () -- C:\Users\Fabiana\ntuser.ini [2010/04/18 23:31:54 | 000,000,000 | -HS- | C] () -- C:\Users\Fabiana\ntuser.dat.LOG2 [2010/04/18 23:25:35 | 1601,052,672 | -HS- | C] () -- C:\hiberfil.sys [2010/04/18 23:24:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2010/04/18 23:24:45 | 000,383,562 | RHS- | C] () -- C:\bootmgr [2010/04/18 23:24:45 | 000,000,210 | -H-- | C] () -- C:\Boot.BAK [2010/04/18 19:57:51 | 000,000,354 | RHS- | C] () -- C:\boot.ini [2009/07/13 20:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 20:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/07 08:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll [2006/10/27 16:26:56 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll [2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\AMV_DecDLL.dll [2005/07/29 11:38:48 | 000,012,672 | ---- | C] () -- C:\Windows\System32\WINNDI.DLL [2005/06/17 11:41:50 | 000,049,312 | ---- | C] () -- C:\Windows\System32\vuins16.dll [2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\System32\drivers\ADFUUD.SYS [2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\Windows\ADFUUD.SYS ========== LOP Check ========== [2010/05/02 21:38:10 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\GrabPro [2010/05/21 02:51:08 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\HiYo [2010/05/06 20:43:36 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\Orbit [2010/05/31 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\PhotoScape [2010/05/23 11:08:54 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\TeamViewer [2010/05/27 13:52:15 | 000,000,000 | ---D | M] -- C:\Users\Fabiana\AppData\Roaming\VoipRaider [2010/05/14 19:20:17 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 1, 2010 Bom Dia! Edvan <!> Desinstale: C:\Arquivos de Programas\MjTunes.com 00000000000000000000000 ooooooooooooooooooooooo <@> Execute o OTL.exe. <@> Copie estas informações que estão na Quote,para o campo abaixo de: Exames Personalizados/Correções :filesC:\Arquivos de Programas\MjTunes.com\tbMjTu.dll C:\Arquivos de Programas\MjTunes.com :otl IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcanvas.com/?ot=6 IE - HKLM\..\URLSearchHook: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) IE - HKU\S-1-5-21-4256535773-4020121892-3389739929-1000\..\URLSearchHook: {a3f96249-7650-49a8-b54e-9cbf46fbbdf7} - C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O33 - MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\Shell - "" = AutoRun O33 - MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes] "Gopher"="gopher://" :commands [purity] [emptyflash] [emptytemp] [Reboot] <@> Clique no botão Consertar --> Aguarde a conclusão! --> Executar! <@> Poste o relatório,que também estará na pasta: C:\_OTL\MovedFiles\*.log <-- <!> Poste,também,HijackThis atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Junho 2, 2010 All processes killed ========== FILES ========== File\Folder C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll not found. File\Folder C:\Arquivos de Programas\MjTunes.com not found. ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3f96249-7650-49a8-b54e-9cbf46fbbdf7}\ not found. File C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll not found. Registry value HKEY_USERS\S-1-5-21-4256535773-4020121892-3389739929-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a3f96249-7650-49a8-b54e-9cbf46fbbdf7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3f96249-7650-49a8-b54e-9cbf46fbbdf7}\ not found. File C:\Arquivos de Programas\MjTunes.com\tbMjTu.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88aebf1c-4e06-11df-96fb-001cc0ffd6ab}\ not found. File H:\LaunchU3.exe not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\"Gopher"|"gopher://" /E : value set successfully! ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Fabiana ->Flash cache emptied: 3726 bytes User: linux User: Public User: Todos os Usuários User: Usuário Padrão Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Fabiana ->Temp folder emptied: 7699708 bytes ->Temporary Internet Files folder emptied: 67466760 bytes ->FireFox cache emptied: 42507552 bytes ->Flash cache emptied: 0 bytes User: linux User: Public User: Todos os Usuários User: Usuário Padrão ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 13732 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 112,00 mb OTL by OldTimer - Version 3.2.5.3 log created on 06022010_002021 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:26:39, on 02/06/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\HiYo\Bin\HiYo.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\msdt.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\conhost.exe C:\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Blingee Plus\tbhelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: BlingeeTb - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Blingee Plus\blingeetb.dll O3 - Toolbar: Blingee Toolbar - {D1121FE0-0145-44C9-AA35-72071AC20A9B} - C:\Program Files\Blingee Plus\blingeetb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Hiyo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 6425 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 2, 2010 ////////// Bom Dia! Edvan \\\\\\\\\\\ <!> Desinstale,também: C:\Program Files\Blingee Plus <-- 00000000000000000000 <!> Ps: Seu programa de edição de fotos,Blingee Plus,fragiliza seu navegador com um Adware. ( Adware.EcoBar ) Fichier(s) infecté(s):C:\Program Files\Blingee Plus\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully. <!> Portanto,busque outro software para edição de fotos,que não seja adware. ( Spyware ) 00000000000000000000 oooooooooooooooooooo <@> Baixe: < UsbFix.exe > ( ...par Chiquitine29 et Chimay8 ) <@> Salve-a em Arquivos de programas! <@> Desabilite seu antivírus! <@> Instale e execute a ferramenta,com um duplo-clique em: < > <@> Nas opções da língua,escolha "PT-BR" --> Enter. <@> Escolha a opção 2: 2. Suppression des fichiers infectieux --> Aperte Enter. <@> Surgirá uma mensagem,pedindo que seja conectada sua(s) mídia(s) removíveis,ao computador. ( pendrive,mp3,mp4,iPods,etc... ) <@> Aceite a solicitação,e dê o Ok. --> À seguir clique,novamente,em Ok. <@> O computador irá reiniciar. <-- Aguarde! <@> Terminando,clique em "Continue" e aguarde a finalização da ferramenta. <@> Ps: Não desconecte,ainda,sua(s) mídia(s) removíveis! <-- Importante! <@> Surgirá a mensagem: "Nettoyage effectue" --> Aperte Enter. <@> Poste o relatório,que estará em: C:\UsbFix.txt + HijackThis,atualizado. Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Junho 3, 2010 ############################## | UsbFix 7.003 | Usuário: Fabiana (Administrador) # FABIANA-PC [ ] Atualizado em 01/06/10 por El Desaparecido & C_XX Começou em 11:31:26 | 03/06/2010 Site: http://pagesperso-orange.fr/NosTools/index.html Contato: FindyKill.Contact@gmail.com CPU: Intel® Celeron® CPU E3200 @ 2.40GHz CPU 2: Intel® Celeron® CPU E3200 @ 2.40GHz Microsoft Windows 7 Ultimate (6.1.7600 32-Bit) # Internet Explorer 8.0.7600.16385 Windows Firewall: Habilitado Antivirus: AntiVir Desktop 10.0.1.43 [(!) Disabled | (!) Outdated] RAM -> 2036 Mb C:\ (%systemdrive%) -> Disco fixo # 52 Gb (27 Mb livre - 53%) [Windows 7] # NTFS D:\ -> Disco fixo # 34 Gb (18 Mb livre - 52%) [Windows XP] # NTFS E:\ -> Disco fixo # 25 Gb (5 Mb livre - 22%) [MEUS DADOS] # NTFS F:\ -> Disco fixo # 620 Mb (560 Mb livre - 90%) [Rodar o Crack do Seven] # NTFS G:\ -> CD-ROM H:\ -> Disco removível # 2 Gb (711 Mb livre - 37%) [EDVAN] # FAT J:\ -> Disco fixo # 15 Gb (15 Mb livre - 99%) [Linux] # NTFS ################## | Ficheiros # pastas infeciosos | Presente ! C:\HiJackThis.exe Presente ! C:\$Recycle.Bin\S-1-5-21-4256535773-4020121892-3389739929-1000 Presente ! C:\Recycler\S-1-5-21-839522115-688789844-1801674531-1003 Presente ! D:\$Recycle.Bin\S-1-5-21-4256535773-4020121892-3389739929-1000 Presente ! D:\Recycler\S-1-5-21-839522115-688789844-1801674531-1003 Presente ! E:\$Recycle.Bin\S-1-5-21-184809322-3122433261-3592515712-1000 Presente ! E:\$Recycle.Bin\S-1-5-21-2688178157-739752493-4169046898-1000 Presente ! E:\$Recycle.Bin\S-1-5-21-4256535773-4020121892-3389739929-1000 Presente ! E:\$Recycle.Bin\S-1-5-21-804672379-1083982199-2667281069-1000 Presente ! E:\Recycler\S-1-5-21-2000478354-1343024091-1801674531-1003 Presente ! E:\Recycler\S-1-5-21-839522115-688789844-1801674531-1003 Presente ! E:\Recycler\S-1-5-21-854245398-162531612-1417001333-1003 Presente ! E:\Recycler\S-1-5-21-854245398-162531612-1417001333-1004 Presente ! F:\$Recycle.Bin\S-1-5-21-184809322-3122433261-3592515712-1000 Presente ! F:\$Recycle.Bin\S-1-5-21-2688178157-739752493-4169046898-1000 Presente ! F:\$Recycle.Bin\S-1-5-21-3010758384-1867514167-2213999630-1000 Presente ! F:\$Recycle.Bin\S-1-5-21-4256535773-4020121892-3389739929-1000 Presente ! F:\$Recycle.Bin\S-1-5-21-804672379-1083982199-2667281069-1000 Presente ! F:\Recycler\S-1-5-21-2000478354-1343024091-1801674531-1003 Presente ! F:\Recycler\S-1-5-21-839522115-688789844-1801674531-1003 Presente ! F:\Recycler\S-1-5-21-854245398-162531612-1417001333-1003 Presente ! F:\Recycler\S-1-5-21-854245398-162531612-1417001333-1004 Presente ! J:\$Recycle.Bin\S-1-5-21-4256535773-4020121892-3389739929-1000 Presente ! J:\Recycler\S-1-5-21-839522115-688789844-1801674531-1003 ################## | Registro | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) D:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) E:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) F:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) H:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) J:\Autorun.inf -> Folder criado por UsbFix (El Desaparecido & C_XX) ################## | E.O.F | Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:32, on 03/06/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\System32\msdt.exe C:\Windows\System32\sdiagnhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskeng.exe C:\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldpt-br.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- End of file - 5510 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 3, 2010 Boa Tarde! Edvan <@> Abra o OTL.exe --> Clique em ou Limpeza --> Aguarde! <@> Na solicitação,clique OK --> Reinicie o computador! 0000000000000000000000 oooooooooooooooooooooo <!> Seus logs estão limpos! ;) <!> Tudo Ok? Abraços! Compartilhar este post Link para o post Compartilhar em outros sites
Edvan 30 Denunciar post Postado Junho 4, 2010 <!> Seus logs estão limpos! ;)<!> Tudo Ok? Obrigado amigo, tudo está ok! ^_^ Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Junho 4, 2010 PROBLEMA RESOLVIDO! Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites
